Proposed laws to allow the federal government’s planned facial biometrics matching scheme have been rejected by the bipartisan Parliamentary Joint Committee on Intelligence and Security.
In a blow to the government's controversial plans to expand the use of facial recognition to curb identity crime, the powerful committee on Thursday said [pdf] that the Identity-matching Services Bill 2019 (ISM) should be redrafted to address privacy and transparency concerns.
The bill was intended to pave the way for the creation of a national facial biometrics matching database first agreed to by federal, state and territory leaders in October 2017.
The capability, which consists of a national driver's licence facial recognition solution (NDLFRS) and interoperability hub, aims to allow law enforcement agencies to share and access identity information in real-time.
Both are under development by the Department of Home Affairs, although some states have already begun uploading driver’s licence data to a system that will eventually interface with the NDLFRS.
The bill would also allow authorised agencies to use the government’s facial verification service (FVS) and facial identification service (FIS) to share and match facial images in existing databases to “identify unknown persons, and detect people using multiple fraudulent identities”.
Despite supporting the aims of the bill, the committee was left unconvinced by the architecture of the identity-matching services, which it noted was largely “left to Access and Participation Agreements or the practices of data holding agencies”.
“The bill sets out a minimum framework for a regime that will allow the legal use of the identity-matching-services,” the report states.
“However, a citizen should be able to read a piece of legislation and know what that legislation authorises and what rights and responsibilities the citizen has in relation to that legislation.
“This is especially important in the case of the IMS bill which has the potential to affect the majority of the Australian population."
It said that the lack of detail in the IMS bill also prompted privacy concerns by those who submitted to the inquiry.
The committee has recommended, rather vaguely, that “the regime should be built around privacy, transparency and subject to robust safeguards”, with annual reporting on the use of the identity-matching services.
Any redrafted bill should also be “subject to parliamentary oversight and reasonable, proportionate and transparent functionality”, the committee said.
Establishing agreements with all parties participating in the regime – a key tenet of the original agreement back in October 2017 – was also recommended.
The agreements would “set out the respective roles, rights and obligations of all agencies in relation to their participation in access to and use of the identity-matching services”.
Once these recommendations have been address, the revised ISM bill should be “referred to the committee for future review”.
The committee has also recommended that the complementary Australian Passports Amendment (Identity-Matching Services) Bill, which would make Australian travel documents available to the identity matching service, be amended.
This, it said, was to “ensure that automated decision can only be used for decisions that produce favourable or neutral outcomes for the subject,” and that such decisions would not negatively affect a person’s legal rights or obligations, and would not generate a reason to seek review”.
The committee has also recommended that the bill “not proceed” until the review of the revised version of the Identity-matching Services Bill 2019 is completed, and that any revised bill also be “referred to the committee for further review”.
The government had hoped to have the two pieces of legislation in place by the end of last year after first introducing it in February 2018.
After lapsing at the close of Parliament ahead of the May election, the bill was reintroduced and referred to the committee in July 2019.