The Australian Government's identity catch-all

The Gillard Government has, by cunning and scope creep, managed to put the final pieces in place to develop a citizen identity system as powerful as the Australia Card proposal of the 1980s.

The Australia Card, a unique identifier for Australian citizens for all their dealings with government, was abandoned after successive defeats in the Senate in 1987.

For 25 years, successive Australian Governments have attempted similar schemes under different names, usually without success.

The latest flavour kicked off in 2005, when the Howard Government commissioned the development of an online service that Federal Government agencies could use to check the validity of identifying documents (passports, drivers licenses, birth certificates) etc.

It was to be called the ‘Document Verification Service’, and it took over five years and $25 million to build.

The DVS was to form the backend system for what the Howard Government dubbed the ‘Human Services Access Card’.

But the concept of a card as a unique identified proved unpopular, even among members of the ruling government.

The Labor Party - in Opposition at the time - announced the project would be scrapped should it enter office. Tanya Plibersek – now Australia’s Health Minister - promised voters that under a Labor government, there would be “no super-database that contains all the information about a person”.

But although the concept of a plastic card was put on the scrapheap, the system that underpinned the project lived on. By mid-2011, all state and territory governments were signed up to use the DVS, while the Attorney General’s Department sought out private sector partners – with banks and telcos the initial targets.

Attorney-General Nicola Roxon announced in the 2011/12 Budget that the Australian Government would spend $7.5 million over three years from 2013-14 to extend the DVS to the private sector.

The Government claimed this would reduce the incidence of identity fraud and improve the integrity of consumer identification used by the banking and finance, telecommunications, aviation and maritime security industries.

The program’s rollout would be funded by transaction fees, with the Government expecting DVS transaction revenue to earn $6.9 million over three years from 2013-14.

The anti-terror catch-all

The average Australian citizen – even those reading Budget papers – could not have known the extent to which this extension of the DVS would now represent a truly national identification system.

But documents released under Freedom of Information late last month have revealed that over 17,000 organisations – mostly private sector businesses - have a legal obligation to verify the identity of their customers or clients under adjacent laws and are thus obliged to use the service.

The prospect of 17,000 large corporations, Federal and State Government departments all using the same identity system could conceivably achieve what Australia Cards of the past could not.

Roger Clarke, chairman of the Australian Privacy Foundation argues that the extension of the DVS to the private sector is essentially the establishing of another Australia Card.

“They are deploying a system for one purpose for which it was not envisaged,” Clarke told iTnews.

“They are just trying to build a massive web, multi-purposing data and turning things that are no part of identification databases into part of a macro identification database.

“That is dangerous for citizens. It creates too much power in the hands of the bureaucracy.

"It ties bureaucracy to the private sector that have a major influence on people’s lives - the financial sector, telecommunications and transport when crossing borders.”

A representative from the Attorney-General’s Department told iTnews the DVS was designed to be “privacy enhancing”. 

“By providing a fast, easy means of verifying evidence of identity information with official record holders, [the DVS] reduces the need for organisations to store those details,” the representative said.

The system today processes an average of 100,000 transactions a month, each in under six seconds.

The Government expects to have processed one million transactions by the end of this year, with several new Government users coming online in 2013 and strong Government use growth into the following years before businesses come onboard.

According to the Attorney-General's spokesperson, businesses will be offered the same service as Government users - a non-disclosure system which secures an individual's “informed consent” for a credential to be checked, thereby enhancing both privacy and identity security.

But Clarke questions whether there is consent at all, as financial institutions and telecommunications have been forced by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and other legislation to authenticate their customers. 

“The talk of 'consent' is a complete furphy,” he said.

Indeed, even the Attorney General’s office conceded in responding to iTnews that “the service will be provided to businesses on the basis that they are undertaking legislatively required identification process.”

No public consultation

The Attorney General’s Department claims that it has been transparent about its motives when extending the DVS to the private sector.

The Department commissioned former Australian Privacy Commissioner Malcolm Crompton — now managing director of Information Integrity Solutions — to conduct a Privacy Impact Analysis (PIA), which was dated July 20, 2012 but released un-redacted under FoI in mid-October.

Clarke said he was furious that the PIA was conducted in secret - between October 2011 and July 2012 - without any community consultation.

“No consultations took place with civil society,” Clarke said. “The PIA Report was finalised in July 2012, and suppressed.”

Indeed, the PIA report states that there was inadequate time for “external stakeholder consultation” to complete the analysis.