Australia Card Mark II: NSWCCL’s Michelle Falstein on Labor’s Proposed Digital Identity System

A meeting of the nation’s various data and digital ministers early this year, resulted in the release of a 24th February communique, which asserts an urgency around implementing a national digital identification system, which would make it easier for “citizens to deal with government”.

The key benefit spruiked is that such ID would provide departments with the details relating to an individual who’s applying for services, which presumably could then be denied if, at the point of online access, an individual doesn’t have an online identity.

The Coalition initiated the Digital Identity System in 2015, which links users and provides their information to departments in order to access services. And it went on to release the exposure draft of its Trusted Digital Identity Bill 2021, which sought to make this a whole-of-economy system.

The finalised legislation was never introduced, however. And the Coalition proposed to move forward on it if re-elected, while One Nation and Clive Palmer campaigned on the issue in the lead up to the May 2022 election. Although Labor didn’t announce its position at that time.

Slipping under the radar

The Coalition set out in its draft legislation that its system would have provided the federal government, states and territories and public and private entities with access to information stored about an individual when dealing with them.

The whole-of-economy digital identity system would have allowed individuals to choose which accredited identity provider stored their ID, as well as permitting them to “access a range of public and private sector services through a single digital identity credential”.

However, as the NSW Council for Civil Liberties pointed out in 2021, this system was wanting. And two major issues were that its voluntary nature might be undermined if no viable alternative to accessing a service online exists, while the centralised model risks “a single point of failure”.

Triggering long-held concerns

The 2014 Financial System Inquiry report found that many Australians are likely to object to a digital ID system due to privacy concerns, as it could be perceived as a digital version of the unpopular Australia Card initiative, which was rejected in 1987.

Moves to implement a nationwide physical identification card with a photo of the holder and the ability to link entities to information stored about them were an attempt to stamp out welfare fraud and tax evasion.

Established in 1987, the campaign against the Hawke government’s Australian Card proposal was formidable. It led to the dissolution of parliament and a general election. And due to the strong opposition, Labor eventually let the proposal quietly fade away.

However, when the Australia Card was first cited in 1985, opposition to it didn’t exist. Indeed, there was early support for what was thought to be a convenience, and the campaign against it only developed after discussion and debate laid out the civil liberties issues involved in its rollout.

Sydney Criminal Lawyers spoke to NSW Council for Civil Liberties (NSWCCL) assistant secretary Michelle Falstein about the issues pertaining to the current and earlier ID proposals, the questions around the digital ID’s voluntary nature and how, through awareness, opposition will likely grow.

Following a February meeting of Australian data and digital ministers, a statement was released, outlining that a national digital identification system is on the government’s agenda.

Questions about potential rights infringements involved with such a system evoke the mid-1980s campaign against the proposed Australia Card.

Michelle, what were the liberties concerns involved in the campaign against the Australia Card?

The idea behind the card involved tax avoidance and evasion, welfare fraud and things like that. The bill was introduced, and it didn’t receive much attention for some time.

The campaign began only after privacy organisations and what were state privacy departments got involved and had a look at it, then the campaign started.

Basically, the card was mandatory: all Australians were supposed to hold it and keep it with them. You had to present it if you were going to engage in employment, or you wanted to access services.

So, that was the idea behind it. People started to take notice because of the privacy concerns around it, and the fact that it was going to give government quite a lot of centralised authority, which started to concern people.

One of the organisations involved at the time was the NSW Council for Civil Liberties. We were involved in that campaign, which included a number of other organisations of the time, like the Victorian Council for Civil Liberties.

So much publicity and protest then enveloped the whole idea of the Australia Card that, eventually, it was no longer pursued by government.

So, looking at the national digital identification system now proposed by the Albanese government, what sort of similar concerns does it raise in common with the Australia Card? And what fresh issues are triggered by an ID system located online?

There are similar concerns as they’re both information exchange systems. The idea is that information can connect you and departments.

The Australia Card carried the unique characteristics of a person that could identify them, and to some extent, the digital system is the same.

But this system is voluntary, whereas the Australia Card was supposed to be mandatory, and everyone was going to have to carry one.

When they talk about the digital system being voluntary, however, it’s a matter of what voluntary is, because we don’t consider it voluntary if you have no choice on whether to join it and use it when accessing services.

If you have to have a digital identity in order to access certain services, you have to agree that’s not consent.

We need to have a situation where it’s truly voluntary. Within the legislation there has to be very strict terms about the system not becoming an opt-out framework.

They say that it will be opt-in but that’s happened with other legislation, and it’s changed.

We don’t want to have a situation where people talk about alternatives to having a digital identity and then finding the idea of alternatives is meaningless.

For example, say you need to access Centrelink services, providing the alternatives of ringing up or going into a Centrelink office is really not very helpful. And it doesn’t make the system voluntary or give you any real alternatives to accessing services online.

There needs to be practical alternatives to do these things. We don’t want, for example, banks requiring you to provide a digital ID to get a mortgage. But they may well insist that you use a digital identity, as it’s too slow to do things in an alternate manner.

We don’t want to see that type of thing happening because it’s inequitable. It limits access to people if they’re not sophisticated in being able to create a digital identity.

In your understanding, how does the proposed digital identification system work?

I can only go on what was mooted in the last legislation. I don’t know what’s going to be in the coming legislation, and I’m unsure if they’ve taken on some of the criticisms made during the last round of discussions.

The way that the previous proposal was going to work is that you would have a central information exchange that would provide information to particular identifiers or service providers, which would mainly be government departments holding your information.

That would then be channelled through a central information exchange to entities called relying parties, which are places like banks, private organisations and other government departments not holding that information.

Then the information is exchanged, so they can provide you with services, and an individual becomes part of that framework by being able to go onto the system, getting an ID and then being able to access certain services by having verified themselves.

Federal Labor is citing the two major data breaches of 2022, which involved Optus and MediBank, as providing some urgency for the digital identification system rollout.

Are these data breaches a solid reason to set up this nationwide ID system? Will the digital ID prevent further such breaches?

No. It’s not a good reason to race into what’s fairly significant legislation that’s going to change people’s lives.

They really need to take time and show transparency in discussing the issues involved, dealing with people’s concerns and laying out what this would mean for people.

Without introducing the recommendations of the Privacy Act Review report, it will do very little. And that is something that would fix a lot of the problems involved in data breaches, as it would limit the information that big companies can actually collect.

Those recommendations would resolve a lot of the issues with data breaches without having to do any of this.

So, there are alternative routes to deal with data breaches that don’t involve a national digital identification system?

Absolutely. This system doesn’t prevent people from still collecting personal information from you.

This proposal is likely to receive bipartisan approval, as the Coalition released the exposure draft of its Trusted Digital Identity Bill, which sought to establish the online identification system.

The Council for Civil Liberties raised privacy concerns about the Coalition’s proposal at the time. What did that involve?

Well, apart from valid consent, which I have already raised, there were issues with a number of other things, like oversight.

Labor has been suggesting the Australian Competition and Consumer Commission (ACCC) provide oversight, but it really needs to be somebody independent with a good knowledge of digital systems. That’s what we’d want to see.

The old legislation had privacy impact assessments, but they were going to be done by people within the entity applicant. So, that kind of thing is ridiculous, as you have no independent oversight of what’s happening.

We’d need lots of reporting on the digital system – public reports every year. Someone who people can go to and make complaints in an easy manner if they’ve been having issues with their identity and have not been able to access services.

These are some basic things that weren’t adequately dealt with in the last legislation.

And lastly, Michelle, finance minister Katy Gallagher wants legislation to facilitate a national digital ID system introduced during parliament’s spring sittings.

Is there a concern this proposal could fly under the radar? And as both major parties are likely to support it, is it a given?

I don’t think it’s a given. When you look at the history of the Australia Card, that was also quiet at first and didn’t have full support in both houses, but it wasn’t something people were aware of, and it initially seemed popular in the polls.

However, it then became extremely unpopular when attention was drawn to the consequences and alternatives that existed.

So, it’s a matter of people acting diligently and paying attention to what this means to their autonomy and their privacy.