Sydney Criminal Lawyers posted the article The Coming Biometric Digital ID Will Facilitate Nationwide Surveillance on 3 August 2023. It outlined the bipartisan proposal to establish a national digital ID system with the Albanese government set to release draft exposure legislation this month.
The article was the latest in a series about the digital identification system, and it posited that the proposed system replicates parts of former Home Affairs minister Peter Dutton’s 2018 push to establish the National Facial Biometric Matching Capability.
A number of readers had contacted the author regarding their fears around the proposal. And despite the racist One Nation Party prominently campaigning against it, this is an issue that also triggers the concerns of privacy advocates of a less divisive nature.
The law firm then received an 18 August email from the Department of Finance Media Team stating that they’d read the article and it “included some inaccuracies”, so they’d provided information to help the author to “understand the Australian government’s Digital ID program”.
This email was much appreciated as, not only does it provide a clear explanation of what the department is proposing, but it also confirms that the proposal does appear to achieve a network that links all currently existing federal, state and territory ID databases, as Darth Dutton desired.
Providing user confidence
“Digital IDs are a secure, voluntary and convenient way for individuals to verify who they are online to access online services,” wrote the Department of Finance Media Team.
“Currently businesses and government agencies can hold large amounts of your personal information such as copies of driver licences or passports,” the email outlines. “Digital ID will reduce the amount of information needing to be stored by such organisations.”
Finance underscores that digital IDs “are created by verifying your ID online using existing government issued ID documents, without creating a new ID number or document”, which suggests that those concerned that this system is similar to the 1980s Australia Card proposal shouldn’t be.
Further, the digital ID will deliver an easy way to log onto multiple services, prevent the oversharing of personal information to various service providers, “ensure data is stored, transmitted and disposed of securely” and provide confidence to the user in that regard.
“Biometric verification is only used to create a Digital ID with a user’s consent, and you can choose to create a Digital ID without using biometrics,” the media team at the finance department also assured.
Tech ready for roll out
Federal Labor released its National Strategy for Identity Resilience in June. Home affairs minister Clare O’Neal and finance minister Katy Gallagher sent out a press release. And the Data and Digital Ministers Meeting, comprised of federal, state and territory politicians, was key to its development.
The media team points out that “the system is currently based around myGovID and is used by many government agencies to verify the ID of individuals accessing their services”.
“Over time, there will be greater choice of who you can create a Digital ID with to access government services – myGovID, state or territory Digital IDs, or private sector Digital IDs – and you will be able to use a myGovID to access some private sector services,” the email continues.
Gallagher told AFR in June that as the technology is basically ready, the digital ID could be in place by mid-next year. And rolling out the digital ID system is being spruiked as a priority at present due to the massive data breaches of last year.
Indeed, a prototype of this federated proposal, the Digital ID system, has allowed users – individuals and businesses – to connect with government departments, via digitised identification, since the Coalition rolled it out in 2015.
So far, the digital ID provides access to certain departments when seeking services. Other departments are being incentivised to incorporate it into their systems. And the government envisages it will eventually include private businesses, having an economywide reach.
And for citizens and residents who have difficulty in using a digitised system, nondigital options will be available “where practical”, so they’ll still be able to access services. But, three to five years down the track all compromised credentials will be reissued digitally, rather than physically.
“This initiative will explore how jurisdictions can work together to improve the integrity of identity records and provide every Australian with an accurate commencement of identity record updated for life events,” the strategy adds, meaning a change of ID details will be recognised across jurisdictions.
“This is a ‘federated’ system and means data isn’t centralised in any one agency,” the finance department email states. It won’t involve a national number or new ID card, a single point of storage for personal information or be “used to track activity”.
“Biometric verification is only used to create a Digital ID with a user’s consent, and you can choose to create a Digital ID without using biometrics,” it continues.
An issue with the 3 August article is it stated the system “will incorporate and store all driver licence and passport ID photos, as well as any additional biometric details added”. This should not have included the word “store” or the phrase “additional biometric details added”.
The digital ID system will be able to access existing state driver licence and ID databases, along with federal passport and immigration photos. These databases contain personal details and photographs of each citizen and resident, so they will be stored as per usual in these separate locations.
So, the cross-jurisdictional digital identification system will allow users to identify themselves to government departments and private sector businesses, via differing service providers, meaning that all of these databases are incorporated, linked and available via this one network.
The point being made in the last article was that the National Facial Biometric Matching Capability (NFBMC) that now Liberal leader Dutton was keen to launch, and was first proposed by former attorney general George Brandis, will link up all these databases via an “interoperability hub”.
The NFBMC was to link all state, territory and federal photo identification databases through a single hub or network, which would then allow law enforcement to match still images sourced from CCTV cameras nationwide with ID photos in real time.
This hub was “intended to operate as a router through which participating agencies and organisations can request and transmit information”.
The NFBMC further proposed establishing the National Driver Licence Facial Recognition Service (NDLRFS): a federated database of information.
The NDLRFS was to be a “combined (but partitioned) store of replicated driver licence facial images, biographic and related driver licence information from each of the state and territory RTAs” (Road Transport Authorities).
This was to be hosted by the Commonwealth, but it couldn’t directly access the data, rather the network does.
The Identity-Matching Services Bill 2018 would have established this system, which – along with the Australian Passports Amendment (Identity-Matching Services) Bill 2018 that permitted federal ID databases to be included – would form the National Facial Biometric Matching Capability.
Yet, the Parliamentary Joint Committee on Intelligence and Security’s review of these two bills knocked them back in 2019 and ordered the government to redraft and resubmit the laws, due to privacy concerns. This is the only time the PJCIS has ever rejected legislation.
The point of the 3 August article was to assert, as it said, that the national ID proposal “partly establishes the type of system ex-home affairs minister Peter Dutton has long desired to surveil the public”.
Indeed, a limited version of the hub was established by then AG Brandis in 2016 solely on the basis of federal databases.
The author of the article notes that the line suggesting a federated ID system will succeed in having “compiled a database with all citizens’ details” and will also “contain all ID photos” was an extremely sloppy way of describing how he considered the national digital ID would operate.
“There is no single database containing the biometric information of Australians who choose to use Digital IDs,” reads the finance department’s email. And the author of the article further thanks the media team for clarifying this, as he hadn’t meant to posit the NDLRFS was involved in the proposal.
Although, he did have concerns as to whether those who choose to use the biometrics in establishing their digital ID would have that data stored. But, as the email reads, “biometric verification means an individual is only matched against a photo from their own ID documents”.
This does, however, suggest that a system or a hub or a network is proposed to be established that can match the biometric image of a person looking into their phone with whichever government database their identity photograph is stored on.
So, if the forthcoming national digital ID bill is passed through parliament and given the thumbs up by the PJCIS, such a network will be in operation in this country. Therefore, the government would be one step away from establishing the National Facial Biometric Matching Capability.
A voluntary system
The two pieces of legislation that were to establish the NFBMC were predicated upon the Intergovernmental Agreement on Identity Matching Services, which is a 5 October 2017 agreement established between the federal, the six state and two territory governments.
This promotes “the sharing and matching of identity information to prevent identity crime, support law enforcement, uphold national security, promote road safety, enhance community safety and improve service delivery, while maintaining robust privacy and security safeguards”.
And in entering the agreement, “the parties recognise that they have a mutual interest in facilitating the sharing of identity information and need to work together to achieve these outcomes”.
The government assures the public that there is nothing to worry about in establishing a national digital ID system as it will be voluntary. Further, those governing the nation stipulate that the use of biometric data will also be voluntary.
Mind you, the National Facial Biometric Matching Capability only sought to match still images captured from CCTV footage with the images of citizens and residents already stored in existing government ID databases and not those taken when voluntarily signing up for a digital ID.
And as dataveillance expert Dr Roger Clarke told Sydney Criminal Lawyers in relation to the national digital ID in April, “Schemes are always trumpeted as being voluntary at the beginning and are always designed on the assumption that they will become mandatory soon afterwards.”
“In the private sector, this technique is called ‘bait-and-switch,” the UNSW Visting Law Professor added.