|
Navigation: Previous Page | Contents | Next Page
ALP Senators' additional comments
Introduction
The
ALP Senators on the Committee agree substantially with the content of the
Committee Report and the recommendation to defer the bill.
The
report covers many of the important issues raised in the public hearings and
submissions. It broadly reflects the concerns ALP Senators have with the
legislation particularly the lack of clarity and certainty in key provisions of
the bill, the impacts on privacy, the potential for the access card to become
an identity card due to the presence of the photo and signature on the surface
of the card, concerns with security of the information stored on the chip and
database, the lack of Parliamentary scrutiny or oversight mechanisms and the
inherent weakness in the offences and penalties provisions.
The
ALP Senators support the Committee report's recommendation and list of matters
to be taken into account, insofar as they seek to improve the access card
legislation. However, there remain many unresolved issues and concerns which
must be addressed before the access card system, including registration, is
introduced. To resolve some of these issues, ALP Senators believe that the
matters to be taken account listed in the Committee report should be more than
just 'considered', as the report suggests. Most of these matters should be
adopted and included in any redrafted legislation and the framework for the
access card system.
Conduct
of the Inquiry
The
Human Services (Enhanced Service Delivery) Bill 2007 is a significant and complex
legislative proposal.
The
first available date, having regard to the Senate sitting timetable, that
public hearings could take place was Friday 2 March. The Committee has
therefore had less than two weeks to consider the many written submissions, the
substantial evidence given at three public hearings, the serious issues and
concerns raised in respect to the bill and its implementation, and to draft and
present its report.
The
ALP Senators are aware that the truncated timetable for the inquiry has placed
unreasonable demands both on the Chair in producing a draft report and on the
Secretariat staff who have had to work excessive hours under severe time
pressures.
In
turn, the ALP Senators only received the final Chair’s draft report late on
Wednesday 14 March, the day before the final report was due to be tabled.
We
agree with the concerns raised in the report regarding the lack of time to
consider all issues. We also note two other issues which support deferring
consideration of this legislation by the Parliament.
Firstly,
the Government has stated that this is only the first part of a legislative
package and that further legislation will be introduced at an unspecified date
to '...deal with the review and appeal processes for administrative decisions,
further elements of information protection and legislative issues relating to
the use of the card, including in relation to dependents'.[1]
Secondly,
Professor Allan Fels, chair of the Access Card Consumer and Privacy
Taskforce, has yet to present a number of key reports on the implementation
aspects of the access card, while the taskforce's second report on registration
is with the minister but has not been released.
ALP
Senators therefore strongly endorse Committee recommendation 1 that this bill
be combined with the proposed second tranche of legislation for the access card
system into a consolidated bill.
The
arrogance of the Government’s position is also reflected in the comments by the
former Minister in the Second Reading Speech who labelled persons opposing or
expressing serious concerns about the measures in the Bill as 'friends of
fraud'.[2]
This
is a despicable attack upon many reputable organisations and persons. For
instance, organisations such as the Office of the Privacy Commissioner, the
Australian Medical Association, Carers Australia, the Federation of Ethnic
Communities Council of Australia, the Australian Banker’s Association, Liberty Victoria, the Royal Australian College of
General Practitioners, Legacy, MedicAlert and Vision Australia
appeared during the public hearings and raised significant concerns with the
legislation.
Professor Fels also expressed reservations regarding the inclusion
of the biometric photo and digitised signature on the face of the card.[3]
Many others provided considered written submissions and cogent views.[4]
It
seems that the Government is intent on bludgeoning this legislation through and
maligning its critics, rather than allowing a proper debate on the merits and
detail of the access card legislation.
Registration
and the Document Verification Service (DVS)
In
evidence to the Committee the Department of Human Services stated that, on
average, it expects 35,000 Australians to register each day for the card over a
two year period.[5]
This
is an average but the reality is that on any day the figure could be much
higher, particularly in late 2009 and 2010 when many people may realise that
they will lose access to Medicare and family tax benefits unless they have
applied for the access card.
ALP
Senators are highly sceptical of the ability of the department and agencies to
deal with this influx of applicants. We question whether there will be enough
public servants trained to conduct rigorous registrations at all the locations
that applicants will present to each day during the registration period.
Further,
we are particularly concerned that the proposed on-line Document Verification
Service (DVS) which will link the Department of Human Services to the Births,
Deaths and Marriages offices in each state and territory will not be available
until 2010. We are concerned that a registration process that commences in
advance of the DVS being operational will be corrupted by existing problems
around document authentication and proof of identity. The risk of fraudulent
cards being issued in the absence of the DVS will be high. For example, a
project conducted by Westpac and the NSW Registry of Births, Deaths and
Marriages in 2001 found that 13 percent of birth certificates presented to
banks are false.[6]
In
estimates evidence given to the Senate Legal and Constitutional Affairs Committee
in February 2007, it was confirmed that there is no intergovernmental agreement
yet on what documents are sufficiently reliable for proof of identity
processes.[7]
The absence of a common agreed view on document reliability puts the
registration process at further risk of subversion. It is essential for the
integrity of the access card in general and the goal of combating identity
theft in particular that the DVS is fully operational before access card
registration commences.
Recommendation
ALP
Senators recommend that the registration process for the access card not
commence until the Document Verification Service is fully operational.
Identity
Card or Access Card?
ALP
Senators support the aims behind the access card, namely to improve the
delivery of benefits and services, make it easier to deal with the relevant
government agencies, reduce fraud and replace a range of cards, particularly
the Medicare Card, with a smartcard. This legislation, however, does not
achieve those aims.
In
a most unusual move, the Bill states in Clause 6 (2) – Objects of this Act:
It is also an object of this Act
that access cards are not to be used as, and do not become, national identity
cards.
The
very fact that the Government believes it is necessary to include this clause
indicates that the card has the potential to become an identity card. In its
current proposed form we believe that it is inevitable. This is because the
card will on its face contain the person's biometric photograph, digitised
signature and unique personal identifier number.
If
the card is only intended to be for access to services then it is sufficient
that such details only be included on the chip and not visible without a card
reader.
ALP
Senators support the view that including the biometric photo, digitised
signature and personal identifier number on the face of the card should be
optional.
The
Extent of Ministerial Power
This
legislation will give enormous powers to the Minister and the Secretary of the
Department to add private information to the database, expand the uses of the
card and issue guidelines that will sidestep parliamentary oversight. For
instance, the Secretary of the Department of Human Services will have the power
to order original identity documents presented by a person registering for an
access card to be scanned and stored on the register.
If,
as many suspect, the access card becomes widely used as an identity card either
voluntarily or otherwise, there will inevitably be calls from the private
sector to seek access to the national registration database in order to verify
the identity details of the cardholder. This will generate pressure to expand
the purpose and use of the card. The capacity of the Minister and departmental
secretary to permit any expansion without Parliamentary control needs to be
curbed.
ALP
Senators believe that the legislation should place limits on the discretionary
powers available to the Minister and the Secretary and that those circumscribed
powers should be subject to Parliamentary oversight.
Recommendation
ALP
Senators recommend that the access card legislation limit the discretionary
powers available to the Minister and the Secretary and that these powers are
subject to Parliamentary oversight.
Offences
The
offences provisions in the legislation are incomplete, poorly drafted and
appear to reflect policy discussions that are still taking place rather than
decided policy on conduct the Government wants to prohibit. This is a major
weakness in the bill. The offence provisions and authorised uses are scattered
across a variety of divisions in the bill with no clear structure. It is
unclear, for instance, that there are adequate offences or penalties relating
to officers of the Crown who may inappropriately access stored information.
It
is also unclear which agencies are authorised to deal with the access card
register – to view, change or add to it – or which agencies have the power to
require the card to be produced.
We
also note concerns raised by the Australian Bankers Association and the AFP
about the effect of Clause 57 which prohibits information from the card being
copied and the conflict this raises in situations where a person gives permission
for the card to be copied.[8]
While subsequent advice suggests some of these concerns may be unfounded, the
uncertainty about these issues reflects the rushed approach to, and poor
drafting of, this bill.
Contracts
and Tenders
The
Committee heard the access card project will ultimately involve five primary
contracts, or as they were described by the department 'procurement processes':
systems administration, smart card manufacture, transaction delivery provider,
terminals and infrastructure and the registration process. Two requests for
tender have been released, that of systems administration and smart card
manufacture.
ALP
Senators note the department’s decision to have five separate contracts as
opposed to one lead contract. The department indicated it had investigated best
practice contracting for this type of project. The aim is to maintain
competitive tension within some of those contracts to reduce the risk of the
access card system being ‘captured’ by external service providers.[9]
This approach amounts to a departure from the Howard Government's previous poor
methodology for outsourcing major IT projects.
ALP
Senators also note the department’s stated purpose of maintaining competitive
tension within some of those five contracts is to reduce the risk of the
Commonwealth being ‘captured’ by external service providers.
Many
technical details about the operation and implementation of the access card
were claimed to be unavailable to the Committee because of probity issues
surrounding the tender process.
This
inhibited the Committee’s inquiries into basic details regarding the technical
operation of the access card. For example, when asked a question about whether
35,000 registrations per day was feasible and related questions, witnesses
representing CSC, a company bidding for the systems integration tender, were
predictably unable to answer because of the deed of confidentiality they had
been required to sign to participate in the tender.[10]
This
raises the question of why the tender for the systems integration of the access
card had already been released to the market prior to the bill being
debated in, let alone passed by, the Parliament. This is contemptuous of the
Senate committee inquiry and has hampered the gathering of key evidence.
It
also raises the possibility of the Commonwealth, having called for a response
to tenders that may have to be modified or cancelled, being left in a
compromised position, depending on the outcomes of the processes of the
Parliament.
This
has also meant that the Committee was unable to get details of the registration
process. For example, CSC provided evidence that implied the contract was
structured so the external service provider would not be liable if the
registration process did not achieve the Government’s claims of 35,000 per day.
CSC identified the cooperation of the public as a key risk factor in achieving
registrations to the levels foreshadowed by the Government.[11]
The
Department also refused or was unable to provide detail regarding aspects of
the technical operation of the access card, either on the ground that it would
be in the next bill or that probity issues prevented disclosure. These issues
fall into four categories:
- The relationship (technical
interface, including meta-data standards) between the existing multitude of
databases in participating agencies and the new access card (Registration)
database;
- The management, security and
distribution of authorised card readers linked to terminals with registration
database access;
- The detail of privacy safeguards,
security, storage, access and archiving protocols of digitised personal,
private ID information collected by the DHS through the registration process;
and
- The technical features of the
smartcard itself including PIN protected areas, eg. an individual’s ability to
protect the private part of the Card with a PIN separate to the PIN protecting
information required to be held on the Card by the Commonwealth.
It
is of great concern to ALP Senators that this critical information was unable
to be provided. As a consequence, it is very difficult to assess the degree of
privacy protection and technological and organisational security that will
apply to both the access card and the registration database.
Recommendation
ALP
Senators recommend that the Government not request any more tenders for access
card related contracts until after consideration by Parliament of all access
card bills.
Other
Issues
Whilst
there are a number of other issues of concern, noted in the Committee report,
that warrant the legislation being deferred, ALP Senators wish to highlight
three matters of concern which were raised during the public hearings, but
which the department was unable to adequately address or refute.
Firstly,
Electronic Frontiers noted that it was 'completely inappropriate' that the
chip's design has not yet been decided. ALP Senators note that the operational
features, including many practical privacy and security related issues, depend
on the design of the chip itself. Hence it is extremely difficult to assess
the veracity of the government's privacy and security claims in the absence of
technical information and appropriate technical advice from experts on these
matters.
Secondly,
Legacy expressed a concern that there could be significant costs involved for
war widows who have to obtain original documents for registration. The costs of
identity verification were raised several times by witnesses.[12]
The department was not able to provide detailed information as to how they
would ensure that registration would be affordable for all Australians
Thirdly,
MedicAlert raised a serious concern that medical details stored on the access
card register could create dangers because they can quickly become out of date
or if the details are not verified by medical practitioners or authorities.
MedicAlert is also concerned that its ongoing viability may also be threatened
if the Government promotes the access card as an alternative to MedicAlert.
MedicAlert provides an excellent service to hundreds of thousands of Australians.
Its service is unique as the health information on their database has to be
verified by a doctor.[13]
The implications of the access card need to be clarified to ensure there are no
adverse consequences for the MedicAlert system and organisation.
These
three matters are further examples of the rushed approach to this legislation
and the gaps in it. In view of these and other shortcomings, this bill should
be deferred.
Senator Michael Forshaw
Deputy Chair |
Senator Carol Brown |
| |
|
| Senator Kate Lundy |
Senator Claire Moore |
Navigation: Previous Page | Contents | Next Page
Website feedback: web.senate@aph.gov.au
Last reviewed 15 March 2007 by the Senate Web Administrator
© Commonwealth of Australia
Parliament of Australia Web Site Privacy Statement
Images courtesy of AUSPIC
|
