Privacy chief calls for identity management debate

Outgoing privacy chief Malcolm Crompton has called for Australia to have a debate on identity management, and finally put to bed the Australia Card debate.

The Australia Card proposal -- which comprised of a compulsory national ID card -- was drafted in the 1980s and supported by then Prime Minister, Bob Hawke, as a part of a Federal Government campaign to curb widespread tax evasion and tax avoidance. It was met by public outrage and was eventually abandoned in 1987.

In one of his last addresses as Federal Privacy Commissioner, Crompton explained how objections to the controversial Australia Card had suppressed debate on the identity issue for 15 years.

"We need a debate about identity management in Australia," Crompton said. "But, we also need to finally put the scissors through the Australia Card. The Australia Card debate has been had. It's over. It's dead. I'm not talking about reviving the Australia Card debate.

"We should never again let the Australia Card debate so quash the discussion of identity management in Australia that we now have this immense pent up pressure. We must address the issues in a modern, mature way that leave us with the kind of society we want to live in," he said.

While Crompton pointed out the inherent privacy dangers posed by certain approaches to identity management, such as poor implementations of biometrics, his overall message was identity management technologies, when implemented correctly, could be a way to secure Australians' privacy in the information age.
 
"Identity management is the big next push in response to fraud and theft," he said.

"As Privacy Commissioner I am saying it is time to review the debate on identity management in Australia. Given that the Privacy Office was created out of the Australia Card debacle to stop anything like that happening again it is of note that the Privacy Commissioner is standing up and saying 'we must have an identity management debate'. The corollary of that is the Privacy Commissioner is also saying this solution is not a one number per person solution. It has to be cleverer than that."

According to Crompton, the problem with one number per person identification is it presents the "Fort Knox" problem, whereby locking up all the world's gold in one place, Fort Knox, only results in increasing the incentive to successfully break into it. "If we come up with a one number per person solution or any other poorly designed solution, that's what we create -- the Fort Knox gold. You can't eliminate the risk, you can only relocate the risk and collocate the risk so the problem becomes like the nuclear power station where, if it goes wrong, it seriously goes wrong."

Instead, the privacy chief claimed identity management requires a multilayered approach. To this end Crompton advised organisations considering identity management systems to ensure these structures include a combination of law, technology, and accountability. In addition, the Privacy Office has developed a framework to assist all organisations that are considering identity management projects, available on its website.