myGovID Terms of use - User

Version - November 2019

Refer to the myGovID Privacy Notice which explains how we manage the personal information we collect.

These terms and conditions relate to the use of the myGovID system. The Australian Taxation Office (ATO) provides the myGovID system as a secure digital environment for individuals to establish and verify their identity for authenticated access to participating agencies online services.

These Terms of use form the:

  • Subscriber Agreement for the myGovID Public Key Infrastructure (PKI)
  • myGovID Certification Practice Statement (CPS)
  • myGovID Certificate Policy User (CP). 

The myGovID CPS and CP should be read in conjunction with these Terms of use.

Refer to the Glossary of terms.

As a result of updates to the myGovID system these Terms of use may change over time. Where these terms are updated you will be required to accept the new terms as part of the app update. The current myGovID Terms of use at any point in time are located at myGovID Terms of use - User.

Organisations, participating agencies and Machine Credential Administrators (MCA) that use machine certificates to directly interact with government online services through their business software should read and understand the myGovID Terms of use – Machine.

myGovID software

The ATO makes the myGovID app and software (Software) available to you to use, in unaltered form, solely in connection with the myGovID system.

You may not:

  •  decompile, reverse engineer, disassemble or attempt to derive the source code for the Software
  •  create derivative works based the Software or modify it in any way
  •  distribute copies of the Software or versions of it.
     

You should ensure that the Software does not interfere with your systems or devices. You must ensure your use of the Software complies with all applicable conditions of use, including third party software licensing conditions of use, relevant laws, including local laws in any relevant foreign country if you use the Software outside Australia. Those laws may impact your eligibility to obtain or use a copy of the Software.

myGovID Software uses third party software under license, including Idemia Morpho SmartBio and WebBio server components under licence from Idemia Australasia Pty Ltd. Annexure A – Third Party Licenses and Software contains a full listing of myGovID third party licenses and software.

You can email us for information about our Software at DigitalIdentity [at] ato.gov.au

myGovID service

You can access and use your myGovID account through the myGovID service. While the ATO will use reasonable efforts to rectify any issues with the myGovID service that it is aware of:

  •  the ATO makes no guarantees that the myGovID service, and your access to it (and your myGovID account), will be continuously available, uninterrupted, and fault or error free
  •  your access to the myGovID service (and your myGovID account) is also contingent on telecommunication services and other factors beyond the ATO’s control
  •  the ATO may suspend or terminate access to the myGovID service through some or all products or to some or all users at any time.

You should take appropriate and adequate precautions to ensure that the information obtained from the myGovID service is free of viruses or other contamination that may interfere with or damage your systems, devices or data.

myGovID credential

Your myGovID credential is a digital Certificate associated with your myGovID account, and is returned via the myGovID service to the application storage on the device you use for your myGovID account.

You are responsible for all transactions and communications carried out under or using your myGovID credential, and for the security and use of your myGovID account, your myGovID credential and the device on which it is stored.

You must:

  •  not use your myGovID credential for any unlawful or improper purpose other than to establish, verify or authenticate your identity when accessing online services of participating agencies
  •  not disclose the passwords for your myGovID account or myGovID credential to any other person
  •  not store your myGovID credential in a Certificate Store to which any other person has access, or otherwise allow, grant, permit or enable any other person to use your myGovID credential
  •  close your myGovID browser sessions and lock or secure your computer or device when not in use or unattended
  •  not undertake any screen capture, sharing or like activities that might compromise the security of your myGovID account or myGovID credential
  •  notify the ATO myGovID Help Desk on 1300 287 539 option 2 as soon as you suspect or become aware that the security of your myGovID account or myGovID credential has been compromised.

You acknowledge that the ATO may suspend, cancel or revoke your myGovID credential in circumstances where it is permitted or required as described in the CPS.

myGovID system

The myGovID system includes each of the myGovID service, the myGovID credential and the myGovID software.  To the extent permitted by law, the ATO:

  •  provides each of those elements of the myGovID system “as is” and without charge
  •  gives no express or implied warranties or makes any representation (and to the full extent permitted by law excludes all statutory warranties) in relation to each of those elements (including as to its availability, performance or fitness for a particular purpose)
  •  will not be liable in any way for any loss or damage (including special, indirect or consequential) arising from or in connection with any of those elements of the myGovID system or its or their availability, use or performance.

To the extent that the ATO's liability for the myGovID system (or any part of it) cannot be excluded, it is limited to the resupply of the relevant goods or services, or the cost of such resupply, at the ATO's option, or otherwise limited to the minimum amount permitted by law.

myGovID Terms of use - Glossary

Term Definition
Certificate An electronic document, signed by the Certification Authority which:
  • identifies a Subscriber by way of a Distinguished Name
  • binds the Subscriber to a Key Pair by specifying the Public Key of that Key Pair
  • contains the information required by the Certificate Profile.
Certificate Policy (CP) A named set of rules applying to, and providing policy and operational guidance on the deployment and use of a Certificate issued by a Certification Authority (CA).
Certificate Store Storage location for certificates on a computer or device.
Certification Authority (CA) An entity that issues and digitally signs Certificates using the entities Private Key.
Certification Practice Statement (CPS) A statement of the practices that a Certification Authority (CA) employs in managing the digital Certificates it issues (this includes the practices that a Registration Authority employs in conducting registration activities on behalf of that Certification Authority).
These statements will describe the PKI certification framework, mechanisms supporting the application, insurance, acceptance, usage, suspension/revocation and expiration of digital Certificates signed by the CA, and the CA’s legal obligations, limitations and miscellaneous provisions.
Public Key Infrastructure (PKI) The combination of hardware, software, people, policies and procedures needed to create, manage, store and distribute Keys and digital Certificates based on public Key cryptography.