The Bills and their referral
On 31 July 2019, the Hon David Coleman MP, the Minister for Immigration, Citizenship, Migrant Services and Multicultural Affairs, introduced the Identity-matching Services Bill 2019 (IMS Bill) into the House of Representatives.
In his second reading speech, the Minister stated that:
The identity-matching services to be enabled by this bill include a Face Verification Service which will make it easier for documents containing facial images to be safely verified online, making access to government services more secure, accessible and convenient for citizens. This means that, over time, more and more services can be provided completely online, making life easier for everyday Australians.
At the same time, the Minister also introduced the Australian Passports Amendment (Identity-matching Services) Bill 2019 (Passports Amendment Bill) to the House of Representatives.
In his second reading speech the Minister stated that the Passports Amendment Bill
will provide a clear legal basis for ensuring that the foreign minister is able to direct the automation of the sharing of passport data for the purposes of national security.
On 31 July 2019, the Attorney-General, the Hon Christian Porter MP, wrote to the Committee to refer the provisions of both bills for inquiry.
On 8 August 2019, the Hon Peter Dutton MP, Minister for Home Affairs, wrote to the Committee and requested that, as far as possible, the Committee conduct its inquiry in public.
Context of the inquiry
These are re-introduced Bills. The Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching services) Bill 2018 lapsed upon this year's election. At this time the Committee's review of the Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching services) Bill 2018 (previous inquiry) also lapsed.
Pursuant to Clause 8 of Schedule 1 of the Intelligence Services Act 200, the Committee has accepted as evidence to its review of the Identity-matching Services Bill 2019 and the Australian Passports Amendment (Identity-matching services) Bill 2019 all evidence, including submissions and transcripts taken, for the Committee's review of the Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching services) Bill 2018.
Conduct of the inquiry
The Committee announced the inquiry by media release on 9 August 2019 and invited submissions from interested members of the public by 6 September 2019.
For its previous inquiry the Committee received 20 submissions and eight supplementary submissions from industry, government and other organisations. During this inquiry the Committee received 20 submissions. A list of submissions received by the Committee is at Appendix A.
During its previous inquiry the Committee held public hearings on 3 May 2018 and 17 August 2018. The Committee also received a private briefing on 17 August 2018. A list of hearings and witnesses who appeared before the Committee is included at Appendix B.
Copies of submissions received and transcripts of public hearings can be accessed on the Committee’s website at: http://www.aph.gov.au/pjcis. Links to the Bills and Explanatory Memorandums are also available on the Committee’s website.
The report consists of five chapters:
This chapter sets out the context and conduct of the inquiry, provides an outline of the Bills and examines the rationale for the Bills,
Chapter 2 examines biometric systems and considers the privacy and other human rights implications of the Bills,
Chapter 3 examines the identity-matching services, the interoperability hub and the National Driver Licence Facial Recognition Solution (NDLFRS – referred to in this report as Driver Recognition Solution),
Chapter 4 considers the collection, use, protection and disclosure of identification information, and reporting and review requirements,
Chapter 5 contains the Committee’s principles and findings in relation to the IMS Bill, and
Chapter 6 examines the Passports Amendment Bill and sets out the Committee’s concluding comments.
Outline of the bills
Identity-matching Services Bill 2019
Background on the Bill’s development
The IMS Bill seeks to facilitate the secure, automated and accountable exchange of identity information between the Commonwealth and state and territory governments pursuant to the objectives of the Intergovernmental Agreement on Identity Matching Services (IGA), agreed by the Council of Australian Governments (COAG) in October 2017.
It implements goals set out in the National Identity Security Strategy and the National Facial Biometric Matching Capability and provides for identity-matching services as additions to the existing Document Verification System. The Identity Strategy, the Facial Matching Capability, the Document Verification System and the IGA are explained in more detail below.
Broadly, the IMS Bill seeks to establish a range of services to identify, recognise or verify a facial image. In addition, it proposes systems for the collation, access, use, sharing and disclosure of this type of data.
The IMS Bill authorises the Department of Home Affairs to create and maintain facilities for the sharing of facial images and other identity information between government agencies, and in some cases, non‑government entities. Further, the Bill authorises the Department to develop, operate and maintain two centralised facilities for the provision of identity‑matching services:
an ‘interoperability hub’, intended to operate as a router through which participating government agencies and non‑government entities can request and transmit information as part of an identity‑matching service, and
the National Driver Licence Facial Recognition Solution (referred to in the Bill as the NDLFRS), a federated database of information contained in government identity documents such as driver licences.
The IMS Bill does not authorise certain agencies to use identity‑matching services. Rather, entities seeking access will need a legal basis for collecting and disclosing personal information and must meet access requirements set out in the IGA.
The IMS Bill consists of five parts, which are outlined in more detail in the following section.
Part 1 – Preliminary and Definitions
Part 1 of the IMS Bill consists of two divisions. Division 1 sets out the preliminaries, such as short title and commencement.
Division 2 is split into two subdivisions. Subdivision A includes general definitions used elsewhere in the Bill, including the definitions of ‘identification information’ and ‘identity or community protection activity’. Subdivision B includes definitions relating to identity-matching services. It defines an ‘identity-matching service’ as any of the following:
Face Identification Service,
Facial Recognition Analysis Utility Service,
Face Verification Service,
Identity Data Sharing Service, and
One Person One Licence Service.
The IMS Bill also provides that additional services may be prescribed in rules. Each of the above-listed services will be accessed through the interoperability hub or the National Driver Licence Facial Recognition Solution, and are defined in Table 1.1 below.
Table 1.1: List of identity-matching services
Face Identification Service
(referred to in the IMS Bill as the FIS)
This service will search facial images on a one‑to‑many basis or help determine the identity of an unknown person, or detect instances where a person may hold multiple fraudulent identities.
Facial Recognition Analysis Utility Service
(referred to in the IMS Bill as the FRAUS)
(referred to in this report as the Facial Recognition Service)
This service will allow state and territory agencies to assess the accuracy and quality of their data holdings.
Face Verification Service
(referred to in the IMS Bill as the FVS)
This service will enable a user to verify a specific person’s identity by using a facial image and associated biographic details of a person to be compared on a one‑to‑one basis against an image held on a specific government record for that same individual.
Non‑government entities and local governments may seek access to this service.
One Person One Licence Service
(referred to in the IMS Bill as the OPOLS)
(referred to in this report as the One Licence Service)
This service will allow state and territory agencies to detect instances where a person may hold multiple driver licences across jurisdictions.
Identity Data Sharing Service
(referred to in the IMS Bill as the IDSS)
(referred to in this report as the Identity Sharing Service)
Not technically an identity-matching service but this service will allow for the sharing of biometric identity information between Commonwealth, state and territory agencies.
Source: Identity-matching Services Bill 2019, Explanatory Memorandum.
Part 2 – Developing and operating the interoperability hub and National Driver Licence Facial Recognition Solution
Part 2 provides for the Secretary of the Department of Home Affairs to develop and operate the ‘interoperability hub’ and the National Driver Licence Facial Recognition Solution.
The ‘interoperability hub’ is a facility for relaying electronic communications between bodies and persons for the purposes of requesting and providing identity-matching services.
The National Driver Licence Facial Recognition Solution will include a database of identification information from state and territory authorities and will make driver licence facial images available through an identity-matching service.
Part 3 – Authorising collection, use and disclosure of identification information
Part 3 consists of three divisions. Division 1 contains a simplified outline of the Part.
Division 2 deals with the collection, use and disclosure of identification information by the Department of Home Affairs. The Department may collect, use or disclose identification information through the interoperability hub or the National Driver Licence Facial Recognition Solution for any of the following purposes:
providing or developing an identity-matching service for the purpose of an ‘identity or community protection activity’,
protecting an assumed identity acquired under Part 1AC of the Crimes Act 1914 or the real identity of a person who has acquired an assumed identity, or
protecting an identity that has been provided under a witness identity law or scheme.
An activity will be an ‘identity or community protection activity’ if it relates to one of the following:
preventing and detecting identity fraud,
law enforcement activities,
national security activities,
protective security activities,
community safety activities,
road safety activities, or
Division 3 deals with the disclosure of identification information by state and territory authorities to the Department. The Division provides that, if a law of the state or territory limits an authority’s disclosure of identification information and an exemption in relation to a law of the Commonwealth applies, that authority may disclose that information to the Department via electronic communication.
Part 4 – Protection of information
Part 4 sets out provisions around the protection of information and consists of two divisions. Division 1 contains a simplified outline of the Part.
Division 2 establishes an offence where an ‘entrusted person’ obtains ‘protected information’ and makes a record of, or discloses, it to another person. The offence is punishable by imprisonment for two years.
The IMS Bill provides for an exception to the offence where the conduct is authorised by a law of the Commonwealth or of a state or territory.
Division 3 provides for authorised recording and disclosure of protected information by entrusted persons. An entrusted person may make a record of, or disclose, protected information if they do so with the consent of the person or for the purposes of:
lessening or preventing a threat to life or health, and
Part 5 – Delegation of Secretary’s powers and functions, annual reporting and review of operation of the Act
Part 5 allows for the Secretary, in writing, to delegate his or her functions or powers proposed by the IMS Bill to an SES employee or acting SES employee of their Department.
Proposed section 28 of the IMS Bill requires the Secretary to give the Minister an annual report, for presentation in Parliament. The report is required to provide detail on statistics relating to all requests in the financial year from:
authorities of the Commonwealth (except the Australian Security Intelligence Organisation) or of a State or Territory, for a Face Identification Service, Face Verification Service or One Licence Service, and
non-government entities for a Face Verification Service.
In addition, the annual report must include information on each authority of the Commonwealth (except the Australian Security Intelligence Organisation), and each authority of a State or Territory (including a local government authority), that used an Identity Data Sharing Service to disclose or collect identification information in the financial year.
Proposed section 29 provides for a review of the operation of the Act and provision of identity-matching services to be started within five years of the commencement of the Act. Proposed section 30 provides for a general rule making power for the Minister.
Australian Passports Amendment (Identity-matching Services Bill) 2019
The Passports Amendment Bill authorises the Department of Foreign Affairs and Trade to disclose information in order to participate in identity‑matching services and provides for computerised decision‑making. It consists of one schedule that inserts two new sections into the Australian Passports Act 2005.
Proposed section 46(da) authorises the Minister for Foreign Affairs to disclose personal Australian travel document data for the purpose of participating in a service specified in the Minister’s determination, to share or match information relating to the identity of a person. In practice this will allow the Minister for Foreign Affairs to make a determination allowing disclosure of information for the identity-matching services as provided for in the IMS Bill.
Proposed section 56A will incorporate scope for the Minister for Foreign Affairs to automate decisions under the Australian Passports Act 2005.
Rationale for the bills
Identity-matching Services Bill 2019
In its submission, the Department of Home Affairs cited the serious impact of identity crime as a driver for the measures proposed in the Bill:
Identity crime causes substantial harm to the economy and individuals each year. The Identity Crime and Misuse in Australia Report 2016 prepared by the Attorney-General's Department, in conjunction with the Australian Institute of Criminology, indicated that identity crime impacts around 1 in 20 Australians every year (and around 1 in 5 Australians throughout their lifetime), with an estimated annual cost of over $2.2 billion.
Since at least 2007, there have been a range of Commonwealth, state and territory government agreements, strategies and services to address issues of identity crime. The IMS Bill proposes a formal operational framework for national identity matching services.
National Identity Security Strategy
In 2007, heads of COAG signed an Intergovernmental Agreement on an Identity Security Strategy (the Identity Strategy), aimed at combatting identity theft and the fraudulent use of stolen and assumed identities. The parties agreed to strengthen government processes and standards for identifying (and verifying the identity of) persons, including through enhancing the interoperability of biometric security measures.
The Identity Strategy was revised in 2012. One goal of the revised Strategy was the development of a National Biometric Interoperability Framework, setting out guiding principles for ensuring a consistent approach to the collection, use, disclosure and management of biometrics. The Framework is intended to work within existing legislation, and improve the interoperability of biometric systems across jurisdictions.
Document Verification Service
Arising out of the Identity Strategy was the Document Verification Service which has been operational in the public sector since 2009. The Document Verification Service enables the comparison of details on an identity document with records held by the issuing authority, to verify that the details are still valid and the document is legitimate.
In a similar way to the identity-matching services provided for in the IMS Bill, data is not stored on the Document Verification Service itself. Instead, requests to verify a person’s identifying information are encrypted and sent through a secure ‘Document Verification Service hub’ to the issuing authority. In most circumstances, the person must provide express consent for their personal information to be used in this way.
The Explanatory Memorandum to the IMS Bill identifies shortcomings in the capacity of the Document Verification Service to detect all forms of identity crime:
[the Service] helps to prevent the use of fake identities (false names, dates of birth etc) by detecting when a document does not match a record held by the issuing authority. However, this has incentivised criminals to steal genuine identities and use them for criminal purposes, rather than create entirely false identities. Organised crime groups in particular are developing increasingly sophisticated methods for replicating genuine identification documents with fake photographs, using the same technologies issued by the document-issuing agency. These documents are not detected by the DVS because the biographical details are genuine.
National Facial Biometric Matching Capability
In October 2014, a meeting of COAG’s then-Law, Crime and Community Safety Council noted the Commonwealth’s plans to establish a National Facial Biometric Matching Capability (Capability). This Capability would provide a mechanism for the cross-jurisdictional sharing of existing information collected by agencies.
In September 2015, the then Minister for Justice, the Hon Michael Keenan MP, announced that the Commonwealth was spending $18.5 million to develop the Capability. The announcement noted that the Capability would initially involve ‘one-to-one’ image-based verification between Commonwealth agencies, with more agencies to join over time. It would then be further developed to allow ‘one-to-many’ identification matching, enabling law enforcement and security agencies to match the photograph of an unknown person against the photos in government records, to establish the person’s identity. The then Minister for Justice stated
the new capability will allow agencies to match a person’s photograph against an image on one of their government records. This will help prevent more insidious forms of identity fraud –where criminals create fake documents using their own photos, with personal information stolen from innocent victims. It will also assist victims more easily restore their compromised identities.
The Face Verification Service commenced operation in November 2016, enabling the Department of Foreign Affairs and Trade and the Australian Federal Police to access citizenship images held by the Immigration Department. At the time of the launch it was announced that other types of images such as visa, passport and driver licence photos would be added over time, and that access would subsequently be expanded to other government agencies.
Intergovernmental Agreement on Identity Matching Services
The Intergovernmental Agreement on Identity Matching Services (IGA) was agreed by COAG in October 2017 and signed by the Commonwealth and all states and territories
Clause 1.2 of the IGA provides that the parties agree to promote the sharing and matching of identity information for the purposes of:
preventing identity crime,
However, the Australia Capital Territory included a variation stating that it would only allow access to its data for the purposes of the Face Verification Service and would not participate in the One Licence Service. Limited access to data via the Face Identification Service would be provided where this was for the purposes of national security and community safety.
South Australia also included a variation providing that it would accept the IGA subject to its Public Sector (Data Sharing) Act 2016 authorising the collection, use and disclosure of facial images and related identity information.
The parties to the IGA agreed that the identity-matching services should be developed and operated in accordance with the principles around privacy, security, data access, data quality, identity resolution decisions resting with Requesting Agencies, a non-evidentiary system, the protection of legally assumed identities and robust accountability.
Participation Agreements, the Coordination Group and Access Policies
The IGA provides for a Face Matching Services Participation Agreement (Participation Agreement) which will be a legal agreement between all agencies participating in the identity‑matching services. The Participation Agreement will set out the respective roles, rights and obligations of all agencies in relation to their participation in, access to and use of the identity‑matching services.
The Participation Agreement in relation to the identity-matching services has not commenced and no further information on any Participation Agreements was provided to the Committee.
The IGA also references the existing National Identity Security Coordination Group (Coordination Group) which comprises representatives from the Commonwealth, States and Territories, and works to implement the Identity Strategy. The Coordination Group will approve ‘access policies’ which are a documented set of requirements that an entity must comply with in order to access identity-matching services. Approved access policies for the FVS and the FIS are available on the Australian Government ID Match webpage which has been established specifically for providing information about the Identity Matching Services.
The Access Policy for the FVS was issued in June 2017 and provides an example of the criteria an agency must meet in order to participate in identity-matching services. In order to gain access to the FVS, an agency must:
provide a statement referencing legislation that provides the legal basis for using and/or disclosing identity information via the Face Verification Service,
undertake or contribute to a privacy impact assessment to account for every information flow which occurs through the Face Verification Service, to which the agency is a party (unless the agency’s use of the Face Verification Service is exempt from the relevant Commonwealth, state or territory privacy laws),
enter into an Interagency Data Sharing Arrangement with each agency with which it intends to share information via the Face Verification Service,
maintain a register of Nominated Users who are authorised to submit queries via the Face Verification Service, ensure the users undertake training in security awareness and privacy obligations, and ensure that any IT systems connected with the hub receive and maintain appropriate security accreditation,
have an independent audit conducted of all its data sharing via the Face Verification Service at least once every financial year, and
enter into a memorandum of understanding with the Department of Home Affairs in relation to the services through the interoperability hub.
The Access Policy for the FIS has similar access criteria.
The Department of Home Affairs is responsible for reviewing each Interagency Data Sharing Arrangement to ensure consistency with the Access Policy, and for reviewing audit and compliance reports.
State and territory legislation
The IGA does not provide agencies with the legal authority to share information—it is intended that this authorisation is to come from the laws of each state and territory. Part 8 of the IGA provides that each jurisdiction will preserve or introduce legislation as necessary, to support the collection, use and disclosure of facial images and related identity information between the parties.
In Queensland the Police and Other Legislation (Identity and Biometric Capability) Amendment Act 2018 was enacted on 16 March 2018.
Tasmania has amended its driver licensing regulations to authorise the disclosure of protected information for the purposes of identity-matching services. South Australia has indicated that the Public Sector (Data Sharing) Act 2016 (SA) meets its legislative obligations for the purposes of the agreement, suggesting that further legislation may not be required.
Australian Passports Amendment (Identity-matching Services) Bill 2019
The Explanatory Memorandum to the Passports Amendment Bill states that the Bill
amends the Australian Passports Act 2005 (Passports Act) to provide a legal basis for ensuring that the Minister is able to make Australian travel document data available for all the purposes of, and by the automated means intrinsic to, the identity-matching services to which the Commonwealth and the States and Territories agreed in the Intergovernmental Agreement on Identity Matching Services (IGA), signed at a meeting of the Council of Australian Governments on 5 October 2017.
General view on the objectives of the Bills
Identity-matching Services Bill 2019
Those submitters who addressed the underlying objectives and rationale for the IMS Bill offered broad support. However, this support did not always extend to the implementation mechanisms proposed in the Bill.
The Victorian Government supported the use of the IMS Bill ‘to prevent identity crime and to assist general law enforcement, national and protective security, community and road safety, and identity verification’.
Optus and the Australian Mobile Telecommunications Association both provided support for the key provisions of the Bill. The telecommunications industry representatives submitted that the Bill would improve public confidence in identity validation and assist in preventing identity theft and fraud.
The Office of the Information Commissioner (Queensland) also offered in-principle support to the objectives of the IMS bill and the ‘nation-wide regime it will help facilitate’.
Similarly, Australian Lawyers for Human Rights agreed with the broad rationale for the IMS Bill stating that they did not ‘disagree with the aim of allowing identity-matching services to be used by government’ but still had concerns that sufficient safeguards had not been adopted in the IMS Bill. They stated that information ‘obtained through or used by these government services could be made available for commercial purposes’.
Likewise the Office of the Victorian Information Commissioner offered in-principle support for the ‘use of the identity-matching services in the context of national security’ however the Office had concerns that risk will largely be managed via agreements between the parties rather than through the legislation itself. The Office questioned the enforceability of these agreements and suggested that the ‘ability for fundamental controls to be amended without parliamentary oversight may also be problematic’.
The Human Rights Law Centre also welcomed the approach of ‘providing a legislative framework for the retention, use and sharing of facial images and other biometric data’.
The Office of the Australian Information Commissioner stated that they support ‘measures that aim to address identity-related crime, and enable law enforcement bodies to cooperate to achieve this objective’, but noted that the IMS Bill ‘requires further consideration to better ensure that any adverse effects of the proposed enactment on the privacy of individuals are minimised’.
The Human Rights Law Centre stated that:
Much of the justification for the Bill is focused on the need to address identity theft and serious crime, like terrorism. It's very easy to see how the bill will help to address these issues, which will advance human rights. But the very broad drafting of the bill enables uses far beyond that, which creates serious risks to other human rights like privacy, freedom of association, freedom of expression and assembly, and freedom from discrimination.
Australian Passports Amendment (Identity-matching Services) Bill 2019
Most submitters focussed their evidence on the IMS Bill. Where submitters did comment on the Passports Amendment Bill, they focussed on matters of detail that are dealt with in Chapter 6 of this report.
The Committee expresses its support for the rationale behind the IMS Bill and the Passports Amendment Bill, and national cooperative measures to curb identity crime and its links to national security threats.
In relation to the IMS Bill in particular, the Committee notes that much of the ‘architecture’ of the identity-matching services is left to Access and Participation Agreements or the practices of data holding agencies. This lack of detail in the IMS Bill has prompted many of the concerns raised by submitters to the Committee’s inquiry. Chief among these concerns was privacy.
The following chapter examines biometric systems and considers the privacy and other human rights implications of the bills.