Chapter 3 - Key issues

Introduction

3.1        This bill is intended to be the cornerstone of the government's proposed access card system. It will provide the legislative basis for the card's roll out, operation and the architecture supporting it. As chapter 2 indicates, the bill's provisions cover a large range of complex matters extending from the purpose of the card through to the information on its surface, chip and database, as well as penalties for misuse. However, at the heart of the proposed access card system are two primary goals:

• Improving delivery of Commonwealth human services and benefits; and
• Combating fraud, particularly in relation to identity theft.

3.2        The Committee endorses goals to streamline the delivery of Commonwealth benefits and prevent fraud. The Committee supports any policy that will facilitate access to those who are eligible while forestalling access to those who are ineligible.

3.3        In considering the bill's provisions, the Committee has used these two goals as a point of reference for assessing the merits and necessity of measures provided for in the bill.

3.4        This chapter examines the following matters in the bill:

• The information to be stored on the card's surface and in its chip;
• The register;
• Discretions and delegations;
• Administrative review;
• Access to the information on the card and in the register; and
• Offences.

3.5        The chapter also lists a number of items of concern that the Committee has not had adequate time to consider.

3.6        To understand the context of the Committee's discussion of the key issues in the bill, it is important to outline a number of timing factors that have shaped the design of the bill, impinged on the Committee's inquiry and which raise concerns about the legislative approach to this measure.

Timing issues

3.7        The Australian Government submission justifies the timing of the bill on three grounds. Under the heading, 'Why the first instalment of the legislation is needed now', it states:

• A legal framework is needed to support the implementation of the access card system and initial registration of card holders in early 2008;
• It is also needed to allow sufficient time to inform the community about the new system, a step recommended by the Consumer and Privacy Taskforce headed by Professor Fels (and referred hereafter as the 'Fels' Taskforce'); and
• '... early passage of the legislation is required to provide certainty for contract negotiations for the procurement of critical elements of the access card system'.[1]

3.8        The government submission further explains that legislation for the card is being staggered in a series of bills to make it easier for the community to understand the measure, to avoid public confusion which might result from a large, complex omnibus bill and to allow people to focus on specific issues in a considered way.

3.9        The Committee has a number of concerns with the approach and timing adopted with this bill. The most immediate is the limited time given to the Committee to examine the bill, to receive and hear evidence and consider the issues presented to it.

3.10       With only the first tranche of the access card legislation before it, the Committee has also been put at a disadvantage in that it does not know the detail of key provisions and measures that are intended to be addressed in later legislation. That the provisions held over relate to critical matters such as reviews and appeals, privacy protections and oversight and governance measures does little to allay the Committee's general unease with the adequacy of this bill.[2] In essence, the Committee is being asked to approve the implementation of the access card on blind faith without full knowledge of the details or implications of the program. This is inimical to good law-making. The delay in introducing these measures is unlikely to encourage public confidence in the access card proposal, particularly as the missing measures are essential for providing the checks and balances needed to address serious concerns about the bill.

3.11      The Committee has also been asked to consider the bill while a number of processes central to the operation of the access card or of bearing on its legislative framework are still underway. The most important include:

• The Fels' Taskforce reporting on the registration process, appeals and a privacy impact assessment;
• The Australian Law Reform Commission's review of the Privacy Act; and
• The Attorney-General's Department's project for a Documentation Verification System.

3.12      In addition, two tender processes, one for the systems integrator, the other for card issuance and management, were running during the Committee's consideration of the matter.[3] This could be seen as undermining the authority of the Committee by creating the impression that passage of this legislation is preordained, rendering Senate oversight superfluous.

3.13      The Committee appreciates that a complex, multifaceted and expensive project like the access card involves several processes running in parallel, and that it is not possible to have answers for every issue or detail during the introductory stages of such an undertaking.

3.14      The government submission has argued that any lengthy delay with the adoption of the bill would hamper the introduction of the access card system. It states:

If passage of the Bill were to be significantly delayed this would reduce the time available to put in place the necessary infrastructure, administrative arrangements and public information to properly implement the new system. This could jeopardise contract negotiations and would not allow adequate time to fully and adequately inform the Australian community of these important changes.[4]

3.15      The Committee cannot accept that priority has been given to tender processes at the expense of reasonable time for the Parliament to scrutinise properly a complex piece of legislation.

3.16      Moreover, the processes surrounding the bill appear to have led to inconsistencies with other Commonwealth legislation and concerns among other Commonwealth agencies. The Committee heard that the bill potentially conflicts with the customer verification obligations under new anti-money laundering and counter-terrorism financing laws.[5] (In subsequent advice, government agencies said they believe this is not the case.)[6] The Australian Federal Police (AFP) also raised concerns about penalty provisions inhibiting intelligence and investigations.[7] These problems raise questions about the drafting of the bill and degree of consultation among government agencies about the interaction of the bill with other Commonwealth law.

3.17      Legal academics and practitioners also criticised the bill for its poorly defined terminology and other drafting deficiencies. While committee scrutiny of bills is designed to identify and fix problems of this nature, the limited time allotted means other problems may go undetected while any remedial amendments will also have to be rushed and risk further drafting inconsistencies.

3.18      The haste involved with this bill has also led to a number of irregular and inappropriate actions. The department published on its website the Australian Government submission to the inquiry before the Committee could consider its contents, let alone authorise its publication. This breached the longstanding rule and practice that Senate committees have sole discretion to publish evidence they receive. The Committee also received evidence from the department that did not take account of other powers and procedures of the Senate and its committees (for instance, in relation to claims of legal professional privilege). The Committee assumes these oversights were largely a result of the haste with which this inquiry has had to be prosecuted.

Conclusions

3.19      The time allowed for consideration of all the important and complex issues relating to the access card legislation has been truncated, including the time given to the Committee to examine this bill. Key measures that need to be taken into account including privacy, governance, appeals and review mechanisms are to be considered in a second tranche of legislation. It is not possible to assess adequately this new measure in the absence of these vital protections and other provisions. The Committee considers that this bill needs to be combined with the second tranche of legislation into a consolidated bill to allow proper consideration of the access card proposal.

Recommendation 1

3.20      The Committee recommends that this bill be combined with the proposed second tranche of legislation for the access card system into a consolidated bill.

The Card – surface information

3.21      In seeking to explain how the primary objectives of improved service delivery and fraud prevention will be met, the bill includes provisions for what information will be displayed on the surface of the card and in the chip inside the card. Clause 30 of the bill states that information displayed on the surface of the card will include, among other things, the cardholder's photograph, and the cardholder's signature, and the access card number.[8]

3.22      The sections below discuss the case for these features and the concerns raised about them.

The photograph

3.23      In its written submission to the inquiry, the Australian Government stated that including a photograph on the surface of the card is essential to the integrity of the new scheme, as 'The inclusion of a photograph on the card will significantly enhance the identity security elements of the card, protecting the card owner's identity and reducing opportunities for fraud'.[9]

3.24      The Office of Access Card elaborated on this by noting that the inclusion of a photograph on the surface of the card would be essential to:

• reduce fraud;
• reduce complexity;
• increase customer convenience;
• provide a user friendly and reliable method for accessing Commonwealth benefits;
• improve access to Australian Government relief in emergency situations; and
• permit access card owners to use their access cards for such other lawful purposes as they choose.[10]

3.25      It also highlighted the importance that government agencies place on the photograph for combating fraud. The Office of Access Card provided material from the Australian Federal Police (AFP) stating that the AFP's operational experience has shown that:

...in cases of systematic and organised identity fraud, the one single feature that remains constant in offenders is their facial features. This highlights the necessity and importance of having a facial photograph...The proposed Access Card regime provides greater surety of the link between an individual and relevant entitlements through the enhanced security features, and also protects the individual. The presence of a photograph on the surface of the card provides a basic verifiable link to the person claiming the entitlement, benefit or service.[11]

3.26      The Office of Access Card further stated that:

Without a photo on the surface of the card it will always be the case that people will be able to get someone else's entitlements as photographic readers will not be available everywhere, every time.[12]

3.27      By contrast, it claimed that putting the photograph on the surface of the card will be a major deterrent to people considering defrauding the system:

KPMG has noted that it takes considerable bravado to walk into a doctor's surgery and present a card with someone else's photo on it.[13]

Concerns about including a photograph on the surface of the card

3.28      Four general arguments were presented to the Committee that raised doubt about the necessity for the photo to be on the card's surface. The following section looks at each of these in turn.

The access card as a national identity card

3.29      Any consideration of the proposal to show a personal identifier such as a person's photograph on the card's surface needs to examine the question of whether the access card might become a national identity card. Frequent references arose in evidence about the parallels between the proposal for the access card and an earlier proposal for a national identity card. This issue goes to the heart of the bill's objectives and rationale. It also goes to the heart of concerns about the privacy implications of the access card system. As such, the Committee considers that the case for constructing the card with or without certain features must be sound and properly tested.

3.30      Some witnesses and submissions suggested that the inclusion of personal information, particularly a photograph on the card's surface, represents the greatest risk of the card becoming a de facto national identity card. The Australian Privacy Foundation stated that:

... if all of that information can be read off the chip, there is no need to have it on the surface of the card for the objective of the card. By having it on the surface of the card when it is not needed for that objective, it lends the card more weight as an all-purpose ID card and means banks, Video Ezy et cetera will want to see it.[14]

3.31      Similarly, the New South Wales Council for Civil Liberties submitted that:

The Access Card will be readily capable of use as an identity card because it will carry on its face five pieces of identity information: a unique id number; a name; a date of birth; a photograph; and a signature...An id card is an undesirable thing in a free society that promoted civil liberties. It unreasonably provides to the State a tool with a range of potentially oppressive uses...The id number, photograph and signature need not appear on the face of the card. Recording them on a secure area of the chip, accessible only by authorised persons, would resolve this aspect of the proposal.[15]

3.32      The Government has given assurances that the access card is not intended as a national identity card.[16] The Committee is concerned, however, that not enough attention has been given to the practical effect of information on the surface of the card.

3.33      In this regard, the Committee has taken particular note of the Taskforce's view that:

...most Australians are eligible for Medicare, so even those who do not make regular use of Medicare services are likely to find that at some time in their lives, for example when they start a family or when they reach a certain age or degree of infirmity, they will need to access Medicare. To do so they will need an access card. To this extent, the Taskforce recognises that, at some stage, almost every Australian is likely to need an access card and as such to become a person registered in the Secure Customer Registration Service.[17] [italics added]

3.34      The Committee remains concerned that the inclusion of a biometric photograph, as well as the other information on the surface of the card, could trigger public concern about the access card becoming the preferred identity document of most Australians.  There is no comparable document issued on a national scale in Australia that contains a photo of biometric quality.

3.35      Alternative forms of identity are not likely to be considered as authoritative, for example, drivers’ licenses are issued by states rather than the Commonwealth, and the photos that appear there are of non-biometric quality. Passports are not issued on a universal basis, and their bulky size guarantees that they will not be routinely carried by most citizens.

 Semantic imprecision

3.36      The imprecise wording of key items in the bill raised further concerns that there are inadequate constraints to prevent the access card becoming an identity card.

3.37      For instance, a 'Commonwealth Benefit' is defined in the clause 5 of the bill as a 'benefit or service that:

1. is provided to an individual (whether under Commonwealth law or otherwise); and
2. is administered or delivered, wholly or partly, by a 'participating agency''.

3.38      However, the wording of this definition suggests that any concession granted by virtue of veteran or pensioner status could be deemed by the wording of this definition to be a 'Commonwealth Benefit' because one of the specified 'participating agencies' will be involved as a gatekeeper in determining eligibility for the benefit.  This could be deemed to satisfy the 'administered or delivered, wholly or partly' definition in clause 5.

3.39      The possibility of function creep may be increased by clause 7 of the bill stating that the purposes of this bill:

...are to facilitate the provision of benefits, services, programs or facilities to some or all members of the public (whether under Commonwealth law or otherwise), where that provision involves a participating agency.

3.40      The language of this clause could conceivably allow the providers of state concessions to claim inclusion in the provisions of this bill. The 'benefits, services or facilities' are to be provided to 'some or all members of the public'. The provision of these benefits is to be authorised by 'Commonwealth law, or otherwise'. As long as a participating agency is 'involved,' regardless of how peripherally, the service or benefit could be construed to come within the ambit of the bill. For example, the DVA's 'gatekeeper' role in the provision of concession status to veterans might allow public transport providers (for instance, the NSW railways) to make such a claim.

3.41      The expansion of Commonwealth benefits status to State and Territory concessions would further enhance the ubiquity of access card usage, and would materially contribute to its emergence as the dominant identity document in day to day use through out Australia.

3.42      Thus, it is argued that there is potential for the access card to evolve into an ID card if a biometric photo, signature and serial number are visible on the face of the card. However, this might contravene the government's explicit declaration in clause 6 (2) that 'access cards are not to be used as, and do not become, national identity cards'.

3.43      The Committee remains mindful of public concerns that the inclusion of a photograph on the surface of the card could lead it to become Australia's de facto ID card, and that this conflicts with the stated objectives of the bill. 

The necessity of the photograph for improved service delivery

3.44      Enhanced service delivery is one of the key objectives of the bill. The function of a photograph in this regard was noted by Professor Allan Fels during public hearings:

There would be quick recognition of them (the card holder) in dealings with the government and maybe in dealings with doctors, pharmacies and so on. It is the idea that you just hold up the card and it shows your face. If you did not have the photo on the card, I think whoever was dealing with you, the cardholder, would have to take a bit of time to look you up.[18]

3.45      However, the use of card readers to determine eligibility for services has cast doubt in some witnesses' minds on whether the photograph is necessary on the card's surface. Since readers would show the person's photograph on the card's chip, the need to have the photograph on the card's surface would not appear to be essential or mandatory. Professor Fels told the Committee:

...the big thing for them is to have a photo in the chip and on register, rather than necessarily compelling it to be on the card when there would be some people who would be strongly opposed to that and not like it and there would be others who, given the choice, would not want their photo on it.[19]

3.46      On this basis, Professor Fels concluded that it would be preferable for the inclusion of a photograph on the surface of the card to be a matter of individual choice:

...I now tend to see the idea of it being a matter of choice as having a lot of merit, almost to the point where I think a very strong case would need to be made against that before you would remove the consumer choice possibility.[20]

3.47      Similarly, the Privacy Commissioner expressed her preference that the inclusion of a photograph on the surface of the card be a matter of individual choice.[21]

3.48      However, the Office of Access Card informed the Committee that not all service providers would have card readers capable of viewing the photograph in the chip:

While the Human Services' agencies will have the capability, doctors, pharmacists, allied health professionals, specialists, hospitals and third party concession providers will not. To introduce another card reader into a doctor's surgery or a pharmacy will impose an unacceptable burden on their business.[22]

3.49      The Office's supplementary submission, received very late in the inquiry process, went on to note that the photograph on the surface of the card is central to flexible service delivery, which is important given the wide range of service delivery models which exist within Human Services, and that providing alternative photographic identification is not ideal for reasons relating to security, privacy and customer convenience.[23]

3.50      The supplementary submission further asserts that the cost of supplying photo capable readers to all service providers would be $15 million (50,000 units costing $2,500 per unit).[24] The cost of upgrading terminals to photo capable status would cost an additional $700 million.[25] The Committee was provided with no detailed information to support these cost estimates.

3.51      However, assuming that they are accurate, they do nothing to detract from the primary issue relating to the access card photograph – the inclusion of a photo on the face of the card virtually guarantees its rapid evolution into a widely accepted national form of identification.

3.52      The Committee considers that even if the costs involved are quite substantial, fiscal considerations of investment in public infrastructure (such as readers) should not necessarily trump privacy and civil liberties concerns on the question of the access card photograph.

Impact on service providers

3.53      The Committee was also told that including a photograph on the surface of the card, with the expectation that it will allow service providers to quickly verify a card holder's identity, may transfer the burden of assessing eligibility to individual service providers rather than government agencies. The Australian General Practice Network (AGPN) submitted that:

AGPN is supportive of ensuring that only eligible patients are able to access the government rebate; however the quantum of any fraud and the extent of disputes/conflict that arise on eligibility grounds will now be more prevalent in the practice. This increased scrutiny is not something that practices are currently funded for or trained to cope with, particularly as GPs do not ration care on the basis of eligible/non-eligible Medicare guidelines; rather they seek to improve the health outcomes of any person that requires treatment or advice. The proposed approach passes the responsibility of managing the physical process for checking a patient's eligibility to access an Australian Government rebate to the practice without acknowledging this in the legislation.[26]

3.54      The Committee is concerned that the AGPN's comments reflect a lack of information about the training and other assistance which will be given to service providers to manage situations involving improper use of the card.

Risks of counterfeiting

3.55      To put the question of the photograph and fraud in perspective, the Committee was concerned about the risk of the access card being counterfeited and whether including a photograph on the card may support fraudulent activity by providing an extra layer of legitimacy to false identities.

3.56      With regard to counterfeiting, one witness suggested:

...I think there are vast commercial opportunities available to a whole lot of people in shady alleys as a result of this who will be selling lovely copies of the plastic of the ID, for example, to go down to your local video store, which will not have a reader, and show them a fake version of an ID card. There are great commercial opportunities that are going to grow with that.[27]

3.57      Another witness referred the Committee to concerns expressed by government figures about the risk of counterfeiting:

In fact, at the Australian smartcard summit on 29 June 2005, the Attorney-General said that a national ID card 'could increase the risk of fraud because only one document would need to be counterfeited to establish identity'. This was supported by the Commissioner of Taxation, who warned that the access card proposal, if implemented, was likely to lead to a rise in identity theft. It is just naïve to assume from the moment that this was proposed there was not already an industry being put in place to produce its own identity cards. If the government can make it, criminals can also copy it. So it does not actually support the case that it will combat identity fraud.[28]

3.58      The Committee is concerned that a lack of information about the risk of counterfeiting, and the possibility of false identities being entrenched and widely disseminated through inclusion of photographs on the card surface, makes it difficult to judge the extent to which the bills' objective of combating fraud will be achieved.

3.59      While the access card's security features appear stronger than the current Medicare card, it cannot be assumed that it will not be vulnerable to corruption and misuse. The question of the risk of counterfeiting the access card needs to be included in any assessment of the card's impact in countering fraud.

Conclusions

3.60      The Committee concludes that decisions about information displayed on the surface of the card must be informed by the two stated major objectives of the bill: facilitation of access to health and social services, and reduction of fraud against the Commonwealth. While it is recognised that certain groups of people may also find the card to be of convenience for accessing concessions, these are ancillary issues and should not be used to justify the architecture of the access card system.

The photograph

3.61      On the basis of the evidence, the Committee has concluded the inclusion of a biometric photograph on the surface of the card increases the likelihood of the access card becoming a de facto national ID card. It is noteworthy that it may not be necessary that the photograph should appear on the surface of the card for the purpose of providing Government services if the providers have access to appropriate card readers.

3.62      The Committee notes the Department of Human Services' supplementary submission which states that there would be considerable cost involved in providing terminals capable of reading the card to agencies, doctors, pharmacies and third party providers. However, the Committee considers that the cost of investing in public infrastructure is offset by the protection of essential privacies and freedoms, and that these should be balanced appropriately. The Committee considers that the government should consider providing appropriate terminals or readers to those agencies and providers providing benefits and services to access card holders.

3.63      The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether the government consider providing appropriate terminals or readers to those agencies and providers providing benefits and services to access card holders.

The signature

3.64      The Committee does not consider that the inclusion of a digitised signature on the surface of the card is necessary to achieve the bill's two key objectives when it is also held in the card's chip and on the register. The main rationale for mandatorily including the signature (that it will facilitate identity assurance where a card holder is not present) is weakened when it is recognised that agencies providing benefits in the absence of a card holder will also have access to data in the Commonwealth's area of the chip, through which a signature on a form may be verified.

3.65      Professor Fels told the Committee that including the signature on the card would mean:

It is one more piece of centrally stored data, and one should exercise a bit of caution and be satisfied that there is a reasonable case for actually having stored somewhere millions of signatures. I think there are some reasonable arguments for making this a matter of choice.[29]

3.66      Similarly, the Committee heard the Privacy Commissioner's view that 'the individual should also be able to choose whether their photo and their signature are displayed on the face'.[30]

3.67      The Committee also noted, however, that there may be circumstances, generally relating to particular card holder groups, in which the inclusion of a signature on the surface of the access card could be helpful in verifying a card holder's identity. The Office of Access Card's supplementary submission noted that some Department of Veterans' Affairs (DVA) benefits are provided in the veteran's home, and that:

The veterans' community was particularly in strong favour of retaining the digitised signature on the surface of the card to enable the transaction of their unique benefits.[31]

3.68      In these circumstances, having a signature displayed on the surface of the card will add another element of surety to verification of a card holder's identity. The Committee considers that the best way of resolving this tension is to make the inclusion of a digitised signature on the surface of the card a matter of choice for individual card holders.

The card number

3.69      In relation to inclusion of the card number on the surface of the card, the Committee noted the evidence given by Professor Allan Fels which highlighted the relationship between having the number on the card and having a unique personal identifier, and that business methods may be adapted to privacy concerns, rather than the reverse.[32] Professor Fels told the Committee that:

We originally leant against the idea of a number being on the card, but we see much merit in the idea that it is the option of the card holder whether or not there is a number on their card.[33]

3.70      The Committee considers there is a balance to be struck between privacy protection and increased convenience, and concurs with Professor Fel's view that this is best achieved through allowing individual card holders the choice of having their number included on the card surface or not.

3.71      The Committee is aware that some Australians will choose to forego certain privacy protections in favour of the convenience offered by the access card.  It is also mindful of the fact that personal opinions on the balance of privacy versus convenience are likely to evolve over time, with individuals choosing to include or exclude different items of personal information on the card at different times.

3.72      The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether the only mandatory information displayed on the surface of the card should be the card holder's name and that other information should be at the discretion of the card holder.

The chip inside the card

3.73      A number of concerns were raised about the chip inside the proposed card. Some witnesses and submissions claimed there is a lack of clarity about the rationale for having a personal area on the chip. They were also concerned about the bill's silence on what information would be stored in the personal area and how it would be protected and managed.[34]

The personal area of the chip

3.74      In particular, concerns have been raised about the suggestion that sensitive health information may be held in the personal part of the chip and be available to health professionals in certain situations, such as emergencies. This issue was covered in a discussion paper released by the Access Card Consumer and Privacy Taskforce on 21 February 2007,[35] which favoured the inclusion of minimal necessary medical information in the chip, accompanied by a robust system of authentication and verification. The Taskforce also noted that:

To be of any use, the data must be readily and easily accessible. This means that anyone with an approved reader...will necessarily be able to view it...As such, card holders who choose to make use of this system must accept that they are putting sensitive personal information, effectively, into the public domain...[36]

3.75      This issue highlights the question of achieving a balance between protecting privacy and providing some private details which could be of vital importance in life-or-death situations.

The Commonwealth's area of the chip

3.76      Discussion of the Commonwealth's area of the chip highlighted the interface between information held there, information held on the register and information held in individual agency databases. There was concern about the data sharing arrangements between these holdings, and whether privacy would be adequately protected. This is discussed later in the section on the register.

3.77       The ability of numerous agencies and individuals to access information in the card by using the card's identifying number also raised privacy concerns. It was suggested that the use of a single identifying number by multiple agencies and individuals encourages the possibility of the card becoming a de facto national identity card, and facilitates unauthorised access to a wider range of personal information. The Privacy Commissioner told the Committee that:

This creates a situation where more than one agency can hold a common government issued identifier for a single individual. The risk here is that the ease of matching those records may in the future increase the temptation to change existing restrictions on information sharing between agencies and thus the framework for large-scale data matching could be in place.[37]

3.78      The Committee heard that a possible solution to this problem could be to store existing agency identifiers in the Commonwealth part of the chip, so that when an individual docked a card at an agency the agency number rather than the access card number would be identified. The Privacy Commissioner told the Committee that:

I believe that information that may be necessary for a particular agency to determine whether a benefit is payable to an individual should be kept in the individual's record with that agency rather than attempting to establish a central point from which identity verification and eligibility for benefits and services can be determined.[38]

3.79      The proposed arrangement would satisfy the objectives of the bill to facilitate access to health and welfare benefits, while protecting an individual's access card number and private information across different databases.[39]

Conclusions

3.80      The Committee acknowledges concerns about the lack of information in the bill regarding the personal area of the card and considers this issue must be dealt with as a priority.

3.81      In relation to sensitive health and medical information being placed on the personal area of the chip, the Committee concurs with the Access Card Consumer and Privacy Taskforce's observation that this issue highlights the balance which needs to be struck between maintaining personal privacy and making information available for the wellbeing of the card holder. The Committee concludes that the question of what information should be placed on the chip is most appropriately left to the discretion of individual card holders, in consultation with medical staff.

3.82      The Committee also notes suggestions from the Privacy Commissioner that the bill's objective of facilitating access to health and social services and welfare benefits, while protecting a card holder's personal information held in different databases, could well be achieved by storing existing agency identifiers in the Commonwealth area of the chip. The Committee supports examination of this option as a matter of priority.

3.83      The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether the Commonwealth area of the chip should store existing agency identifiers and that these numbers should be used when linking a card to a participating agency database, rather than the access card number.

The register

3.84      Personal information about access card holders will be recorded during a registration process and stored on a database known as the register. Clause 16 of the bill requires the secretary to establish and maintain the register. Clause 17 specifies the information to be stored in it.

3.85      The register will be a single database storing basic identity information – name, date of birth, citizenship or residency status and so on – including a photograph and numerical template of a person's photograph as a security and verification measure. It will also include the card holder's digitised signature if it appears on the surface of the card.

3.86      The department stated the register would not amalgamate personal information stored on other government databases, which would continue to be maintained separately by other agencies. It emphasised the register would not be a 'mega database containing health, veterans' and social service records'.[40] Instead, the register is intended to provide basic information necessary for the payment of health benefits, veterans' and social services delivered by or on behalf of the following participating agencies:

• Centrelink
• Medicare Australia
• Australian Hearing Services
• Health Services Australia Ltd
• Department of Veterans' Affairs (DVA) and
• Department of Human Services (DHS) including the Child Support Agency and CRS Australia.

3.87      The department stated the register would not include or connect to taxation records, census data or personal or financial records.[41]

3.88      The department's explanation of the reason for establishing a centralised data system indicated that this avoided the need to amalgamate data from participating agencies:

The Register is designed to sit as a secure gateway between the card and the specific agency databases. Having a centralised register with only the minimum necessary amount of customer registration data avoids the need to integrate the data of all the participating agencies.[42]

3.89      Despite these assurances, the register, along with the issue of the photo on the card's surface discussed above, is the most contentious element of the access card system. The register gives rise to the prospect of the government having unprecedented access to a single national database containing the majority of Australia's adult population's basic personal information. It is seen as presenting a major risk to personal privacy and security, not only from government agencies but also other parties with malicious intent. The Fels' Taskforce put the significance of the register into historical perspective:

No previous Australian government, even in wartime, has effectively required all its citizens to give it a physical representation of themselves, nor contemplated having this stored in one national database.[43]

3.90      In evidence to this inquiry, the main concerns about the register related to:

• the potential for the register to be used as a national identity base, by virtue of its centralisation of vital personal information for most Australians;
• access to the register, including by non-participating agencies (such as security bodies and police) and non-authorised access by either government staff or hackers;
• the amount of personal information to be stored in the register;
• the vulnerability of the register to external hacking;
• the discretion provided in the bill to the secretary and minister; and
• the absence of Parliamentary scrutiny or disallowance.

3.91      The question of access is interconnected with concerns that the register will gradually assume greater importance, leading to function creep and its growing use as an identity system. The issues of access and discretion are dealt with later in this chapter.

Personal information concerns

3.92      A major concern in evidence is that the register will store a range of private information that would leave people at risk if the information were to fall into the wrong hands. This concern relates particularly to the storage of people's addresses and proof of identity documents. Ms Versey, the acting Victorian Privacy Commissioner, pointed to the dangers this information potentially poses to people's privacy and identity:

My specific concerns are that you will now have a register where identity documents, such as birth certificates, are now copied onto the register. This makes it a very rich source for those that want to indulge in identity theft or want to take over identities...

... The less you have on the register the better. If you have a source where you not only have all this personal information but also actually have copies of the identifying documents themselves, then you have the whole person's identity all in one place.[44]

3.93      Other witnesses suggested the inclusion of proof of identity (POI) documents in the register provides the 'raw materials' for identity theft.[45]

3.94      A related concern is that, unless protected adequately, details about people's address could leave them at risk of personal harm if this information leaked out of the system.[46]

3.95      Concerns about the concentration of vital personal data in one database also tie in with fears about the security of the system in which the information is stored.

Security concerns

3.96      Several witnesses claimed the establishment of a single repository of personal information would become a target or 'honey pot' for identity fraud and privacy invasion.[47] This gave rise to fears that the vast pool of personal information in the register would be vulnerable to external hacking, on the ground that no information system is entirely secure.[48] Professor Greenleaf of the Cyberspace Law and Policy Centre summed up these concerns:

The collection together of photograph, signature and an undefined range of POI [proof of identity documents] create a system which is an exceptionally high security risk for identity fraud from unauthorised access... .[49]

3.97      The Fels' Taskforce recognised that the security of personal information held on the register is of the utmost importance, especially for gaining public confidence and trust in the access card system. Ensuring the photographic database could not be hacked was particularly important in this regard.[50]

3.98      The department's evidence indicates it has a high degree of confidence and faith in the security measures designed to protect information stored in the register. It described the register's anti-hacking architecture as using segregated or 'siloed' databases for different items of personal information:

To protect customer information, data in the access card system is not held centrally in one place. No single officer will be able to access all components of the system. The system is modular in design and comprises separate databases (i.e. Secure Customer Database, Photo Database, Biometrics System, Card Management System.) Hackers would be confronted by multiple defences – isolated separate databases protected by many different levels of security and encryption. Any attempt to hack the card would not result in access to the system or any part of the system.[51]

3.99      Even if these security measures are currently robust, it is likely that future technological advances will present both opportunities to enhance the system's security but also pose threats to it. The Committee reaffirms the view of the Fels' Taskforce that the security of the register's information should remain an ongoing priority of the department and agencies supporting it.

3.100         The Defence Signals Directorate (DSD) is providing advice on the security design of the system and will evaluate and certify its security aspects. DSD will also test the security of system both before and after the system is implemented.[52]

3.101         Professor Fels told the Committee he would be satisfied if DSD approved the system after testing it. However, he also suggested that a twin-pronged approach combining technological and legislative safeguards may be the best guarantee of the system's security.[53] The Committee examines the issue of legislative measures in the next section.

Absence of parliamentary scrutiny or disallowance

3.102         Clause 16 provides for the secretary to establish and maintain the register in any form or manner the secretary considers appropriate. The explanatory memorandum states it is proposed to keep the register in electronic form. Clause 16 (3) makes the register not a legislative instrument on the ground that it is 'administrative in character'. This means the form and manner in which the register is kept will not be subject to Parliamentary oversight or disallowance.[54]

3.103         The Office of the Victorian Privacy Commissioner encapsulated concerns over the absence of Parliamentary scrutiny or disallowance in relation to both the maintenance of the register and the information kept on it. It noted that the explanatory memorandum says the register will be kept separate from databases maintained by other participating agencies and there will be no centralised database holding all of a person's information in one place, but that the bill does not expressly prohibit this. It went on to say:

The form and manner in which the Register is to be kept will have a significant impact on the privacy interests of individuals and the necessary security and other safeguards that must be considered and established. This should be set out in legislation and prohibitions such as keeping the Register separate from other data bases expressly stated.[55]

3.104         The Fels' Taskforce was also of the view that to enhance public support for the access card scheme and win acceptance of it, decisions related to the register should be reviewable by the Parliament.[56] Professor Fels told the Committee that in considering the question of safeguards:

... I would suggest that one should err on the side of caution in this matter in terms of maximising the parliamentary review processes and appeals and so on.[57]

3.105         The Committee also notes Professor Fels' view that parliamentary oversight could complement technical measures to strengthen the security and governance of the register.

3.106         Establishing an ongoing Parliamentary role in overseeing the register would provide a channel for any community concerns to be raised and ensure transparency over the way in which the register is maintained. In this regard, it would also allow the Parliament to monitor the ongoing security of the register and provide a safeguard in the event of security problems or any expansion of the register's purpose arising. This would provide a significant measure for maintaining public confidence in the access card system.

Conclusion

3.107         The establishment of the register is a new measure of national significance with far reaching implications for the privacy and security of most Australians' personal data. It is vital that the necessary level of transparency and oversight is also established to monitor its use. The current bill does not provide these necessary mechanisms.

3.108         The legislation should provide for Parliamentary scrutiny of the maintenance of the register and review of any decisions to alter the manner and form in which it is kept or the personal information to be recorded in it. The bill should also stipulate that the register will be kept separate from other agency databases (both participating and non-participating agencies) and there will be no centralised database holding all of a person's information in one place.

3.109         The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether the form and manner in which the register is to be kept should be set out in legislation and prohibitions such as keeping the register separate from other data bases should be expressly stated.

Discretions and Delegations

Discretions

3.110         Liberty Victoria identified 29 separate discretions that are vested in the minister by the bill, which include 23 discretions vested in the secretary that are subject to ministerial direction under Clause 8 of the bill. According to that witness many of these discretions affect the operation of the Bill in fundamental ways, e.g. those permitting certain persons not to register and those affecting the information which must be provided for proof of identity, for inclusion on the register and for inclusion on the card.[58] 

3.111         It was alleged that these and other non-reviewable provisions would facilitate 'function creep' by providing for discretions in the secretary and minister to make decisions that would expand the system, but that would be not disallowable by Parliament. [59]

3.112         At a more fundamental level there is also a concern that the bill 'vests extraordinarily wide discretions in both the Minister and the Secretary of the Department of Human Services, which are tantamount to a delegation of legislative power to them'.[60]

3.113         Such statements might lead to the conclusion that the bill would grant the minister and secretary unfettered discretion in all matters.

3.114         Some discretions are to be exercised by way of legislative instruments that are disallowable. These include discretions that would allow the minister to add personal information to the register or to the Commonwealth area of the chip (Clauses 17(1)(17)(b) and 34(1)(17)(b)). The bill also requires the minister to determine guidelines that must be taken into account by the secretary when making certain decisions relating to applications and registration by way of a disallowable legislative instrument (Clause 66).

3.115         However, even these provisions are contentious. For example, the Government submitted that the secretary would not have the power to add personal information to the Register and that only the minister could do that by disallowable legislative instrument.[61]   The Cyberspace Law and Policy Centre (CLPC) argued, however, that the secretary would have power to add personal information under Clause 17(1) (12). CLPC contended that proof of identity documents dealt with in that sub-clause are personal information. The witness suggested that perhaps the secretary does not have the power under the bill to add 'new classes (in original) of personal information to the Register'.[62]

3.116         Such contentious issues aside, there remain many areas of discretion in the bill where no Parliamentary oversight or external review is provided.

3.117         The Victorian Privacy Commissioner observed, for example, that Clause 16 gives the secretary wide discretion to determine the form and manner in which the Register is kept. The Commissioner recommended that because these matters will have a significant impact on the privacy interests of individuals they should be set out in the legislation or regulations.[63]

3.118         The Australian Government Office of the Privacy Commissioner informed the Committee that the following determinations should be subject to additional oversight mechanisms, independent review, clear Ministerial direction or specific criteria, including determining:

1. what proof of identity (POI) information and documents are needed for registration (s 13(2));
2. the form or manner in which the register may be kept;
3. what information about an individual's benefit cards will be held on the register and the chip (respectively – s 17, item 7; and s 34, item 10); what proof of identity (POI) information and documents are needed for registration (s 13(2));
4. what proof of identity documents (or information about those documents) will need to be scanned and placed on the register (s 17, item 12); and
5. when applying for an access card, what 'other specified information' or documents that the secretary deems necessary: (i) to be satisfied of the applicant's identity, or (ii) to obtain information required for the card or the register (s 23(2)(b)

3.119         The Office suggested that items a), d) and e) in particular should be subject to parliamentary scrutiny.

3.120         The Office also suggested that the bill could usefully promote community confidence by including a general provision that these powers be exercised in consultation with the Privacy Commissioner. It considered that section 212(2)(a)(vi) of the recently enacted Anti-Money Laundering and Counter-Terrorism Financing Act 2006 provides a possible example of such a provision.[64] [65]

Retention of proof of identity documents

3.121         A number of witnesses were particularly concerned by one discretion provided for in the bill. This discretion enables the secretary to make determinations about the retention of proof of identity (POI) documents (subclause 17(2)).

3.122         Subclause 17(2) provides that Item 12 is not a legislative instrument and therefore not subject to Parliamentary oversight.

3.123         The Privacy Commissioner stated that:

A general principle of privacy law is that you collect information for a particular purpose and, once that purpose is no longer required, you delete your information unless there is a reason to keep it. We would suggest that, once verification has occurred, there should be no need to actually keep those scanned documents.[66]

3.124         Ms Carol Berry from the Public Interest Advocacy Centre pointed to the risks of storing POI data. She said that:

The bill also has other core problems. Copies of identity documents may be kept alongside identity information on the register, for example. The bill specifies that under clause 17, item 12, copies of documents used to prove identity may also be kept in the register. PIAC is concerned by the lack of justification for keeping copies of documents beyond their use for the purpose of verifying identity and the lack of clarity under [which] circumstances this may occur. We believe that this is an inherent risk in relation to the possibility of identity theft.[67]

3.125         The Fels' Taskforce in its first report advanced strong arguments against the retention of copies of proof of identity documents in the system and recommended that POI documents should not be scanned, copied or kept on file once those POI documents have been verified.[68]

3.126         The government agreed to try to implement the recommendation.[69] The department submitted that:

Consistent with the Australian Government response to Recommendation 20 in Report 1 of the Consumer and Privacy Taskforce, we are exploring relevant legislation (including the Archives Act) and business process with a view to establishing processes so that POI documents or copies of them are not kept once they are no longer required for verification or fraud purposes.[70]

3.127         In response to a question on notice asked by a member of the Committee, the National Archives of Australia (NAA) submitted documentation that DHS had consulted NAA about the disposal of records accumulated or created by the registration authority. The Committee has noted an observation made by NAA to the effect that it is possible for the enabling legislation to make provision for the control and ultimate disposal of documents without conflict with the Archives Act.[71]

3.128         The Committee would expect that this will be one of the options that the department will consider when trying to give effect to the Fels' Taskforce recommendation.

3.129         Of more immediate interest is the current provision in item 17(1)(12)  that the secretary may make determinations to include POI documentation in the register.

3.130         The department submitted that the secretary may make determinations to add 'technical or administrative information' to the register. Retention of proof of identity documents under 17(1)(12) apparently is considered to be an addition of 'technical and administrative information'.

3.131         The department considered the Fels' Taskforce recommendation to include 'technical and administrative information' in a legislative instrument but declined to accept the recommendation. The department argued its decision was based on the ground that much of the information relates to security matters and that 'Releasing the details of such information would provide a blueprint for hacking into the system'.[72]

3.132         The Committee has difficulty understanding how retained copies of proof of identity documents may, on the one hand, be defined as 'technical or administrative information' and yet, on the other, how the making of a secretary's determination relating to the retention of these documents would provide a 'blueprint for hacking into the system'.

3.133         The Committee considers that determinations made under item 17(1)(12) should be disallowable legislative instruments. The Committee is also of the view that proof of identity documents should be destroyed as soon as a person's identity is verified.

Delegations

3.134         The delegation of functions under the bill was a matter of great concern to some witnesses. The delegation provisions were also raised by the Senate Committee on the Scrutiny of Bills.

3.135         That committee, in Alert Digest 2/07, commented on the provisions of Subclauses 68(1), 70(1) and 71(1) that permit the minister and the secretaries of human services and veterans' affairs to delegate many of their powers and authorities to a wide group of persons. The committee noted that there was little explanation of these wide discretions in the Explanatory Memorandum and sought the minister's advice:

as to whether the various subclauses relating to delegation of power might impose some limit on the type or nature of the powers and functions which may be delegated in any particular instance, along the lines of the limitation in proposed new subsection 95A-11(2) of the Aged Care Act 1997, which requires the Aged Care Commissioner, in exercising his or her powers to delegate, to ‘have regard to the function to be performed by the delegate and the responsibilities of the APS employee to whom the function is delegated'.[73]

3.136         The Scrutiny Committee drew senators' attention to those provisions 'as they may be considered to make rights, liberties or obligations unduly dependent upon insufficiently defined administrative powers ...' [74]

3.137         The Australian Government submitted that the delegation provisions in the bill are consistent with the usual delegation provisions in Commonwealth legislation,[75] but that the Office of the Access Card was currently undertaking consultations before finalising the policy with respect to delegations.[76]

3.138         It is not clear to the Committee what the latter statement means. Is the Government reconsidering the provisions relating to delegations or is it merely consulting on how the provisions are to be effected? 

3.139         The Committee would expect in the light of community concerns and particularly the concerns of the Senate Scrutiny of Bills Committee that the Government will revisit the whole matter of the delegations provided for in the bill.

Conclusions

3.140         The Committee has concluded that public and parliamentary confidence in the Access Card would be enhanced if more legislative provision were made for Parliamentary and other external review (such as the Senate Standing Committee on Regulations and Ordinances), especially of the bill's more contentious elements. The suggestions made by the Privacy Commissioner in that regard about this bill would be of particular value. This would require that the bill be amended appropriately.

3.141         The wide-ranging delegations provided for in the bill are also an issue that should be addressed by the Government in this legislation, particularly in the light of the Scrutiny of Bills Committee's concerns.

3.142         The Committee understands that at least some of the matters relating to the discretions provided for in the bill have been considered in the Consumer and Privacy Taskforce's discussion paper on registration that has only very recently been provided to the minister.[77]

3.143         The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether the following determinations should be made by way of legislation or disallowable legislative instrument:

1. what proof of identity (POI) information and documents are needed for registration (clause 13(2));
2. what proof of identity documents (or information about those documents) will need to be scanned and placed on the register (clause 17, item 12); and
3. when applying for an access card, what 'other specified information' or documents that the secretary deems necessary: (i) to be satisfied of the applicant's identity, or (ii) to obtain information required for the card or the register (clause 23(2)(b)).

Administrative review

3.144         There are no provisions in the bill for the administrative review of decisions.

3.145         This matter was raised in the Scrutiny of Bills Committee's Alert Digest referred to earlier in this section of the report. The committee drew senators' attention to the fact that the absence of appeal rights in the bill might make rights, liberties or obligations unduly dependent on non-reviewable decisions.

3.146         The Government has stated in the Explanatory Memorandum that the bill does not provide any express administrative review mechanisms and that these mechanisms will be included (together with several other matters, including privacy issues and governance) 'in the second tranche of legislation'.

3.147         The Government has given an undertaking that:

Appeal rights will not be diminished and will be consistent with those in place for existing cards and entitlements. The form of that review mechanism will be the subject of advice from the Taskforce.[78]

3.148         The Scrutiny of Bills Committee has sought the minister's advice as to whether appeal rights could be included in this bill, together with the decision-making powers. [79]

Conclusions

3.149         No doubt the minister will respond promptly to the concerns of the Scrutiny of Bills committee. In framing those provisions the Government should be mindful that this is an issue of great concern to many in the community.

Access

3.150         Many witnesses were concerned about the matter of who would have access to the Register and to the card.

3.151         The Public Interest Advocacy Centre (PIAC), for example, submitted that it is unclear who would have access to the database that is being created as a core part of the scheme.[80]  The Victorian Privacy Commissioner stated that the bill is silent as to who will be able to access or use information on the Register, and for what purpose.[81] 

3.152         Both witnesses considered that the question of access should be explicit in the legislation. PIAC proposed that the issue of access should be addressed in the principal legislation rather than in subordinate regulations.[82]  The Victorian Privacy Commissioner recommended that the bill should address who has access to the information on the Register, and for what purpose and stated that, 'The Bill should not be passed without addressing this issue'.[83]

3.153         The Government stated that:

Only authorised people will be permitted access to your information and they will have access only to those fields of information that they need to deliver health benefits and veterans' social services to you. Transactions involving the card will be securely logged, including access, authentication and the specific details of the transaction. All logs will be analysed constantly for anomalous behaviour. [84]

3.154         The Government informed the Committee that it had been suggested in some submissions to the exposure draft of the bill that the definition of 'authorised persons' needed clarification and that the category of Commonwealth officers who could be authorised was too broad. The Government had responded to those concerns by providing that Commonwealth officers from non-participating agencies must be in an agency listed in the regulations.[85]

Authorised persons

3.155         The term 'authorised person' is defined in Clause 72. That clause provides that the Secretary may, in writing, appoint:

1. a Commonwealth officer in a participating agency: or
2. a Commonwealth officer prescribed by the regulations; or
3. an individual prescribed by regulations;

to be an authorised person for the purposes of a specified provision of this Act in which the expression 'authorised officer' occurs

3.156         The 'participating agencies' are specified in Clause 5 and are;

• The Department of Human Services
• The Department of Veterans Affairs
• The Chief Executive Officer of Medicare Australia
• The Chief Executive Officer of Centrelink
• Australian Hearing Services
• Health Services Australia Limited

Participating agencies

3.157         If the Access Card is to meet its objective of improving access to Government benefits, it is obviously necessary that employees of the participating agencies must have access. There are concerns, however, that other agencies, especially those with investigative functions, such as the Australian Taxation Office, may have access to the Register.

3.158         It is clear from Clause 72 that this would require that a disallowable regulation be tabled in the Parliament. However, an amendment to the legislation to appoint additional participating agencies would be a much more transparent and positive process.

Conclusions

3.159         The Committee would prefer that all proposals to add additional participating agencies and to appoint other organisations and individuals as authorised persons should be by way of legislation, rather than by regulation. It considers that the current provision to make appointments by way of disallowable regulations in most cases may represent a reasonable compromise between the need for parliamentary accountability and the administrative and legislative load that could be involved if all appointments were to be made by legislation.

3.160         Nevertheless, given the apparent high levels of community concern and the fact that the access card is not an identity card, proposals to appoint any additional participating agencies should be made by way of legislation.

3.161         An interesting issue that arose during the inquiry was the desire of the Australian Federal Police (AFP) to have investigating officers exempted from the offence provision in Clause 57 that prohibits unauthorised persons from copying the information or imaging the card.[86]  If the AFP were to be given a specific exemption or if the AFP were to be appointed a participating agency, that should be done by way of legislation.

3.162         The Committee considers that the government should take the following matter into consideration when drafting the consolidated bill:

Whether any proposals to appoint additional participating agencies should be made through legislative amendment of the principal act.

Access to information on the chip

3.163         DHS informed the Committee that access to information on the Commonwealth's areas of the chip will be as follows:

1. approved Department of Human Services (DHS) and Department of Veterans' Affairs (DVA) officers and officers of agents issuing the access card. DHS and DVA will use secure terminals operated in a secure environment by approved officers.
2. Pharmacists and general practitioners will use secure terminals to access limited information. That information is expected to be limited to the person's name, concession status and Medicare number. Software controlling the card readers will be used to customise and limit the information which can be seen on a need to know basis.
3. Third party concession providers will use readers that will only reveal concessional status.[87]

3.164         It has not yet been decided what information will be included in the consumer area of the chip. Nor has a decision been made about how any such information may be viewed or updated. According to DHS:

Procedures for viewing and updating of information in the consumer area of the chip are the subject of separate consultations being conducted by the Consumer and Privacy Taskforce.[88]

3.165         This once again highlights the inadequacy of the piecemeal nature of the legislative process of this bill.

Law enforcement and national security agencies

3.166         The question of access for law enforcement and security agencies was pursued during the inquiry.

3.167         The AFP currently has access to DHS databases and other information held by Commonwealth agencies under certain legislative conditions and under certain defined conditions may not require a warrant to access that information. The Australian Security Intelligence Organisation (ASIO) may also gain access to the current databases without a warrant, but apparently may do so only at the discretion of the secretary. In a supplementary submission, DHS confirmed oral evidence given at previous Senate committee hearings that:

... ASIO may ask DHS for information from the access card Register. DHS has the discretion to give or not give that information to ASIO. If DHS does not give that information to ASIO, ASIO can only compel DHS to give that information to it in accordance with a search warrant issued pursuant to the ASIO Act 1979.

The Director-General of Security has already outlined ... the significant safeguards and accountability mechanisms to which ASIO is subject. [89]

3.168         Ms Scott, Secretary of the Department of Human Services, informed the Committee that in the past two and a half years she had only on one occasion refused a request from a law enforcement agency for access to information, apparently because the request was not sufficiently defined.[90]

3.169         Professor Fels suggested that AFP and ASIO access to the register should be set up in the access card legislation if possible, rather than relying on other acts.

Conclusion

3.170         The Committee considers that access to a single database covering the great majority of the Australian population, complete with biometric data, would no doubt greatly facilitate the work of the law enforcement and security agencies. Whether this would necessarily be compatible with the government's stated objectives for this legislation is another question.

3.171         The Committee has also concluded that the Secretary of the Department of Human Services should report on the exercise of discretion in relation to the access requests made by the law enforcement and security agencies. This could perhaps be done in the department's annual report in such a way as not to compromise any operational matters or matters of national security.

3.172         The Committee saw value in the Professor Fel's suggestion that access for the law-enforcement and security agencies should be set out in the access card legislation, rather than in other acts.

3.173         The Committee considers that the government should take the following matters into consideration when drafting the consolidated bill:

Whether access of law enforcement and security agencies to the information in the register should be specified in the access card legislation; and

Whether any exercise of discretion by the secretary of DHS to grant law enforcement or security agencies access to the register should be reported to the Parliament, perhaps in the agency's annual report in such a way as not to compromise operational matters or national security.

Individuals prescribed by regulations

3.174         Providers of services such as medical practitioners will require access to sufficient information on the card to enable them to provide a service for which people may claim a Government benefit. Presumably the secretary will seek to appoint medical practitioners and pharmacists as a class of 'authorised persons'.

3.175         The Committee understands that these individuals would have access only to those features on the card that would be required to perform a service, such as a GP consultation, and that the system would employ a range of technological protections.[91] Given that DHS expects that there will be 50,000 terminals,[92]  the scheme's success will rely heavily on the choice and application of robust and appropriate technology to ensure that these protections are delivered.

Offences

3.176         In the little time that the Committee had to consider this bill, it was not possible to cover all the issues raised in the evidence concerning the penalties that would be imposed by this legislation. The following comments relate mainly to the penalties imposed by Part 4, Division 2 – Offences for requiring production of an access card, and to an issue relating to Clause 57 – Unauthorised copying.

Clauses 45 and 46

3.177         According to the Explanatory Memorandum a major objective of the Government's policy is that access cards are not to be used as national identity cards and for that reason, Clause 45 makes it an offence for persons intentionally to require a card holder to produce the card for identification purposes. Clause 46 prohibits persons from intentionally requiring a card holder to produce his or her card as a pre-condition to the supply of goods or services.[93]

3.178         A matter of concern to some witnesses was that these provisions could be breached through ignorance because many people are accustomed to demanding proof of identity, for example, to verify that certain people are entitled to concessions. It was suggested that this could lead to so many breaches of the offences provisions as to bring the entire Act into disrepute. Another issue that concerned some witnesses is that it might be difficult to bring successful prosecutions under these provisions. [94]

3.179         The privacy guarantees included in the bill are well intentioned, but the Committee is of the view that there are serious questions about their efficacy in practice. In fact, some of these provisions could, in fact, militate towards the repeal of the very privacy provisions that they are intended to protect.

3.180         The Committee is concerned about the possibility that clauses 45 and 46 could become dead letter law because they impose draconian penalties on behaviour that is both rational and morally harmless.  These provisions of the bill will criminalise behaviour that is an almost inevitable consequence of this same legislation. It is logically questionable for the government to create a document that can serve perfectly as a high quality identity document, and then to penalise those in the private sector who would want to use it for precisely that purpose.

3.181         It will be entirely logical for persons whose job entails requiring proof of identity to prefer the most authoritative and high quality document possible. So from nightclub bouncer to airline check-in clerk, the temptation to ask for the access card as a form of ID will only be exceeded by the willingness of individual Australian citizens to produce that same document in the face of such a request. The government provides no compelling explanation for the argument that requiring a drivers’ licence as proof of identity should be legitimate, while requiring an access card as proof of identity should be punishable by 5 years imprisonment.

3.182         The Committee is concerned about the likelihood that this provision will become widely ignored in practice. This prediction is supported by evidence from NSW, where it is illegal to require a state drivers’ licence as proof of identity.[95]  This law has routinely been ignored throughout NSW since its enactment with only three charges having been brought from 1993 to 2005.[96]

3.183          Thus it is easy to envisage the following scenario: after almost universal registration for the access card, clauses 45 and 46 will be demonstrated to be both ineffective and excessively punitive.  There will be widespread pressure on the government from a business community that is highly dependent upon reliable identification documents to repeal the dead letter, draconian prohibition against requiring the access card for that purpose. In fact, even before the bill has been enacted into law, the Australian Bankers Association argued for the deletion of clauses 45 and 46 during testimony at the Committee’s hearings in Melbourne.[97] Some would argue that the removal of these clauses would eliminate the final obstacle to the access card becoming a de facto national identification card.

3.184         The Government has responded that when the card is introduced there will be a publicity or education campaign that will inform people of these provisions.[98]  On the second issue identified above, Dr Karl Alderson, an Assistant Secretary in the Attorney-General's Department, stated that some Commonwealth criminal offences are never or rarely prosecuted but still perform a very important role, for the following reasons:

Firstly, they act as a clear statement of what people’s rights and obligations are so that it is clearly set out and people know where they stand and know what they must do.

Secondly, for those tempted not to comply, the severe criminal penalties are designed to act as a deterrent so that people are conscious of how serious the consequences of a breach would be.[99]

3.185         Dr Alderson asserted that the offences provisions in the bill had been drafted to make it possible to effectively prosecute. [100]

Clause 57

3.186         The Australian Federal Police (AFP) informed the Committee that the AFP is concerned about the offence provision in clause 57, which would make it an offence for an unauthorised person to copy or record information from the card. It was claimed that without the ability of law enforcement officers to copy information or image the card itself, intelligence analysis and investigative activity could be significantly impeded.

3.187         It is the AFP's position that law enforcement staff need to be specifically excluded from this offence provision when carrying out law enforcement functions.

Conclusions

3.188         The Committee understands that many of the offence provisions in the bill have been inserted in an attempt to ensure that the access card does not become a national identity card. Whether these provisions will have that effect cannot now be known, but much of the evidence suggested that the card will be widely used by people to establish their identity.

3.189         The Committee considers that the provisions of Clauses 45 and 46 are consistent with the bill's stated object that access cards are not to be used as, and do not become, national identity cards, and they are not objectionable. However, the Committee considers that in all probability these provisions will be ignored in practice and will become dead letter law. If so, they will not operate as the Government intends and will not be an obstacle to the access card becoming a national identity card.

3.190         As regards the request that AFP investigators should be exempt from the provisions of Section 57, the Committee notes that the bill does not provide for this. If the Government were minded to meet the request, the Committee repeats its earlier conclusion that this should be done by way of legislation.

Issues not considered

3.191         The Committee has listed below a number of issues of concern to which, due to time constraints, it has been unable to give adequate consideration:

• Whether the Privacy Act provides adequate protection in relation to the proposed access card system;
• Tensions between this bill and other Commonwealth legislation, particularly the new anti-money laundering legislation;
• Tensions between this bill and state and territory legislation and benefits regimes;
• The adequacy of fraud estimates;
• Function creep in relation to State and Territory benefits and commercial or financial uses of the card;
• Implications of the access card regime for young people and youth services;
• Technical issues, particularly the extent to which necessary technology is available in Australia, the interaction of different agency datasets and ownership and management of the new dataset if this is contracted out as proposed;
• Implications for specific groups in society, particularly people who are blind or vision-impaired, indigenous people and women; and
• More detailed information on the proposed offences and penalties associated with the access card proposal, particularly the disproportionate nature of proposed penalties compared with current penalties for similar offences.

Conclusion

3.192         In the little time the Committee has had to consider the bill, a number of matters of concern have arisen. Furthermore, important measures that need to be taken into account including protections, appeals and review mechanisms are to be considered in a second tranche of legislation. The Committee has concluded that it is not possible to assess the proposed access card system in the absence of these safeguards and other measures. The Committee considers that the bill needs to be combined with the second tranche of legislation into a consolidated bill to allow proper consideration of the access card proposal.

Recommendation 1

3.193         The Committee recommends that the bill be combined with the proposed second tranche of legislation for the access card system into a consolidated bill.

Matters to be taken into account

3.194         In the process of drafting a consolidated bill for the access card system, the Committee would expect the following matters to be considered:

• Whether the government should consider providing appropriate terminals or readers to those agencies and providers providing benefits and services to access card holders.
• Whether the only mandatory information displayed on the surface of the card should be the card holder's name and that other information should be at the discretion of the card holder.
• Whether the Commonwealth area of the chip should store existing agency identifiers and that these numbers should be used when linking a card to a participating agency database, rather than the access card number.
• Whether the form and manner in which the register is to be kept should be set out in legislation and prohibitions such as keeping the register separate from other data bases should be expressly stated.
• Whether the following determinations should be made by way of legislation or disallowable legislative instrument:
• what proof of identity (POI) information and documents are needed for registration (clause 13(2));
• what proof of identity documents (or information about those documents) will need to be scanned and placed on the register (clause 17, item 12); and
• when applying for an access card, what 'other specified information' or documents that the secretary deems necessary: (i) to be satisfied of the applicant's identity, or (ii) to obtain information required for the card or the register (clause 23(2)(b).
• Whether any proposals to appoint additional participating agencies should be made through legislative amendment of the principal act.
• Whether access of law enforcement and security agencies to the information in the register should be specified in the access card legislation.
• Whether any exercise of discretion by the secretary of DHS to grant law enforcement or security agencies access to the register should be reported to the Parliament, perhaps in the agency's annual report in such a way as not to compromise operational matters or national security.

3.195         The matters to be taken into account listed above will be reassessed in the event of the Committee's examination of a consolidated bill.

 

Senator Brett Mason
Chair

Navigation: Previous Page | Contents | Next Page