Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Identity-matching Services Bill 2018

Bill home page  


Download WordDownload Word


Download PDFDownload PDF

 

 

2016-2017-2018

 

 

THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA

 

 

HOUSE OF REPRESENTATIVES

 

 

Identity-matching services BILL 2018

 

 

EXPLANATORY MEMORANDUM

 

 

 

(Circulated by authority of the Minister for Home Affairs and

the Minister for Immigration and Border Protection, the Hon Peter Dutton MP)

 

                                                                                                                                  



 

identity-matching services BILL 2018

Outline

1.                 The Identity-matching Services Bill 2018 (the Bill) will facilitate the secure, automated and accountable exchange of identity information between the Commonwealth and state and territory governments, pursuant to the objectives of the Intergovernmental Agreement on Identity Matching Services (IGA), agreed by COAG in October 2017. The Bill will achieve this by providing explicit legal authority for the Department of Home Affairs (Home Affairs) to collect, use and disclose identification information in order to operate the technical systems that will facilitate the identity-matching services envisaged by the IGA.

2.                 Under the IGA, the Commonwealth and all states and territories agreed to preserve or introduce legislation to support the collection, use and disclosure of facial images and related identity information between the parties, via a set of identity-matching services, for the following purposes:

·          Preventing identity crime

·          General law enforcement

·          National security

·          Protective security

·          Community safety

·          Road safety, and

·          Identity verification.

3.                 The identity-matching services will be delivered via the interoperability hub that the Bill will authorise Home Affairs to operate. The interoperability hub facilitates data-sharing between agencies on a query and response basis, without storing any personal information. Passport, visa and citizenship images will continue to be held by the Commonwealth agencies that issue these documents, and that already have facial recognition systems.

4.                 Driver licence images will be made available by the establishment of a National Driver Licence Facial Recognition Solution (NDLFRS), hosted by the Commonwealth on behalf of the states and territories in accordance with the IGA. The NDLFRS will consist of a federated database of identification information contained in government identification documents (initially driver licences) issued by state and territory authorities, and a facial recognition system for biometric comparison of facial images against facial images in the database.

5.                 The Bill will define the scope of the identity-matching services, including their functions, types of information they may use, the types of organisations that may use the services and the purposes for which they can be used. It will authorise Home Affairs to collect, use and disclose identity information for the purpose of developing, operating and maintaining the interoperability hub and the NDLFRS, and provide for accountability and transparency measures including annual reporting, a statutory review and penalties for unauthorised recording or disclosure of information.

6.                 Whilst the Bill provides an explicit legal basis for the provision of the identity-matching services by Home Affairs, it does not create additional authorisations for other agencies or organisations to collect, use, or disclose information. The Bill is one part of a broader legislative framework that will authorise the operation of the services, which also includes existing legislation that agencies already rely on to collect, use and disclose identification information for various purposes.

7.                 The Bill is consistent with, and helps to implement the objectives of, the National Identity Security Strategy (NISS). The NISS was first established by the Intergovernmental Agreement to a National Identity Security Strategy , agreed by COAG in 2007. The overall objective of the NISS is for the Commonwealth, states and territories to work collaboratively to enhance national security, combat crime and increase service delivery opportunities through nationally consistent processes for enrolling, securing, verifying and authenticating identities and identity credentials.

8.                 The identity-matching services established by this Bill will help to strengthen the integrity and security of Australia’s identity infrastructure—the identity management systems of government agencies that issue Australia’s core identity documents such as driver licences and passports. These systems play an important role in preventing identity crime, which is one of the most common and costly crimes in Australia and a key enabler of serious and organised crime, including terrorism.

9.                 Identity crime is also a threat to privacy when it involves the theft or assumption of the identity of an individual. The misuse of personal information for criminal purposes causes substantial harm to the economy and individuals each year. The Identity Crime and Misuse in Australia Report 2016 prepared by the Attorney-General's Department, in conjunction with the Australian Institute of Criminology, indicated that identity crime impacts around 1 in 20 Australians every year (and around l in 5 Australians throughout their lifetime), with an estimated annual cost of over $2.2 billion.

10.             In addition to financial losses, the consequences experienced by victims of identity crime can include mental health impacts, wrongful arrest, and significant emotional distress when attempting to restore a compromised identity.

11.             Identity crime is aided by the growing sophistication of criminal syndicates and the technology now able to support them. While Government agencies can already verify biographic information on identity documents, such as driver licences and passports, by using the Document Verification Service (DVS), name-based checking tools such as the DVS cannot detect when a fraudulent photo is used with otherwise legitimate details on identity documents, or assist in identifying an unknown person from a facial image.

12.             Current image-based methods of identifying an unknown person can also be slow, difficult to audit, and often involve manual tasking between requesting agencies and data holding agencies, sometimes taking several days or longer to process. This impedes the ability of government agencies to identify a person of interest quickly. The identity-matching services will streamline these processes by providing authorised agencies with the means to rapidly share and match facial images drawn from existing databases in order to identify unknown persons, and detect people using multiple fraudulent identities.

13.             Beyond the national security and law enforcement benefits, using facial biometrics can make government and private sector services more accessible and convenient to citizens. This supports the Digital Transformation Agenda and can offer significant cost savings and greater identity assurance for private sector entities seeking to comply with anti-money laundering and counter-terrorism financing regulations. In reducing the scope, severity and frequency of incidents, by improving both the ability of agencies to detect, deter and disrupt identity crimes and the standard of identification documents used in the community more broadly, the identity-matching services will help to mitigate the impact of the ‘black economy’ and make it more difficult to use fraudulent identities to avoid legitimate taxation and other financial obligations.

14.             The identity-matching services could also benefit victims of natural disasters who are seeking access to support, including those who have lost their identity documents.  By checking the person’s photo against a passport or driver licence image, government agencies could assist individuals to verify their identity in order to receive disaster relief payments, and assist them in replacing their lost or damaged government documents.

15.             The identity-matching services will also make it harder for persons to avoid traffic fines, demerit points or licence cancellations by acquiring a false driver licence or fraudulently obtaining multiple licences across multiple jurisdictions. This will improve road safety by increasing the detection and prosecution of these offences and deterring dangerous driving behaviour.

16.             The specific identity-matching services set out in the Bill are as follows:

·          the Face Verification Service (FVS), which allows government agencies and private sector organisations to verify a known or claimed identity

·          the Face Identification Service (FIS), which allows law enforcement, intelligence and anti-corruption agencies to identify an unknown person

·          the One Person One Licence Service (OPOLS), which will allow state and territory agencies to detect cases where a person may hold multiple driver or other licences or fraudulent identities across jurisdictions

·          the Facial Recognition Analysis Utility Service (FRAUS), which will allow state and territory agencies to assess the accuracy and quality of their data holdings, and

·          the Identity Data Sharing Service (IDSS), which will allow for the secure sharing of biometric identity information between Commonwealth, state and territory agencies.

17.             By strengthening the legal basis for Home Affairs to deliver identity-matching services through the interoperability hub and the NDLFRS, the Bill will support the Commonwealth to meet its obligations under the IGA to deliver fast, secure identity-matching services. The services will help to minimise the harms caused by identity crime, and improve Australia’s national security, law enforcement, community safety and road safety capabilities. 

FINANCIAL IMPACT

The Bill does not propose any new expenditure and the overall financial impact is low.

STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS

A statement of compatibility with human rights has been prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 and is at Attachment A .



IDENTITY-MATCHING SERVICES BILL 2018

NOTES ON CLAUSES

Part 1 - Preliminary

Division 1 - Preliminary

Clause 1 - Short title

1.                    This clause provides for the short title of the Act to be the Identity-matching Services Act 2018 .

Clause 2 - Commencement

2.                    This clause provides for the commencement of each provision in the Bill, as set out in the table. Item 1 in the table provides that the whole of the Bill will commence on the day after the Bill receives the Royal Assent.

Clause 3 - Simplified outline of the Bill

3.                    This clause provides a simplified outline of the Bill. The simplified outline explains that the Bill will allow the Secretary of the Department to develop and operate the interoperability hub for requesting and providing identity-matching services, and the NDLFRS to provide identity-matching services involving identification information contributed by state and territory authorities. 

4.                    The Bill also authorises the Department to collect, use and disclose identification information through the interoperability hub and NDLFRS for identity and community protection activities and other purposes.

5.                    The simplified outline also explains what identity-matching services are, and refers to the purposes for which they can be used and the accountability and transparency measures that the Bill will introduce.

6.                    Simplified outlines are included in the Bill to assist readers to understand the substantive provisions of the Bill. However, they are not intended to be a comprehensive explanation of the content of the Bill. Readers should rely on the substantive provisions of the Bill.  

7.                    Use of the term ‘the Department’ in the Bill should be interpreted with reference to section 19A of the Acts Interpretation Act 1901 (Acts Interpretation Act). That section sets out general interpretation rules for interpretation of the term ‘the Department’ in legislation. At the time of introduction of this Bill, the relevant department is the Department of Home Affairs (Home Affairs). Home Affairs is used throughout this explanatory memorandum in explanations of clauses that refer to ‘the Department’.

Division 2 - Definitions

Subdivision A - General definitions

Clause 4 - Definitions

8.                    This clause will define a number of terms used in the Bill.

9.                    The term Australian Border Force has the same meaning as it has in the Australian Border Force Act 2015 . That Act defines Australian Border Force as the part of the relevant Department (currently Home Affairs) that is known as the Australian Border Force. The purpose of this definition is to ensure consistency with that Act.

10.                The term electronic communication will mean a communication of information in the form of data, text or images, either by guided electromagnetic energy, unguided electromagnetic energy, or both. It does not include a communication made entirely in non-electronic form. This definition is intended to capture electronic transfers of information between the users of the interoperability hub and Home Affairs, as the operator of the hub. 

11.                The term entrusted person has the meaning given by subclause 21(4). The term is used in relation to the secrecy provisions in Part 4 of the Bill. Subclause 21(4) provides that an entrusted person includes the Secretary of the Department (Home Affairs), all APS employees of Home Affairs, secondees, and all contractors and subcontractors (including their officers and employees) engaged to provide services in relation to the interoperability hub or NDLFRS. This definition is intended to capture all individuals who have access to the identity information stored in the NDLFRS or transmitted through the interoperability hub in the course of Home Affairs’ development, operation and maintenance of the systems.

12.                The term facial image will mean a digital image of an individual’s face. The term ‘digital image’ is intended to include ‘electronic image’. The facial image is the key biometric indicator that will be used in the identity-matching services facilitated by the Bill. The definition will specifically allow for images that also include an individual’s shoulders, to take into account different photo requirements for different types of government identification documents across jurisdictions.

13.                The term FIS has the meaning given by clause 8. The FIS is one of the identity-matching services facilitated by the Bill. It is referred to in the IGA as the Face Identification Service. The purpose of defining the FIS in the Bill is to clarify the nature of the service and the scope of its use.

14.                Clause 8 will define the FIS as a service involving electronically comparing a facial image of an individual with identification information contained in government identification documents, in order to identify the individual for a specific set of purposes.

15.                Clause 8 will also specify the authorities that will have access to the service, which will be limited to authorities with law enforcement and national security functions, and the circumstances in which the Minister may prescribe additional authorities. These circumstances will be limited to situations where the functions already covered by the prescribed list or performed by a prescribed authority are transferred to a different authority as a result of machinery of government changes.

16.                The term FRAUS has the meaning given by clause 9. The FRAUS is one of the identity-matching services facilitated by the Bill. It is referred to in the IGA as the Facial Recognition Analysis Utility Service. Clause 9 will define the FRAUS as a service involving electronically comparing a facial image of an individual with identification information about one or more individuals included in one or more of the databases in the NDLFRS.

17.                Requests to use the FRAUS will only be able to be made by an authority of a state or territory that has supplied identification information to a database in the NDLFRS, for the purpose of checking identification information against the data that authority has supplied. This service will assist state and territory authorities to assess the accuracy or quality of their identification information data in the NDLFRS.

18.                The term FVS has the meaning given by clause 10. The FVS is one of the identity-matching services facilitated by the Bill. It is referred to in the IGA as the Face Verification Service. The purpose of defining the FVS in the Bill is to clarify the nature of the service and the scope of its use. Clause 10 will define the FVS as a service involving electronically comparing identification information about an individual with identification information about the same individual contained in a government identification document, where a facial image may be included in either or both the request or response, in order to verify the individual’s identity.

19.                Clause 10 will also specify the types of authorities and entities that may have access to the service, which will include Commonwealth, state and territory government authorities, and local government authorities and non-government entities that meet the conditions of subclause 7(3). Subclause 7(3) will provide conditions that local government and non-government entities must meet in order to use the FVS, including that the individual has given consent for the use and disclosure of their identification information in order to verify their identity. All participating entities will also need to enter into participation agreements and data-sharing arrangements which under which specific conditions can be placed on use of a particular agency’s data by another entity.

20.                The term government identification document will be defined to include any document or other thing that contains identification information (as defined in clause 5), that can be used to identity an individual, and that is issued by a Commonwealth, state or territory government authority.

21.                A government identification document could include documents such as driver licences, fishing, firearm and marine licences, proof of age or identity cards, passports, citizenship documents, visas or immigration identity cards. The definition is intended not only to include documents specifically intended as evidence of identity documents, but also documents indicating a licence or entitlement for regulatory purposes that can be used to identify an individual. The purpose of including this definition is to set out the kinds of government documentation that could be used as the basis for providing information that can be collected, used or disclosed as part of providing the identity-matching services.

22.                The definition of government identification documentation refers to documents that can be used to identity an individual or to pass an individual off as someone else (whether living, dead, real or fictitious). The purpose of including this is to capture government identification documents that may contain fictitious information or represent a fictitious identity, or may contain information about a deceased person.  

23.                The term identification information has the meaning given by clause 5. Identification information refers to the types of identification information that will be able to be collected, used or disclosed by Home Affairs for the purpose of providing the identity-matching services. Clause 5 will set out what types of information will be identification information (generally biographical and biometric information about the person) for the purpose of identity-matching services, and what types of information will not be identification information.

24.                The definition of identification information in the Bill is based on a modified form of the definition of identification information in section 370.1 of the Criminal Code Act 1995 . The definition of identification information is more restricted than the definitions of personal information or sensitive information in the Privacy Act. The purpose of including a more limited definition is to restrict the types of information that Home Affairs will be authorised to collect, use and disclose for the purpose of the identity-matching services to those that are necessary for identity-matching purposes.

25.                The term identity-matching service has the meaning given by clause 7. Clause 7 will define identity-matching service to include all of the following services:

·          FIS (Face Identification Service)

·          FVS (Face Verification Service)

·          IDSS (Identity Data Sharing Service)

·          FRAUS (Facial Recognition Analysis Utility Service)

·          OPOLS (One Person One Licence Service); and

·          any other service prescribed by the rules made by the Minister.

26.                The purpose of defining an identity-matching service in the Bill is to clarify what types of services will be facilitated by the Bill and available through the operation of the interoperability hub and the NDLFRS. Clause 7 will also have the effect of placing conditions on access to identity-matching services by local government authorities and non-government authorities.

27.                The term identity or community protection activity has the meaning given by clause 6. The term is used to define the activities for which identification information may be collected, used or disclosed in providing an identity-matching service or in developing an identity-matching service or facility for providing those services (see paragraphs 17(2)(a) and (b) of the Bill). The identity or community protection activities are:

·          preventing and detecting identity fraud

·          law enforcement

·          national security

·          protective security

·          community safety

·          road safety; and

·          identity verification.

28.                This definition is intended to capture a range of activities that reflect the purposes for which the Commonwealth and the states and territories have agreed in the IGA to share and match identity information via the identity matching services.

29.                The term IDSS has the meaning given by clause 11. The IDSS is one of the identity-matching services facilitated by the Bill. It is referred to in the IGA as the Identity Data Sharing Service. Clause 11 will provide that the IDSS is a service that involves disclosure of identification information between Commonwealth and state and territory authorities through the interoperability hub. The purpose of defining the IDSS in the Bill is to capture the information-sharing services that will be provided by Home Affairs as part of the operation of the interoperability hub, but which are not captured by the definitions of the FIS, FVS, FRAUS or OPOLS.

30.                The IDSS will permit the sharing of identification information from one entity to another in a safe and secure manner through the interoperability hub. The service will not involve any facial biometric or other data matching, but will merely transmit identification information from one participating entity to another.

31.                The term intergovernmental agreement refers to the IGA made by the Commonwealth, the States, the Australian Capital Territory and the Northern Territory at the Special Meeting of the COAG on 5 October 2017. This term is used in notes under certain clauses in the Bill that indicate the relationship between terms used in the Bill and terms used in the IGA.

32.                The term interoperability hub has the meaning given by clause 14 of the Bill. The term is derived from the IGA. Under clause 14, ‘interoperability hub’ will be the name used for the facility that relays electronic communications to support the identity-matching services. Clause 14 will provide for Home Affairs to develop, operate and maintain the hub.

33.                The term NDLFRS has the meaning given by clause 15. The NDLFRS is referred to in the IGA as the National Driver Licence Facial Recognition Solution. The NDLFRS will consist of a database of identification information contained in government identification documents issued by a state or territory authority, and a facial recognition system for biometric comparison of facial images against facial images in the database. Clause 15 will provide for Home Affairs to develop, operate and maintain the system.

34.                The term non-government entity will mean a body, or person, that is neither the Commonwealth, a state or a territory, nor an authority of the Commonwealth, a state or territory. This definition is relevant to subclauses 7(2) and (3) (which allow for the making of rules prescribing an identity-matching service for use by local government and non-government entities subject to certain conditions), paragraph 10(2)(d) (which allows for the use of the FVS by non-government entities subject to the conditions in subclause 7(3)), and paragraph 28(1)(b) (which provides for annual reporting about the use of identity-matching services by non-government entities).

35.                The definition of non-government entity is intended to capture private sector organisations and persons. It is not intended to include local government authorities. Local government authorities are authorities of a state or territory.

36.                The term OPOLS has the meaning given by clause 12. The OPOLS is a kind of identity-matching service referred to in the IGA as the One Person One Licence Service. Clause 12 will define OPOLS as a service involving electronic comparison of a facial image and any other identification information about an individual with identification information in a database in the NDLFRS.

37.                Requests for the OPOLS will only be able to be made by state and territory authorities that issue government identification documents of a kind included in the NDLFRS, for the purpose of checking identification information used for the same kind of government identification documents issued by other states and territories. This service will assist state and territory authorities to check whether a person holds multiple government identification documents of the same kind (for example, multiple driver licences) across different jurisdictions, including fraudulent documents in different identities.

38.                The term personal information will have the same meaning as in section 6 of the Privacy Act. Section 6 of the Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. This definition has been included to make clear that references to personal information in the Bill are references to personal information as defined in the Privacy Act.

39.                The term protected information has the meaning given by subclause 21(4). Under Part 4 of the Bill, there are penalties for unauthorised disclosure or recording of protected information. Subclause 21(4) will define protected information as information including identification information from electronic communications to or from the interoperability hub or the NDLFRS or contained in the NDLFRS, as well as information about the making, content or addressing of such electronic communications, and information that enables access to the interoperability hub or NDLFRS.

40.                The purpose of defining protected information separately to identification information is to capture other types of information that may not be identification information but are still types of information that would compromise the security of the identification information in the NDLFRS or transmitted via the interoperability hub, for the purpose of restricting the disclosure of such information.

41.                The term rules will mean rules made under clause 30 of the Bill. Clause 30 will provide for the Minister to have the power to make rules in relation to a number of matters under the Bill.

Clause 5 - Definition of identification information

42.                This clause will define the term identification information . The definition of identification information in the Bill is based on a modified form of the definition of identification information in section 370.1 of the Criminal Code Act 1995.

43.                The purpose of defining identification information is to prescribe the types of information that Home Affairs will be authorised to collect, use and disclose (under clauses 17 and 18 of the Bill) for the purposes of providing identity-matching services, developing, operating and maintaining the interoperability hub and the NDLFRS, and for related purposes.

44.                Subclause 5(1) sets out what will be considered to be identification information.

45.                Paragraphs 5(1)(a)-(f) are intended to capture standard types of biographic information that may be contained in a range of government identification documents, including names, addresses, dates of birth and death, and gender information.

46.                Paragraph 5(1)(g) is intended to include information contained in a wide range of documents defined within relevant state legislation as a ‘driver licence’, including all classes of driver licence (e.g. car, multi-combination, motorcycle licences and learners permits). This also includes any type of driver licence that does not have a photo, such as driver licence receipts issued temporarily by a state road authority when a person applies for a licence. Sub-paragraph 5(1)(g)(ii) will also capture information that is associated by the relevant authority with the document, but is not contained in or does not appear on the face of the document itself. This could include for example metadata required about the document for information management purposes, such as issue locations or internal agency reference numbers for the document.

47.                Paragraph 5(1)(h) includes the information contained in other types of licence documents, or documents issued for regulatory purposes that can be used as identification, issued by states and territories. These documents must have a photograph to be included. This paragraph is intended to capture for example:

·          Marine licences

·          Firearms licences

·          Proof of age / proof of identity cards.

48.                Sub-paragraph 5(1)(h)(ii) will also capture information that is associated by the relevant authority with the document, but is not contained in or does not appear on the face of the document itself. This could include for example metadata required about the document for information management purposes, such as issue locations or internal agency reference numbers for the document.

49.                Paragraph 5(1)(h) will specifically only include documents that contain a photograph. This is to ensure that this paragraph cannot be used to include information from types of licences and other documents that are not intended to be photographic identification documents (for example, liquor licences).

50.                Paragraph 5(1)(i) refers to information contained in documents issued to a non-citizen to assist the person in proving his or her identity. An example of such a document is the document issued by Home Affairs called the ImmiCard.

51.                Sub-paragraph 5(1)(i)(ii) will also capture information that is associated by the relevant authority with the document, but is not contained in or does not appear on the face of the document itself. This could include for example metadata required about the document for information management purposes, such as issue locations or internal agency reference numbers for the document.

52.                Paragraph 5(1)(j) includes information contained in Australian travel documents and foreign travel documents.

53.                Australian travel documents are intended to include documents referred to in the Australian Passports Act 2005 and the Australian Passports Determination 2015 such as:

·          Australian Passports

·          Convention travel documents (issued to individuals recognised as refugees under the UN Convention Relating to the Status of Refugees)

·          Certificates of identity (issued to individuals who are stateless or unable to obtain a valid travel document from the country of which they claim to be a national)

·          Documents of identity (issued to Australian or Commonwealth nationals to whom the issue of an Australian passport is unnecessary or undesirable, or who cannot obtain a valid travel document from the country of their nationality)

·          Provisional travel documents (issued to Australian citizens who are temporarily unable to obtain an Australian travel document)

54.                The term ‘foreign travel document’ in paragraph 5(1)(i) takes its meaning from the Foreign Passports (Law Enforcement and Security) Act 2005 . Section 5 of that Act defines a foreign travel document as a foreign passport (a passport issued by or on behalf of the government of a foreign country) or a document of identity issued by or on behalf of a foreign government for travel purposes.

55.                Sub-paragraph 5(1)(j)(ii) will also capture information that is associated with the Australian travel document by the Minister administering the Australian Passports Act 2005 , or the Department administered by that Minister.

56.                Sub-paragraph 5(1)(j)(iii) will also capture information that is associated by a Commonwealth, state or territory authority by which the document may be inspected or seized with the Australian or foreign travel document.

57.                The information covered by sub-paragraphs 5(1)(j)(ii) and (iii) could include for example metadata required about the document for information management purposes, such as issue locations or internal agency reference numbers for the document.

58.                Paragraphs 5(1)(k) and (l) capture citizenship and visa information.

59.                Paragraph 5(1)(m) includes facial images, biometric templates derived from those images, and results of biometric comparisons. Paragraph 5(1)(m) is intended to make it clear that Home Affairs may collect facial images and biometric templates for purposes set out in the Bill, noting this information may constitute ‘sensitive information’ within the meaning of that term in the Privacy Act.

60.                A biometric is a unique identifier that is based on individual physical characteristics, such as a facial image, which can be digitised into a biometric template for automated storage and checking against other biometric templates. Biometric templates are the tool used by the various facial recognition systems that support the identity-matching services (ie. the facial recognition systems in each of the Commonwealth databases connected to the interoperability hub and the NDLFRS) to match one facial image with another. Each database stores biometric templates for each of the facial images it contains, and uses these to run face-matching processes against a biometric template derived from the facial image in a request for face-matching.

61.                Paragraph 5(1)(n) will provide for identification information to also include new types of identification information prescribed in the rules by the Minister. In making rules prescribing new types of identification information, the Minister must comply with the requirements of subclause 5(4).

62.                The definition of identification information set out subclause 5(1) is intended to capture the full range of information that is likely to be transmitted via the interoperability hub or contained in the NDLFRS for the purposes of Home Affairs providing identity-matching services. This includes any information contained in the databases to which the interoperability hub will be connected that is required to support the services. The initial databases that the interoperability hub will be connected to are:

·          the database of visa and citizenship information maintained by Home Affairs

·          the database of passport information maintained by DFAT, and

·          the database within the NDLFRS.

63.                The definition of identification information is broad enough to include current, former, alternative, alias, or fraudulent information in relation to an individual. It also specifically includes information about an individual who is living or dead, and whether or not it is a real or fictitious identity. This has been included to ensure that information that is false or that relates to a deceased person is still able to be collected, used and disclosed by Home Affairs for the purpose of providing the identity-matching services. These types of information are unlikely to be able to be separated from information about real and live people in the systems (for example, where a false name accompanies a real image of a person on an identity document), and may also be necessary for some of the purposes for which the identity-matching services will be used, including preventing and detecting identity fraud and identifying a person who has died.  

64.                The inclusion of references to information about individuals who are dead or fictitious in the definition of identification information is also intended to ensure that the privacy and secrecy provisions in Part 4 of the Bill apply to such information.

65.                Subclause 5(2) will set out certain types of information that are not identification information. The information listed in subclause 5(2) reflects the types of information contained in the definition of ‘sensitive information’ in the Privacy Act. This subclause has been included in the Bill to make it clear that the Bill will not authorise Home Affairs to collect, use or disclose these types of information in the course of providing identity-matching services (for example, genetic information or information about a person’s political opinions or religious beliefs). This is because these types of information are not needed to support the provision of the identity-matching services.

66.                Subclause 5(2) is subject to the clarification provided in subclause 5(3). Subclause 5(3) will ensure that subclause 5(2) will not have the effect of excluding information of the types listed in subclause 5(1) from being identification information even if the information also contains, or allows inferences to be made about, the types of information listed in subclause 5(2), as long as the information is not primarily of a type listed in subclause 5(2). This allows for incidental collection, use or disclosure of information listed in subclause 5(2) if identification information that falls within the scope of subclause 5(1) happens to also include information of the type listed in subclause 5(2), or allows for reasonable inferences to be made about a type of information listed in subclause 5(2). Subclause 5(3) gives two examples of when this might occur.

67.                Subclause 5(4) of the Bill will set out the requirements for the Minister in making rules prescribing new types of identification information. In summary, the Minister must be satisfied that the information:

·          is capable of being used to identify a person

·          is reasonably necessary to provide an identity-matching service (as described in clause 7 of the Bill); and

·          assists in one or more of the identity or community protection activities (as described in clause 6 of the Bill).

68.                The purpose of this subclause is to restrict the prescription of new types of identification information to that information that is necessary and useful for identifying individuals through identity-matching services for the purposes set out in the Bill.

69.                Under paragraph 5(4)(b), the Minister must consult both the Human Rights Commissioner and the Information Commissioner before making any rules prescribing new types of identification information. This will assist in ensuring that any privacy or other human rights impacts of including a new type of identification information are taken into account.

Clause 6 - Definition of identity or community protection activity

70.                Clause 6 will define the term identity or community protection activity . These are the activities for which Home Affairs will be authorised, under clauses 17 and 18, to collect, use and disclose identification information for the purpose of providing identity-matching services. The clause lists seven different activities. These activities reflect the permitted purposes for which the identity-matching services can be used as set out in the IGA and agreed to by the Commonwealth, states and territories.

71.                Clause 6 is not intended to authorise the use of identity-matching services by participating entities for the activities set out in the clause. Participating entities will need to have their own legal basis to collect and share identification information in relation to one or more of the identity or community protection activities in order to use the identity-matching services for that activity. This need not be a specific reference in legislation to the use of identity-matching services by the participating entity. However, it would need to have a sufficient connection to one of the identity or community protection activities. For example, a police force would need to have a legal basis to collect, use and disclose identification information for preventing, detecting, investigating or prosecuting an offence in order to rely on the law enforcement activity in subclause 6(3) to use an identity-matching service.

72.                It will be possible for more than one identity or community protection activity to apply in any given circumstance. For example, a particular circumstance could enliven one or more of the national security, law enforcement or community safety activities.

Preventing and detecting identity fraud

73.                Subclause 6(2) covers the prevention and detection of identity-related fraud. This includes, but is not limited to, the use of stolen or fraudulently-obtained government identification documents and fake identification documents, as well as related identification information. This activity is intended reflect the identity crime purpose in clause 1.2(a) in the IGA. This will allow for the use of identity-matching services to prevent and detect identity-related fraud.

Law enforcement activities

74.                Subclause 6(3) covers law enforcement activities. It is intended to reflect clauses 1.2(a) and (b) of the IGA.

75.                Paragraph 6(3)(a) will allow for the use of identity-matching services for the prevention, detection, investigation and prosecution of an offence against a Commonwealth, state or territory law. This will include the prevention, detection, investigation and prosecution of identity-related offences, as well as other offences. This will support law enforcement agencies to identify individuals who have committed an offence, or are suspected of committing or planning to commit an offence, or who may be able to assist police with their enquiries.

76.                The Bill will not specifically restrict this activity to offences that carry a maximum penalty of not less than three years imprisonment (as referred at clause 4.21(b) of the IGA). Any amendment to the IGA provisions will be by agreement between the Commonwealth and the states and territories. As with all of the identity or community protection activities, state or territory agreement will be required before a jurisdiction’s data can be used for this purpose.

77.                Paragraph 6(3)(b) will allow for use of the identity-matching services for activities relating to proceedings under the Proceeds of Crime Act 2002 and corresponding state or territory laws. While this not specifically referenced in the IGA, it is consistent with the law enforcement purpose envisaged by the agreement. This subclause is intended to enable access to Commonwealth data holdings via the identity-matching services for use in conducting proceeds of crime matters, in order to maximise their utility to law enforcement agencies in combatting serious and organised crime. Over time, states and territories may also agree to make their data holdings available via the identity-matching services for these activities.   

National security activities

78.                Subclause 6(4) covers the investigation or the gathering of intelligence relevant to Australia’s national security. It is intended to reflect the national security purpose in clause 1.2(c) of the IGA. This subclause will allow for the use of identity-matching services to support a range of national security-related functions.

79.                National security is defined by reference to the National Security Information (Criminal and Civil Proceedings) Act 2004 (NSI Act). Section 8 of the NSI Act defines national security to mean Australia’s defence, security, international relations or law enforcement interests. Section 11 of the NSI Act defines ‘law enforcement interests’ as avoiding disruption to law enforcement and intelligence efforts, protecting intelligence technologies and methods, protecting informants and their associates, and ensuring intelligence and law enforcement agencies are not discouraged from giving information to a nation’s government and government agencies.

Protective security activities

80.                Subclause 6(5) covers protective security activities, which refers to the promotion of the security of an asset, facility or person associated with government. It is intended to reflect the purpose in clause 1.2(d) of the IGA.

81.                Paragraph 6(5)(a) specifies that the activity will include security and criminal background checking of persons with access to such an asset or facility. This will allow for the use of identity-matching services to protect government assets and facilities such as government buildings and defence force bases, for example through identification verification for security clearances, or identifying persons acting suspiciously outside a facility using images taken from CCTV footage.

82.                Paragraph 6(5)(b) specifies that the activity will also include protecting persons with legally assumed identities or who have acquired new legal identities under witness protection legislation, and associated persons. These persons are deemed to be included within the category of ‘persons associated with government’.

83.                The scope of persons with legally assumed identities or protected witnesses is set out in paragraphs 17(2)(d) and (e) of the Bill, which reference the relevant legislation governing these arrangements.

Community safety activities

84.                Subclause 6(6) covers the activities to promote community safety, and will allow for the use of identity-matching services to identify individuals in a range of circumstances. The availability of identity-matching services for these community safety activities is intended to assist law enforcement agencies to prevent harm to individuals or the community, or identify individuals who have been harmed. The community safety activity is primarily intended to reflect the community safety purposes in clause 1.2(e) of the IGA, with the addition of a further category (paragraph 6(6)(b)).

85.                The community safety activities in subclause 6(6) are divided into two types.

86.                Firstly, paragraph 6(6)(a) covers the use of identity-matching services to identify individuals who may suffer, or may have suffered, physical harm. This is intended to cover identification of individuals in a range of circumstances, including (but not limited to), those listed in subparagraphs 6(6)(a)(i) to (iii). 

87.                Subparagraph 6(6)(a)(i) covers where a person has been reported as missing. It is intended to reflect the reference to missing persons in clause 1.2(e)(i) of the IGA. It could for example be used to identify an unknown person suspected to be a missing person, or to ascertain the identity of a person claiming to be a missing person. This will also assist law enforcement agencies in investigations relating to missing persons where no criminal offence has occurred (meaning there is no law enforcement activity underway).

88.                Subparagraph 6(6)(a)(ii) covers circumstances where a person has died or has reasonably believed to have died. It is intended to reflect clause 1.2(e)(ii) of the IGA. This is intended to be used in the identification of deceased persons or human remains.

89.                Subparagraph 6(6)(a)(iii) covers where a person is reasonably believed to have been affected by disaster. This activity is intended to reflect the ‘disaster’ reference in clause 1.2(e)(iv) of the IGA.

90.                Subparagraph 6(6)(a)(iii) is intended to include people affected by natural disasters. It is also intended to include people affected by non-natural disasters that have a comparable impact on the public that a natural disaster would have. For example, the aftermath of an aircraft crash or terrorist attack may fall within this category. The activity is intended to allow for the use of identity-matching services for a range of matters associated with managing a disaster and its aftermath. For example, the activity could provide a basis for identifying victims of the disaster in order to provide them with access to financial support.

91.                Secondly, paragraph 6(6)(b) covers the use of identity-matching services in relation to persons who are reasonably believed to be involved with a significant risk to public health or safety. It is intended to cover individuals who pose a significant risk to public health or safety.

92.                This is only intended to apply while the significant risk exists, not after the significant risk has passed.

93.                Paragraph 6(6)(b) is intended to capture circumstances in which there is a significant risk of harm to individuals in the general public. Factors that are relevant to determining whether a risk is a significant risk include the likelihood of a risk eventuating and the consequences should the risk eventuate, such as the number of people who may be affected and the ways in which they may be affected, such as physical injury or death.

94.                Paragraph 6(6)(b) could enable, for example, the identity-matching services to be used to assist in identifying a person where there are reasonable grounds to believe the person is acting suspiciously in the vicinity of a crowded public place and who may be planning an act involving harm to the public. In such circumstances, it may not always be readily apparent whether the person may be planning a terrorist act (which could enable the services to be used for national security activities), or may be committing or intending to commit another specific criminal offence (which could enable the services to be used for law enforcement activities).

95.                Paragraph 6(6)(b) is designed to provide greater flexibility to use the identity-matching services to help protect against significant risks to public safety. This includes the protection of crowded public places and is particularly relevant to ‘major events’. The term ‘major event’ is referenced in clause 1.2(e)(iv) of the IGA, and relates to significant events which could attract large crowds or have VIPs in attendance. This could include major national or international sporting events, heads of government meetings or New Year’s Eve celebrations.

96.                Paragraph 6(6)(b) could also enable the identity-matching services to be used to identify a person who posed a significant risk to public health, for example if the person was suspected of carrying a serious communicable disease and it became necessary to take action to prevent the disease from being spread to other persons.

97.                The term ‘reasonably believed’ is used in a range of Commonwealth legislation, including the Privacy Act and the Crimes Act 1914 (Crimes Act). For the purpose of references to ‘reasonably believed’ in clause 6 of the Bill, the phrase should be interpreted with reference to common law (see for example Taiapa v The Queen [2009] HCA 53, Marwey v The Queen [1977] HCA 68).

98.                In general, the establishment of a reasonable belief involves a subjective and an objective element. The person in question should form a subjective belief that the required circumstance exists. There should also be objective evidence or material available to the person to indicate that their belief is reasonable in the circumstances.

99.                In each case, responsibility for determining whether this reasonable belief has been established will rest with the agency submitting the matching request. Access policies and data sharing agreements supporting the implementation of the Bill and the IGA will require such requests to be authorised by a senior officer within the requesting agency and details of this authorisation will be retained for auditing purposes.

Road safety activities

100.            Subclause 6(7) covers the promotion of road safety. It is intended to reflect clause 1.2(f) of the IGA.

101.            This subclause is intended to capture activities to detect unlicensed and disqualified drivers, persons with multiple licences obtained fraudulently and strengthening the integrity of driver licence issuance processes. This is to help prevent people from fraudulently obtaining driver licences so that they may continue to drive despite a licence suspension or cancellation, as such people may be more likely to present a risk to other road users.

102.            The FIS will not be available for road safety activities (see paragraph 8(1)(b)).

Verifying identity

103.            Subclause 6(8) covers the verification of an individual’s identity. It is intended to reflect clauses 1.2(g) of the IGA.

104.            This activity is intended to include both verification of identity with an individual’s consent and verification without consent where it is otherwise authorised under law. The explanatory material relating to clause 25 of the Bill contains further information about the meaning of ‘consent’ in the Bill.

105.            Where identity-matching services are used for activities, including verifying identity, by local government authorities or non-government entities, this will only be able to be done with the consent of the individual (see subclause 7(3)).

106.            This activity is intended to capture instances where verification of identity may be required or desirable in circumstances not otherwise captured by the activities in subclauses 6(2) to 6(7). This includes in relation to government or private sector service delivery where it is necessary to establish identity, such as seeking government benefits, requesting a bank account, or where regulatory identity verification requirements exist.

107.            The FIS will not be available for this activity (see paragraph 8(1)(b)).   

Subdivision B - Definitions relating to identity-matching services

108.            This subdivision will set out the types of identity-matching services that Commonwealth, state and territory authorities and other entities will be able to request and use. These are the services for which Home Affairs will be authorised, under clauses 18 and 19, to collect, use and disclose identification information through the interoperability hub and NDLFRS.

Clause 7 - Definition of identity-matching service

109.            This clause will define the overarching term identity-matching service . These are the biometric verification, identification and identity management services that will be made available through the interoperability hub and the NDLFRS to participating government agencies and private sector organisations. The identity-matching services listed in the Bill reflect those in the IGA.

110.            Subclause 7(1) lists the following as identity-matching services:

a)       FIS (Face Identification Service)

b)       FVS (Face Verification Service)

c)       IDSS (Identity Data-Sharing Service)

d)      FRAUS (Facial Recognition Analysis Utility Service)

e)       OPOLS (One Person One Licence Service)

f)        a service prescribed by the rules.

111.            Paragraph 7(1)(f) will provide for the inclusion of new types of identity-matching services if they are prescribed by the rules. To be prescribed, a service must involve the collection, use or disclosure of identification information and involve the interoperability hub or the NDLFRS. New services involving other biometric modalities (such as fingerprints or iris scans) may potentially be prescribed under paragraph 7(1)(f). If a new service was prescribed that involved the use of biometric modalities other than facial images, the Minister would also need to make rules prescribing those modalities as new types of identification information for the purpose paragraph 5(1)(n).

112.            Subclause 7(2) will restrict the circumstances in which the Minister may make rules for the purpose of paragraph 7(1)(f) where they prescribe a service involving a request from a local government authority or non-government entity (defined by clause 4). Subclause 7(2) will provide that the Minister can only prescribe a new identity-matching service for use by a local government authority or non-government entity if the purpose of the service is to verify a person’s identity.

113.            Any use of identity-matching services prescribed by the rules by local governments and non-government entities will be subject to the conditions set out in subclause 7(3).  

114.            The conditions set out in subclause 7(3) will be that:

a)       verification of the individual’s identity is reasonably necessary for the entity’s functions or activities

b)       the individual has given consent for the entity to use and disclose their identification information for identity verification purposes (see clause 25 for further explanation of ‘consent’ in the Bill)

c)       the entity carries on activities in Australia from premises in Australia, or resides in Australia, and

d)      either

                                i.             the Privacy Act applies to the entity (including by the provisions under the Privacy Act to apply the Act to an entity, for example by a small business operator agreeing to be bound by the Act), or

                              ii.             in the case of a local government authority - it is bound by a state law or has signed a written agreement with Home Affairs.

115.            These conditions are also relevant to paragraphs 10(2)(c) and (d), which allow for the use of the FVS by local government and non-government entities subject to these same conditions.

116.            Subclause 7(4) will set out the requirements for a state law or any written agreement referred to in subparagraph 7(3)(d)(ii). In summary, the law or agreement must provide for protections comparable to the Australian Privacy Principles, monitoring of compliance, and a means of recourse if information is handled contrary to the law or agreement.

117.            The following state and territory privacy laws are examples of laws that would meet the requirements set out in subclause 7(4):

·          Privacy and Personal Information Protection Act 1998 (NSW)

·          Privacy and Data Protection Act 2014 (Vic)

·          Information Privacy Act 2009 (Qld)

·          Personal Information Protection Act 2004 (Tas)

·          Information Privacy Act 2014 (ACT)

·          Information Act (NT).

118.            The intention of subclauses 7(3) and (4) is to ensure that any local government authority or non-government entity that has access to identification information through the use of identity-matching services is subject to, and complies with, the Australian Privacy Principles or comparable privacy protections. The requirement that local government authorities and non-government entities obtain the consent of the person to verify their identity (paragraph 7(3)(b)) is particularly important in ensuring that identity-matching services will only be able to be used by these users where the individual has agreed to the use of their identification information for verification purposes, for example to access a service.

119.            Under subclause 7(5), the Minister will be required to consult both the Human Rights Commissioner and the Information Commissioner before making a rule prescribing a new type of identity-matching service under paragraph 7(1)(f). This will further assist in ensuring that the privacy and other human rights implications of any new identity-matching service are considered before it is implemented.

Clause 8 - Definition of FIS

120.            This clause will define the FIS . The FIS is a kind of identity-matching service referred to in the IGA as the Face Identification Service.  The FIS is a service in which permitted agencies can identify an unknown person by matching a facial image of a person against images of persons held in records of government identification documents. The service will assist these agencies to ascertain the identity of an unknown person, or the true identity of persons using multiple fraudulent identities.

121.            The FIS is a ‘one-to-many’ facial matching service. When a facial image is submitted for matching against a specific database through the interoperability hub the user may also submit other biographic information where known. This may include an age range or a gender. The facial matching process will then return a small gallery of the highest matching facial images in the database. The receiving agency will then need to review the gallery and select a limited shortlist of possible matches. Only then will the receiving agency have access to the biographic details (such as the name) associated with the facial images on their shortlist, for further examination.

122.            An example of a use for the FIS would be a police force using a CCTV image obtained from the scene of an armed robbery to assist in identifying the suspect. Another example of use by a law enforcement agency would be to identify an unidentified victim of a homicide. A national security agency may also use an image taken of a suspect in a terrorism incident to assist in identifying the offender while the incident is still ongoing, for example in a siege situation. The FIS can also be used, for example, to determine if a person of interest in an investigation has multiple identities (whether or not any identity of the person is already known to authorities).

123.            Subclause 8(1) will provide the general definition of the FIS. In summary, the FIS involves comparing a facial image of a person, and any other identification information (if any) available, against one or more facial images held in government identification documents, for the purpose of determining the identity of an unknown person or whether a person has multiple identities.

124.            Paragraph 8(1)(b) will also restrict use of the FIS to the following types of identity and community protection activities:

·          Preventing or detecting identity fraud

·          Law enforcement

·          National security

·          Protective security

·          Community safety.

125.            Paragraph 8(1)(c) will provide that the FIS must be provided by electronic communications relayed via the interoperability hub. This has the effect of restricting the service to comparisons of facial images against government identification documents in one or more of the databases connected to the interoperability hub. The service will not be able to be used to compare a facial image against other facial images not contained in government identification documents, for example a database of CCTV images. This paragraph will also ensure that details of requests for the FIS are subject to audit logging within the interoperability hub, to improve accountability. Audit logs will not include identification information of individuals whose identity is being checked.

126.            Only specified Commonwealth, state and territory law enforcement, national security and anti-corruption agencies listed in clause 8(2) of the Bill will be able to use the FIS. Some of the agencies are restricted to using the service in connection with specific functions or legislation. Any access to the FIS will still need to be in the course of an identity or community protection activity covered by subclauses 6(2) to (6), so all agencies listed in clause 8(2) will only be able to use the service when undertaking such activities.

127.            The reference to the ‘members of the staff’ of the Commissioner in paragraph 8(2)(n) and (p) is only for the avoidance of doubt to make it clear that members of the staff of the relevant Commissioner, however described in the relevant legislation, may use the FIS for lawful purposes, not just the Commissioners themselves.

128.            Paragraph 8(2)(q) will also provide other authorities to use the FIS where they are prescribed by the rules. Subclause 8(3) will set out the condition for the minister to prescribe an authority for the purpose of paragraph 8(2)(q). The Minister will need to be satisfied that the authority has one or more functions that used to be functions of one or more of the state or territory government authorities listed in the clause.

129.            This power is extremely restricted and is solely intended to allow these agencies to continue using the FIS following a machinery of government, name or legislative change, without having to amend the Act. The power in paragraph 8(2)(q) is intended to supplement, and not replace, the relevant provisions in the Acts Interpretation Act that already provide for the continuation of provisions naming specific government agencies when a machinery of government change occurs, if those provisions do not apply. Where a state or territory government agency undergoes a machinery of government, name or legislative change that is already covered by those provisions, it will not be necessary for the Minister to make a rule in relation to the agency.

130.            Nothing in the Bill will allow the Minister to give any other Commonwealth, state or territory, local government or private sector entity access to the FIS. Any expansion in the availability of the FIS will be subject to an amendment to the Bill, and the usual legislative process.

131.            The restrictions in paragraph 8(1)(b) and subclauses 8(2) and (3) are intended to ensure that the FIS can only be used by a specific set of agencies in a specific set of circumstances where there is a compelling need to identify an unknown individual, and to protect legally assumed identities. This recognises the increased privacy implications of the FIS, which will disclose information about a limited number of unrelated people other than the person identified. The Bill will appropriately limit access to this service to minimise the privacy implications.      

Clause 9 - Definition of FRAUS

132.            This clause will define FRAUS . The FRAUS is an identity-matching service referred to in the IGA as the Facial Recognition Analysis Utility Service.

133.            The service will enable state and territory road agencies, and other state and territory authority that may contribute facial images to the NDLFRS, to conduct biometric matching using its own data.

134.            Under paragraph 9(a), use of this service will be limited to state and territory authorities. The service will be available for comparison of a facial image provided by the authority (subparagraph 9(a)(i)) against identification information of one or more individuals that was supplied by the same authority for inclusion in a database in the NDLFRS (subparagraph 9(a)(ii)). This allows a state or territory authority to use the facial recognition capability in the NDLFRS against their own replicated data.

135.            The main type of authority that will use the FRAUS will be road transport authorities or comparable authorities that are responsible for driver licences. However, the legislation will also allow for states and territories to use the FRAUS in relation to other types of identification documents such as proof age/identity cards in future.

136.            Paragraph 9(b) provides that use of the FRAUS will need to be for the purpose of assisting the authority to improve the accuracy or quality of its information holdings (such as driver licences).

137.            Paragraph 9(c) provides that the request and outcome will need to be communicated via electronic communications to or from the NDLFRS directly through the interoperability hub. This is to provide Home Affairs with a degree of flexibility in determining the technical design of the FRAUS, while ensuring that the service has appropriate auditing and other controls to support state and territory authorities’ access to their own data.

138.            An example use of this service is where a state driver licence authority uses the facial recognition system of the NDLFRS to check against the authority’s own records held in the NDLFRS to help it to detect and remove duplicate records or to detect and replace poor quality photographic images.

Clause 10 - Definition of FVS

139.            This clause will define the FVS . The FVS is a kind of identity-matching service referred to in the IGA as the Face Verification Service.  The FVS is a service that will allow a participating government agency or non-government entity to verify an individual’s known or claimed identity using a facial image of the person on a government identification record.

140.            The FVS will provide different types of functionality. For example, in one case, the requesting agency may submit a person’s facial image and other identification information (i.e. biographical information). The image is compared against a facial image on a government identification document associated with the same biographical information and a ‘match’ or ‘no match’ response is returned to confirm whether the facial images match. In some circumstances, the response may also contain identification information relating to the person, such as the person’s image or other biographic information, where the requesting agency has a lawful basis to collect that information.

141.            In another case, the requesting agency may submit identification information about a person that does not include a facial image (biographical information only), and the service will return a copy of a facial image associated with a government identification document with the same biographical information.

142.            The second case may occur for example where a police officer wishes to conduct a driver licence check and is unsure as to the veracity of the licence document. The officer may submit the licence number and biographic details as a FVS service request and receive a copy of the facial image of the licence in that name, and compare it to the driver to verify their identity.

143.            Paragraph 10(1)(a) of the Bill provides that the FVS will involve a user making a request to verify a person’s identity using information on a government identification document (such a driver licence). The claimed information is compared electronically against the information on the government identity document held by a participating holding agency (for example, information held in the NDLFRS managed by Home Affairs).

144.            Paragraph 10(1)(b) provides that a facial image on a government identification document will generally either be sent as part of the request or received as part of the response to an FVS. However, under paragraph 10(1)(b) a face verification service does not need to involve a facial image if the image cannot be verified. This is because in certain circumstances it is possible to make a face verification request using biographic details and details of the government identification document, without submitting a facial image as part of the request. If such a request does not verify the person’s identity (e.g. because there was no match), no facial image will be returned, but it will still constitute a face verification request.

145.            It should be noted that under access policies and data sharing agreements supporting the implementation of the Bill, any private sector usage of the FVS will only return a ‘match or no match’ response, without returning images or biographic information about the person.

146.            Paragraph 10(1)(c) provides that an FVS request must be for the purpose of verifying a person’s identity. This will ensure that the functionality of the service cannot be expanded in future to enable the identification of unknown persons.

147.            Paragraph 10(1)(d) provides that an FVS request, and the outcome of the request, must be communicated electronically via the hub. This has the effect of restricting the service to comparisons of facial images against government identification documents in one or more of the databases connected to the interoperability hub. This paragraph will also ensure that requests for the FVS are subject to audit logging within the interoperability hub, to improve accountability. Audit logs will not include identification information of individuals whose identity is being checked.

148.            Subclause 10(2) sets out which types of entities can use the FVS.

149.            Under subclause 10(2), an entity must have a legal basis to collect, use and disclose (as required) identification information that could be involved in an FVS.  The legal basis could be the consent of the person (see clause 25 for further explanation). The legal basis could also be provided by other legislation (in the absence of consent). Any such legislation would not need to specifically refer to the FVS, but would need to demonstrate a sufficient connection to identity verification.

150.            Paragraph 10(2)(a) provides that the FVS may be used by an authority of the Commonwealth. The term is intended to include entities such as:

·          Commonwealth departments or agencies

·          The Australian Defence Force

·          A body or body corporate established under Commonwealth law (or a law of a Territory where appropriate) for public purposes

·          The holder of an office established for public purposes under a Commonwealth law (or under a Territory law where appropriate).

151.            Paragraph 10(2)(b) provides that the FVS may be used by an authority of state or territory, other than a local government authority. The term is intended to include:

·          State or territory departments or agencies

·          A body or body corporate established under state/territory law for public purposes

·          The holder of an office established for public purposes under a state/territory law.

152.            Paragraph 10(2)(c) provides that the FVS may be used by a local government authority that meets the requirements of subclause 7(3).

153.            Paragraph 10(2)(d) provides that the FVS may be used by non-government entities (defined at clause 4) that meet the requirements of subclause 7(3). The conditions in subclause 7(3) include that verification of the individual’s identity is reasonably necessary and that the individual has given consent.

154.            Examples of the expected uses of the FVS by government agencies include assisting in verifying the identity of a person who is:

·          applying for a passport

·          making a claim for social security benefits, or

·          applying for an Australian Business Number.

155.            An example of use by a private sector organisation of the FVS would be a bank verifying a person’s identity with the person’s consent using their driver licence when the person is opening a new bank account.

Clause 11 - Definition of IDSS

156.            This clause will define the IDSS . The IDSS is an information-sharing service referred to in the IGA as the Identity Data Sharing Service.

157.            As provided in subclause 11(1), the IDSS is a service that will allow a Commonwealth, state or territory authority to share identification information with another Commonwealth, state or territory authority.

158.            The service is intended to permit the sharing of identification information from one entity to another in a secure and accountable manner through the interoperability hub. The service does not involve any facial biometric or other data matching, but merely transmits identification information from one participating entity to another.

159.            Subclause 11(2) will provide that the following are not an IDSS:

·          FIS (Face Identification Service)

·          FVS (Face Verification Service)

·          FRAUS (Facial Recognition Analysis Utility Service)

·          OPOLS (One Person Once Licence Service).

160.            The purpose of this subclause is to clarify that the term IDSS is not intended to be a catch-all term covering the other identity-matching services in the Bill. The IDSS is a separate service for information-sharing. An example of a possible use of the IDSS is where a police service confiscates a large collection of false passports. The police service could use the IDSS to send electronic copies of the false passports to DFAT in bulk to assist DFAT in protecting the integrity of its information and document holdings.

Clause 12 - Definition of OPOLS

161.            Clause 12 will define an OPOLS . The OPOLS is an identity-matching service referred to in the IGA as the One Person One Licence Service.

162.            The service will allow a state or territory road authority to check if a person has multiple or fraudulent driver licences anywhere in Australia when that person applies for a new licence or renewal of a licence. The service could also potentially be used by state and territory authorities in relation to other types of identification documents such as proof of age cards in future.

163.            Paragraph 12(a) provides that the OPOLS will involve a state or territory authority comparing a facial image of a person (such as a driver licence applicant) and other biographical information about the person against facial images and other biographical information held in the NDLFRS. This will assist the authority to determine if the individual holds another licence of the same type, in the same or a different identity, in another jurisdiction. The OPOLS will not involve comparison of a submitted facial image against the other databases (citizenship, visa, passports databases) connected to the interoperability hub.

164.            Paragraph 12(b) provides that only those state or territory authorities that have supplied facial images and biographical information (such as driver licence information) to the NDLFRS will be able to use the service.

165.            Paragraph 12(c) provides that the purpose of the comparison will need to be to determine whether a person holds more than one (‘multiple’) of the relevant document, for example a driver licence issued by authorities in other jurisdictions, in the same or different identities.

166.            Paragraph 12(d) provides that the request and outcome will need to be communicated via electronic communications to or from the NDLFRS directly or through the interoperability hub. This is to provide Home Affairs with a degree of flexibility in determining the technical design of the OPOLS, while ensuring that the service has appropriate auditing and other controls to support sharing and matching of information between state and territory authorities.

167.            An example of usage of this service would be a state driver licence authority submitting the facial image of a person applying to have their licence transferred from interstate. The search would determine if that facial image also appeared in another state or territory’s driver licence records. If the facial image was associated with more than one licence, the authority could investigate further with a view to cancelling the other licence, and if appropriate, referring any suspected criminal offences to the police.

Part 2 - Developing and operating interoperability hub and NDLFRS

168.            This part will authorise Home Affairs to develop, operate and maintain the interoperability hub and NDLFRS, which are two key technical systems that support the provision of the identity-matching services.

Clause 13 - Simplified outline of this Part

169.            This clause will explain that under Part 2 the Secretary may develop, operate and maintain the interoperability hub and the NDLFRS. The simplified outline is included to provide readers with an overview of the purpose and effect of the Part.

Clause 14 - Interoperability hub

170.            This clause will authorise the Secretary of Home Affairs to develop, operate and maintain the interoperability hub. The interoperability hub is the information technology infrastructure that electronically relays requests for the identity-matching services and their responses between the requesting and responding entities.

171.            The interoperability hub is the central system through which identification information is transmitted between entities participating in the identity-matching services. It is a system for fast, secure, automated and auditable information-sharing between entities.

172.            The interoperability hub operates via a ‘hub and spoke’ architecture. Participating entities at the ‘spokes’ either provide or request information on a query and response basis and the interoperability hub acts as a router to relay identification information between them. Unlike the NDLFRS, the hub does not permanently store identification information.

173.            The sources of identification information that will initially be connected to the hub and be made available via the identity-matching services are:

·          information held in the NDLFRS

·          citizenship and visa information held by Home Affairs; and

·          passport and other travel document information held by DFAT.

Clause 15 - NDLFRS

174.            This clause will authorise the Secretary of Home Affairs to develop, operate and maintain the NDLFRS , referred to in the IGA as the National Driver Licence Facial Recognition Solution. The system is intended to facilitate the provision, conduct and coordination of requests for identity-matching services that involve government identification documents issued by a state or territory authority.

175.            The NDLFRS consists of two main parts: a database of state and territory identification information and a facial recognition system for biometric comparison of facial images.

176.            Paragraph 15(a) will provide for the NDLFRS database to include identification information contained in government identification documents issued by states and territories. This includes information such as facial images, names, and dates of birth (see explanatory notes for clause 5 for the definition of ‘identification identification’) that is replicated from the local systems of state and territory authorities and supplied to Home Affairs for inclusion in the NDLFRS database. The NDLFRS database will be designed to enable each state and territory authority to control access to its data via the identity-matching services. The design of the system will not provide Home Affairs with the ability to view, modify or update identification information supplied by state and territory authorities.

177.            The main documents that will initially have their identification information incorporated into the system are driver licences. However, identification information from other state or territory identification documents may also be incorporated, such as fishing, firearm and marine licences and proof of age or identity cards. Identification information derived from Commonwealth identification documents will not be included in the NDLFRS.

178.            Paragraph 15(b) will provide for the facial recognition system for biometric comparison of facial images submitted in requests for an identity-matching service and facial images stored in the database. This system uses the facial images supplied by states and territories to generate biometric templates that are stored in the system to be used as the basis for biometric comparison.

179.            When a matching request is received, the facial recognition system will create a biometric template from the ‘probe’ facial image that is submitted as part of the request. This biometric template is compared against the templates stored in the system. Once a matching request has been processed, the probe image and its associated templates are not retained anywhere in the NDLFRS.

Part 3 - Authorising collection, use and disclosure of identification information

180.            Part 3 of the Bill will authorise the collection, use and disclosure of identification information by Home Affairs to provide the identity matching services.

Division 1—Simplified outline

Clause 16 - Simplified outline of this Part

181.            Clause 16 will explain that under Part 3, Home Affairs may collect, use or disclose identification information for the provision of identity-matching services and related purposes. The simplified outline is included to provide readers with an overview of the purpose and effect of the Part.

Division 2—Collection, use and disclosure of identification information by the Department

Clause 17 - Collection of identification information by the Department

182.            Subclause 17(1) will authorise Home Affairs to collect identification information about an individual by means of an electronic communication to either the interoperability hub or the NDLFRS. Paragraph 17(1)(b) limits this authorisation to the collection of identification information for the purposes described in subclause 17(2). 

183.            Subclause 17(1) contains a reference to identification information whether or not it is sensitive information as defined in the Privacy Act 1988. The terms ‘personal information’ and ‘sensitive information’ are defined in section 6 of the Privacy Act . As the note under subclause 17(1) explains, subclause 17(1) will authorise the collection of sensitive information for the purposes of Australian Privacy Principle (APP) 3.4(a). Sensitive information is a sub-category of personal information and includes facial images to be used for biometric matching, and biometric templates.

184.            Subclause 17(1) will also authorise the collection of personal information from someone other than the individual for the purposes of APP 3.6(a)(ii), such as from a state or territory authority that issues driver licences.

185.            Subclause 17(2) will set out the purposes for which Home Affairs may collect identification information under subclause 17(1). These will be:

·          providing an identity-matching service (defined by clause 7) for one of the identity or community protection activities (defined by clause 6)

·          developing the identity-matching services and facilities for providing those services

·          developing, operating or maintaining the NDLFRS

·          protecting persons with legally assumed identities, and

·          protecting persons in witness protection programs, or persons involved in administering witness protection programs, who have legally assumed identities.

186.            These purposes are also the purposes for which Home Affairs will be authorised to use and disclose identification information under clause 18.

187.            Clause 17 is intended to authorise Home Affairs to collect identification information for the various purposes for which it will be required in order for Home Affairs to provide identity-matching services through the interoperability hub and NDLFRS for the identity and community protection activities set out in the Bill. It is also intended to capture the range of incidental purposes for which Home Affairs may need to collect identification information in the course of performing these functions, such as technical work on the interoperability hub or NDLFRS.

Clause 18 - Use and disclosure of identification information by the Department

188.            This clause will authorise Home Affairs to use or disclose identification information collected by means of electronic communications to the interoperability hub or NDLFRS, or held in, or generated using, the NDLFRS. This clause is intended to authorise use or disclosure of personal information for the purposes of APP 6.2(b).  

189.            The purposes for which Home Affairs may use or disclose identification are the same as those for which it may collect the information, as set out in subclause 17(2).

190.            Similar to clause 17, clause 18 is intended to authorise Home Affairs to use and disclose identification information for the various purposes for which it will be required in order for Home Affairs to provide identity-matching services through the interoperability hub and NDLFRS. As per the note under clause 18, it is not intended to authorise the collection of identification information by recipients of a disclosure by Home Affairs. Recipients must rely on their own legal basis to collect, use or disclose that information, and comply with all applicable laws.

Division 3—Disclosure of identification information by State and Territory authorities to the Department

Clause 19 - Disclosure of identification information for inclusion in database in NDLFRS or relaying by interoperability hub

191.            Clause 19 will provide authority for state and territory authorities, or a body or person acting on their behalf, to disclose identification information to Home Affairs for inclusion in the NDLFRS.

192.            Subclause 19(1) provides that this clause will only apply if a law of a state or territory limits disclosure of identification information with an exemption where it is authorised by a law of the Commonwealth. Clause 19 is intended to act as a ‘law of the Commonwealth’ for these purposes.

193.            An example of the intended operation of the clause is if a state or territory law generally prohibits the disclosure of personal information held in a driver licence database, but there is an exception to that prohibition where the disclosure was permitted by a Commonwealth law. Clause 19 would operate to permit the state or territory authority to disclose the relevant information to Home Affairs for inclusion in the NDLFRS (subclause 19(2)).

194.            This clause has been included to facilitate the disclosure of driver licence data (or other data the state or territory is providing for inclusion in the NDLFRS) by states and territories to Home Affairs for the purpose of the establishment and operation of the NDLFRS, where state and territory legislation allows disclosure if it is authorised by a Commonwealth law. This is to reduce the number of states and territories that would need to amend their own legislation before Home Affairs could develop the database.

195.            The clause does not purport to authorise the disclosure of information contained in a request for an identity-matching service submitted by a state or territory authority. State and territory authorities will need to have their own legal basis to permit the disclosure of information when using the identity-matching services. The clause also does not compel disclosure of identification information by a state or territory authority, nor does it over-ride other state or territory laws limiting disclosure of identification information.

Part 4 - Protection of information

196.            Part 4 of the Bill will set out the information-protection provisions intended to prohibit unauthorised recording and disclosure of information relating to the face-matching services. Part 4 will also define the circumstances in which information can legally be recorded and disclosed.

Division 1—Simplified outline

Clause 20 - Simplified outline of this Part

197.            Clause 20 will explain that Part 4 of the Bill will prohibit unauthorised disclosure or recording of information connected with the electronic hub or the NDLFRS by an employee of Home Affairs or a secondee to Home Affairs, as well as any  contractor (or subcontractor) engaged to provide services in connection with the hub or the NDLFRS.

198.            Clause 20 will also explain that Part 4 of the Bill contains a number of exceptions to the prohibition on disclosure or recording of information.

199.            The simplified outline is included to provide readers with an overview of the purpose and effect of the part.

Division 2—Limits on recording and disclosure

Clause 21 - Limits on recording and disclosure by entrusted persons

200.            Clause 21 will create an offence in relation to the recording and disclosure of information, and provide for exceptions to the offence in specified circumstances. 

201.            Subclause 21(1) will make it an offence for an entrusted person who has obtained protected information in their capacity as an entrusted person to make a record of the information or disclose the information. Subclause 21(4) will define the terms entrusted person and protected information for the purpose of this clause. The penalty for committing the offence is two years imprisonment.

202.            The offence will apply to the act of both disclosure and the making of a record of protection information. Unauthorised disclosure and recording, particularly of the personal and sensitive information contained in the NDLFRS, could cause serious harm to Australia’s law enforcement, national security and intelligence interests. This in turn could undermine public confidence in the security of the interoperability hub and NDLFRS, jeopardising the future operation of these systems. Furthermore, unauthorised recording or disclosure of an individual’s personal or sensitive information is a breach of the individual’s privacy and may cause harm to the individual involved.

203.            The clause does not encompass the unauthorised disclosure and recording of protected information by other entities that may come into contact with protected information, such as users of the identity-matching services. The unauthorised disclosure or recording by these entities is already sufficiently covered by the laws that authorise those entities to use the identity-matching services.

204.            Offences in other legislation may also apply in relation to conduct that is prohibited under subclause 21(1). For example, section 15LC of the Crimes Act makes it an offence to disclose the identity of a person with an assumed identity, punishable by imprisonment for up to ten years. A person who disclosed identification information under the bill that also disclosed the identity of a person with an assumed identity may be liable under either, or both of, subclause 21(1) of the Bill and section 15LC of the Crimes Act.

205.            Subclause 21(2) will provide for exceptions to the offence where the recording or disclosure is authorised by or in compliance with a law of the Commonwealth, a state or a territory. The purpose of subclause 21(2) is to exempt an entrusted person from the offence provision in subclause 21(1) where they are legally authorised to record or disclose the information under the Bill or another law.

206.            An example of conduct that would meet this exemption would include any conduct authorised by Division 3 of Part 4 of the Bill. This includes the recording or disclosure of protected information as part of exercising powers or performing functions or duties under the Bill, to lessen or prevent a threat to life or health, for anti-corruption purposes, or with the consent of a person to whom the information relates.  

207.            Subclause 21(3) will provide that an entrusted person can only be required to disclose protected information, or produce a document containing protected information to:

·          a court, or

·          a tribunal or other person with the power to require the answering of questions or the production of documents (such as the Australian Commission for Law Enforcement Integrity (ACLEI))

where it is necessary to give effect to the Bill or the Law Enforcement Integrity Commissioner Act 2006 (LEIC Act), or a legislative instrument under those Acts.

208.            The purpose of this subclause is to prevent courts, tribunals and other authorities with coercive powers to issue an order or otherwise require an entrusted person to disclose information where it is not related to the purposes or activities of the Bill or the LEIC Act.

209.            An example of the operation of subclause 21(3) of the Bill would be where the ACLEI issued a coercive notice under the LEIC Act on Home Affairs to produce information. Home Affairs would be required to produce the required information under this provision. Disclosure of the information by Home Affairs would be considered to be conduct that is authorised by, or in compliance with, a law of the Commonwealth under subclause 21(2) of the Bill.

210.            An example of where subclause 21(3) would operate to prevent an entrusted person from being required to produce documents is if another person sought a discovery order (or a comparable court document requiring production of documents) on Home Affairs in order to help identify a person to recover unpaid private carpark fees or other outstanding debts.

211.            To the extent of any inconsistency between subclause 21(3) and subclause 21(2) of the Bill, subclause 21(3) is intended to prevail.

212.            Subclause 21(4) will define an entrusted person to be:

a)       The Secretary of Home Affairs

b)       an APS employee in Home Affairs

c)       a secondee from another Commonwealth, state, territory or foreign government authority who is working in or for Home Affairs

d)      a contractor or subcontractor engaged to provide services to Home Affairs (including their employees) relating to the interoperability hub or the NDLFRS

e)       an officer or employee of a contractor mentioned in paragraph 21(4)(d).

213.            Under subclause 21(1), an entrusted person will be prohibited from recording or disclosing protected information except as authorised under the Act. The definition of entrusted person in subclause 21(4) is intended to capture all individuals working for or employed by Home Affairs who may have access to protected information from or related to the interoperability hub or the NDLFRS.

214.            Subclause 21(4) will define the term protected information, which describes the kinds of information protected by the secrecy offence in subclause 21(1). The term is broader than that of identification information, which is used elsewhere in the Bill, because the secrecy offence needs to apply information that relates to the operation of the interoperability hub and NDLFRS that may not fall within the definition of identification information in clause 5. For example, this could include metadata relating to requests for identity-matching services or login credentials and passwords to access the interoperability hub and NDLFRS. The unauthorised disclosure of such information could seriously compromise the security of the systems supporting the identity-matching services.

215.            Accordingly, the clause will define protected information to mean the following information obtained by a person in their capacity as an entrusted person:

·          identification information from the NDLFRS or the operation of the interoperability hub and NDLFRS;

·          the metadata that relates to the making, content or addressing of an identity-matching service request to or from the interoperability hub or NDLFRS; and

·          information that enables access to the interoperability hub or NDLFRS (for example, login credentials or passwords).

Division 3 - Authorised recording and disclosure by entrusted persons

216.            This Division will set out the circumstances in which the disclosure or recording of protected information by entrusted persons will be authorised for the purposes of the Bill. Circumstances set out in this Division will be considered to be ‘conduct authorised by a law of the Commonwealth’ for the purpose of subclause 21(2).

Clause 22 - Exercising powers, or performing functions or duties, as an entrusted person

217.            This clause will authorise the recording or disclosure of protected information by an entrusted person where the information is disclosed for the purposes of the Bill or where it occurs in the course of the person exercising powers, or performing functions or duties, as an entrusted person.

218.            This clause is intended to permit entrusted persons to disclose or record protected information in accordance with their normal work duties without committing an offence under subclause 21(1). For example, this could include a departmental officer disclosing information under a request for a person’s own information under the Freedom of Information Act 1982 (the FOI Act) or Australian Privacy Principle 12 in the Privacy Act. 

Clause 23 - Disclosure to lessen or prevent threat to life or health

219.            Clause 23 of the Bill will authorise the recording or disclosure of protected information by an entrusted person in order to lessen or prevent an imminent serious threat to the life or health of an individual. The authorisation is only available when the person reasonably believes that disclosure or recording is necessary. It is also limited to situations where there is an imminent and serious threat to the life or health of an individual.

220.            As with other references to ‘reasonable belief’ in the Bill (see explanatory notes to clause 6 for example), this should be interpreted with reference to common law interpretations of the term in other legislation. In general, a subjective belief that the circumstances exist should be formed, supported by objective evidence that the belief is reasonable.

221.            A ‘serious’ threat is one that poses a significant danger to one or more individuals. The likelihood of a threat occurring as well as the consequences if the threat materialises are both relevant in determining whether a threat is serious. The requirement that the threat must be ‘imminent’ is included to ensure that this clause will only permit disclosure or recording while the threat still exists and urgent action is required to lessen or prevent it.

222.            Examples of circumstances where disclosure or recording of protected information may be permitted under this clause include where it is it is unreasonable or impracticable to obtain the consent of the individual whose health or safety is threatened to the disclosure or recording given the imminence of the threat.

223.            Further material explaining the meaning of a serious threat to life or health can be found in the discussion of ‘Lessening or preventing a serious threat to life, health or safety’ in the Office of the Australian Information Commission’s Australian Privacy Principles Guidelines .

224.            Subclause 23(2) is intended to clarify that the person may make a record of the information in order to disclose it under subclause 23(1).

Clause 24 - Disclosure relating to corruption issue

225.            Clause 24 of the Bill will authorise the recording or disclosure of protected information for purposes associated with reporting and investigating corruption.

226.            Subclause 24(1) will provide that an entrusted person may disclose protected information to the Integrity Commissioner when referring an allegation, or information, that raises a corruption issue (paragraph 24(1)(a)), notifying a corruption issue (paragraph 24(1)(b)), or for the purpose of an investigation into a corruption issue (paragraph 24(1)(c)).

227.            The purpose of this subclause is to ensure that entrusted persons are not prevented from notifying corruption issues, or referring information or allegations about corruption issues, to the Integrity Commissioner under Division 1 of Part 4 of the LEIC Act, or otherwise providing the Integrity Commissioner with information relevant to a corruption investigation. 

228.            Subclause 24(2) is intended to clarify that the person may make a record of the information in order to disclose it under subclause 24(1).

229.            Subclause 24(3) is intended to ensure that clause 24 does not unintentionally limit recording or disclosure of protected information for purposes connected with the LEIC Act that would otherwise be exempt from the offence provision in subclause 21(1) because of the operation of subclause 21(2) or subclause 21(3). This means that even if the recording or disclosure to the Integrity Commissioner is not specifically authorised under clause 24, it is still permitted if it is authorised by, or in compliance with a requirement under, the LEIC Act (and therefore falls under subclause 21(2)), or if the person is required to disclose the information and it is necessary for the purpose of giving effect to the LEIC Act (falling under subclause 21(3)).

230.            Providing exemptions to the offence of unauthorised recording or disclosure of protected information for the purposes of the LEIC Act is an anti-corruption measure. It is designed to uphold the integrity of the identity-matching services, including sensitive personal information that could conceivably be misused for corrupt purposes, by providing explicit protection for corruption whistle-blowers.

Clause 25 - Disclosure with consent

231.            Clause 25 of the Bill will authorise the recording or disclosure of protected information that relates to the affairs of a person where the person consents to the recording or disclosure and the recording or disclosure is in accordance with that consent.

232.            The concept of ‘consent’ in the Bill is intended to have the same meaning as in the Privacy Act. It is intended to include express consent or implied consent. The discussion of the meaning of ‘consent’ in the Australian Privacy Principles guidelines issued by the Office of the Australian Information Commissioner (OAIC) is also relevant to interpreting the meaning of ‘consent’ in the Bill.

233.            As an example, this exception could cover where an individual is seeking access to his or her own personal information held by Home Affairs through a request under the FOI Act or Australian Privacy Principle 12 in the Privacy Act (or equivalent state or territory legislation if applicable).

Part 5 - Miscellaneous

Clause 26 - Simplified outline of this Part

234.            Clause 26 will explain that Part 5 of the Act includes provisions for:

·          annual reporting on use of the identity-matching services

·          a review of the operation of the Act to commence within 5 years of commencement

·          the making of rules by the Minister.

Clause 27 - Delegation of Secretary’s powers and functions under this Act

235.            Clause 27 will permit the Secretary of Home Affairs to delegate in writing the Secretary’s functions and powers under the Bill. This would include delegation of the Secretary’s powers provided for in Part 2 of the Bill in relation to the creation of the NDLFRS and interoperability hub and in clause 28 in relation to annual reporting.  

236.            The delegation power is limited to delegation to an SES or acting SES employee. Section 2B of the Acts Interpretation Act defines an SES employee, by way of the Public Service Act 1999 , to be an Australian Public Service employee classified as an SES employee under the classification rules of that Act. An acting SES employee is defined in that Act as a non - SES employee who is acting in a position usually occupied by an SES employee.

237.             The clause also specifies that the delegate must comply with any written directions of the Secretary when performing their delegated functions or powers.

238.            The purpose of clause 27 is to facilitate the practical implementation of the Bill by allowing appropriately delegated Home Affairs employees to perform the functions and duties of the Secretary provided for in the Bill.

Clause 28 - Annual reporting

239.            Clause 28 will require the Secretary of Home Affairs to provide the Minister with an annual report on the operation of the identity-matching services covering each financial year. The purpose of this clause is to inform both the Parliament and the public about how the identity-matching services have operated in the preceding financial year.

240.            Paragraph 28(1)(a) will set out the reporting requirements for government authorities of the Commonwealth, the states and the territories. This is intended to include reporting on usage by local government authorities, which are authorities of states and territories. Paragraph 28(1)(a) requires reporting in relation to the following services:

·          FIS (Face Identification Service)

·          FVS (Face Verification Service)

·          OPOLS (One Person One Licence Service).

241.            Reporting is not required in the annual report in relation to the FRAUS because that service is used only by state and territory authorities in relation to the jurisdiction’s own data. It will be the responsibility of individual states and territories to manage transparency and accountability in relation to this service.

242.            Paragraph 28(1)(a) requires reporting in relation to:

        i.             The names of authorities using the services

      ii.             The services requested

    iii.             The number of times that information was provided in response to a request

    iv.             The number of times information was not provided in response to a request

      v.             For the FIS - the activity for which the service was requested, which must be one of the identity and community protection activities in subclauses 6(2) to (6) of the Bill.

243.            Paragraph 28(1)(b) will require reporting about non-government entity usage of face verification services. The required statistics are similar to those in paragraphs 28(1)(a)(i)-(iv), except that the non-government entities that the requests originate from are not required to be individually named in the report. This is necessary to protect commercial confidentiality.

244.            Paragraph 28(1)(c) will require reporting on the use of the IDSS (which is defined in clause 11 of the Bill). The report is required to include:

        i.             The name of authorities that used the service

      ii.             A brief description of the nature of the information involved

    iii.             Information about whether the authority collected or disclosed the information.

245.            As noted in paragraphs 28(1)(a) and (c), the Australian Security Intelligence Organisation (ASIO) will not be required to report its usage of the services in the annual report. ASIO has been excluded from the reporting requirements to protect the security of their operations.

246.            Paragraph 28(1)(d) will require reporting on any other information relating to the identity-matching services or the administration of the Act that is required by the Minister. This is intended to capture, for example, a request by the Minister to report on the use of any further identity-matching services that are subsequently prescribed in the rules.

247.            Subclause 28(2) will provide that the report must not unreasonably disclose personal information about individuals. For example, the report should not reveal sensitive identification information contained in the NDLFRS. This clause is included to ensure that the report does not disclose personal information that is not reasonably required for accountability purposes.

248.            This clause is not intended to prevent the inclusion of publically available information about an individual that is also identification information. For example, information about a criminal who was apprehended due to an identity-matching service, and who has been convicted in a court of law for the offence, could be included in the report.

249.            Subclause 28(3) will specify that Home Affairs must give the Minister the required reports within six months of the end of the financial year at latest (by 30 December of that year). Subclause 28(4) will require the Minister to cause a copy of the report to be tabled in each House of the Parliament within 15 sitting days of that House after the Minister receives the report. These subclauses are intended to ensure that the reporting is completed and made public in a timely manner, to ensure transparency and accountability in the use of the identity-matching services.

Clause 29 - Review of operation of this Act and provision of identity-matching services

250.            Subclause 29(1) will require the Minister to cause a review of the Bill to commence within five years of its commencement. A five year timeframe is required as it may take some time for all of the states and territories to commence participation in the identity-matching services, and sufficient operating time is needed to ensure that the functioning of the services in relation to all jurisdictions can be assessed adequately.

251.            There is no requirement for the review to be prepared by any particular kind of entity (whether government or private sector).

252.            Subclause 29(2) requires that the Minister must ensure that a report of the review is prepared and given to the Minister. This will ensure that the review prepares a formal record of its findings. It is anticipated that the report will detail the methodology of the review, the findings, and any recommendations about the operation of the identity-matching services.  

253.            Subclause 29(3) will require the Minister to cause a copy of the report to be tabled in each House of the Parliament within 15 sitting days of that House after the Minister receives the report. This will ensure that the findings of the review are made public. This is important to promote the accountability and transparency of the identity-matching services.

Clause 30 - Rules

254.            Subclause 30(1) will provide the Minister with the power to make rules prescribing matters required or permitted by the Bill or necessary or convenient for carrying out or giving effect to the Bill.

255.            This power authorises the Minister to make rules prescribing matters relating to the Act, including for the purposes of:

·          paragraph 5(1)(n) (prescribing additional types of identification information)

·          paragraph 7(1)(f) (prescribing new identity-matching services); and

·          paragraph 8(2)(q) (prescribing state police or anti-corruption authorities to have access to the FIS).

256.            The Minister may also make rules about any other matters that fit within the requirements of subclause 30(1).

257.            Subclause 30(2) will provide clarification about things that the rules may not do, for the avoidance of doubt. It makes clear that any rules the Minister makes cannot:

·          create an offence or civil penalty

·          provide powers of arrest, detention, entry, search or seizure

·          impose a tax

·          create an appropriation

·          amend the Act (i.e. the rules do not allow for ‘Henry VIII’ clauses).

258.            Subclause 30(3) will have the effect of providing that any rules made under subclause 30(1) will be subject to disallowance by Parliament.

259.            Subsection 44(1) of the Legislation Act 2003 (Legislation Act) provides that legislative instruments are not subject to disallowance if the enabling legislation facilitates the establishment or operation of an intergovernmental body or scheme involving one or more states and the instrument is made for the purposes of that body or scheme.

260.            The effect of subclause 30(3) is to provide that, even though this Bill may fall within the types of enabling legislation referred to in subsection 44(1) of the Legislation Act, rules made under this Bill are still subject to disallowance. Parliamentary review of any rules made by the Minister is an important oversight measure.

261.            Subclause 30(4) will make any rules prescribed under the Bill subject to sunsetting after ten years. Subsection 54(1) of the Legislation Act provides that legislative instruments are not subject to sunsetting if the enabling legislation facilitates the establishment or operation of an intergovernmental body or scheme involving one or more states and the instrument is made for the purposes of that body or scheme.

262.            The effect of subclause 30(4) is to provide that, even though this Bill may fall within the types of enabling legislation referred to in subsection 54(1) of the Legislation Act, rules made under this Bill will still be subject to sunsetting. Sunsetting is an important accountability and transparency measure that will ensure that any rules made for the purpose of the Bill will be reviewed for currency and ongoing need.



 

Attachment A

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Identity-matching Services Bill 2018

This Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 .

Overview of the Bill

This Bill will facilitate the secure, automated and accountable exchange of identity information between the Commonwealth and state and territory governments, pursuant to the objectives of the Intergovernmental Agreement on Identity Matching Services (IGA), agreed by COAG in October 2017. The Bill will achieve this by providing explicit legal authority for the Department of Home Affairs (Home Affairs) to collect, use and disclose identification information in order to operate the technical systems that will facilitate the identity-matching services envisaged by the IGA.

Under the IGA, the Commonwealth and all states and territories agreed to preserve or introduce legislation to support the collection, use and disclosure of facial images and related identity information between the parties, via a set of identity-matching services, for the following purposes:

·          Preventing identity crime

·          General law enforcement

·          National security

·          Protective security

·          Community safety

·          Road safety, and

·          Identity verification.

The identity-matching services will be delivered via the interoperability hub that the Bill will authorise Home Affairs to operate. The interoperability hub facilitates data-sharing between agencies on a query and response basis, without storing any personal information. Passport, visa and citizenship images will continue to be held by the Commonwealth agencies that issue these documents, and that already have facial recognition systems.

Driver licence images will be made available by the establishment of a National Driver Licence Facial Recognition Solution (NDLFRS), hosted by the Commonwealth on behalf of the states and territories in accordance with the IGA. The NDLFRS will consist of a federated database of identification information contained in government identification documents (initially driver licences) issued by state and territory authorities, and a facial recognition system for biometric comparison of facial images against facial images in the database. The design of the system will not provide Home Affairs with the ability to view, modify or update identification information supplied by state and territory authorities, to protect the privacy of the information.

The Bill will define the scope of the identity-matching services, including their functions, types of information they may use, the types of organisations that may use the services and the purposes for which they can be used. It will authorise Home Affairs to collect, use and disclose identity information for the purpose of developing, operating and maintaining the interoperability hub and the NDLFRS, and provide for accountability and transparency measures including annual reporting, a statutory review and penalties for unauthorised recording or disclosure of information.

The specific identity-matching services set out in the Bill are as follows:

·          the Face Verification Service (FVS), which allows government agencies and private sector organisations to verify a known or claimed identity

·          the Face Identification Service (FIS), which allows law enforcement, intelligence and anti-corruption agencies to identify an unknown person

·          the One Person One Licence Service (OPOLS), which will allow state and territory agencies to detect cases where a person may hold multiple driver or other licences or fraudulent identities across jurisdictions

·          the Facial Recognition Analysis Utility Service (FRAUS), which will allow state and territory agencies to assess the accuracy and quality of their data holdings, and

·          the Identity Data Sharing Service (IDSS), which will allow for the secure sharing of biometric identity information between Commonwealth, state and territory agencies.

Whilst the Bill provides an explicit legal basis for the provision of the identity-matching services by Home Affairs, it does not create additional authorisations for other agencies or organisations to collect, use, or disclose information. The Bill is one part of a broader legislative framework that will authorise the operation of the services, which also includes existing legislation that agencies already rely on to collect, use and disclose identification information for various purposes.

The Bill is consistent with, and helps to implement the objectives of, the National Identity Security Strategy (NISS). The NISS was first established by the Intergovernmental Agreement to a National Identity Security Strategy , agreed by COAG in 2007. The overall objective of the NISS is for the Commonwealth, states and territories to work collaboratively to enhance national security, combat crime and increase service delivery opportunities through nationally consistent processes for enrolling, securing, verifying and authenticating identities and identity credentials.

By strengthening the legal basis for Home Affairs to deliver identity-matching services through the interoperability hub and the NDLFRS, the Bill will support the Commonwealth to meet its obligations under the IGA to deliver fast, secure identity-matching services. The services will help to minimise the harms caused by identity crime, and improve Australia’s national security, law enforcement, community safety and road safety capabilities. 

Privacy, accountability and transparency measures

The identity-matching services facilitated by the Bill have been informed by a ‘Privacy by Design’ approach, with a range of privacy safeguards built-in through the Bill, as well as the policy and administrative arrangements that will support the services. The Bill has a range of privacy, accountability and transparency measures to ensure appropriate safeguards exist in relation to the use of identification information in the delivery of identity-matching services via the interoperability hub and the NDLFRS. These include:

·          Defining what is considered to be ‘identification information’ that can be stored in or transmitted through the identity-matching systems, specifically excluding certain types of personal information that are not necessary for identity-matching purposes

·          Defining the scope of the identity-matching services that can be provided by Home Affairs, including requiring the services to be provided by electronic communications through the interoperability hub or directly to and from the NDLFRS for auditing and accountability purposes

·          Limiting the purposes for which Home Affairs may collect, use or disclose identification information via the interoperability hub and NDLFRS to prescribed identity and community protection activities

·          Limiting the use of particular identity-matching services to only those agencies and organisations that have a reasonable need to use them, and for specific purposes

·          Specifically providing for the protection of individuals with legally assumed identities or who are under witness protection

·          Establishing an offence for unauthorised recording and disclosure of information from or in connection with the interoperability hub and NDLFRS

·          Restricting local government and non-government access to identity-matching services to circumstances where identity verification is reasonably necessary and is done with the consent of the individual involved

·          Requiring local government or non-government entities requesting identity-matching services to be covered by the Privacy Act 1988 (the Privacy Act) , or state or territory legislation or an agreement with the responsible department with equivalent provisions

·          Requiring the Minister to consult the Information Commissioner and the Human Rights Commissioner before making rules prescribing extra kinds of identification information or additional identity-matching services

·          Requiring the responsible Minister to report annually on the use of the identity-matching services

·          Mandating a statutory review of the Bill to be started within 5 years of commencement

·          Making rules subject to disallowance and sunsetting

In addition to the privacy, transparency and accountability safeguards in the Bill, policy and administrative arrangements will include further safeguards.

In particular, under the IGA the supporting data sharing agreements and access policies for each of the identity-matching services provided for in the Bill will outline additional privacy safeguards that entities seeking access to the services will need to comply with. These include:

·          providing a statement of the legislative authority or basis on which the entity may obtain identity information through face-matching services

·          being subject to a privacy impact assessment which includes consideration of the entity’s use of the face-matching services, except where the entity’s use is expressly exempt from relevant Commonwealth, state or territory privacy legislation

·          entering into arrangements for the sharing of identity information with each data-holding agency it wishes to receive information from

·          providing appropriate training to personnel involved in the use of face-matching services

·          conducting annual compliance audits in relation to the use of face-matching services

These policy and administrative requirements further support the provisions in the Bill to limit the human rights implications of the identity-matching services, particularly in relation to privacy. 

Human rights implications

The Bill engages the following rights:

·          protection against arbitrary or unlawful interference with privacy contained in Article 17 of the International Covenant on Civil and Political Rights (ICCPR)

·          the right to freedom of expression contained in Article 19 of the ICCPR, and

·          the right to liberty and security of the person contained in Article 9 of the ICCPR.

Article 17 of the ICCPR

Article 17 of the ICCPR prohibits arbitrary or unlawful interference with a person’s privacy, family, home or correspondence and unlawful attacks on a person’s honour or reputation. It also provides that everyone has the right to the protection of the law against such interference or attacks.

The right to privacy articulated in Article 17 of the ICCPR may be subject to permissible limitations that are authorised by law, are not arbitrary, pursue a legitimate objective, are necessary to achieve that objective, and are a proportionate means of achieving it. In order for an interference with the right to privacy not to be arbitrary, the interference must be for a reason consistent with the provisions, aims and objectives of the ICCPR and be reasonable in the particular circumstances. The United Nations Human Rights Committee (the UNHRC) has interpreted ‘reasonableness’ in this context to mean that any interference with privacy must be proportional to the end sought and be necessary in the circumstances of any given case.

The Bill engages and limits the right to privacy because it authorises Home Affairs to collect, use and disclose certain types of personal information and sensitive information (within the meaning of the Privacy Act) in order to deliver five different identity-matching services via the interoperability hub and the NDLFRS. This information will include biographic details such as names, dates of birth and gender, as well as facial images and biometric templates derived from facial images.

Each of the identity-matching services that will be facilitated through the interoperability hub and NDLFRS are intended to pursue legitimate objectives, are reasonable and necessary to achieve those objectives, and have been designed to ensure that their privacy implications are proportionate to the need for those services for specific activities.

It is noted that the design of the Bill ensures that a number of significant privacy protections apply to the use of all identity-matching services.

Most notably, the Bill only provides Home Affairs with authorisation to collect, use and disclose those types of sensitive and personal information (defined in the Bill as identification information) that are reasonably necessary to allow Home Affairs to deliver the identity-matching services through the interoperability hub and NDLFRS.

The Bill is designed to facilitate Home Affairs to provide the identity-matching services, rather than authorise information-sharing by other organisations participating in the services. The Bill has been developed on the basis that other agencies or organisations participating in the identity-matching services must have their own legal authority to do so, and must comply with legislated privacy protections that apply to them.

This provides an additional layer of protection for the identification information held within the NDLFRS or transmitted via the interoperability hub, by ensuring that there is no automatic exemption from privacy protections for users of the identity-matching services.

The Bill also does not require other agencies to share information with Home Affairs or data-requesting agencies for the purpose of delivering the identity-matching services. Commonwealth, state and territory agencies will have the discretion to determine what information they will provide for use in the identity-matching services, and the circumstances in which it will be available (informed by their own legislative authority to collect, use and disclose identity information).

The Bill provides for a review of its operation to be started within five years of commencement, providing an opportunity to assess the operation of the identity-matching services, including their privacy impacts.

Annual reporting as well as requirements for the Minister to consult the Information Commissioner and Human Rights Commissioner when prescribing extra kinds of identification information and additional identity-matching services will also allow for parliamentary and public oversight of the agencies and organisations using the services and the purposes for which they are being used.

These and other privacy, accountability and transparency measures provide appropriate safeguards against unnecessary impositions on the right to privacy as a result of the identity-matching services provided for by the Bill. They will ensure that privacy is an ongoing and primary consideration in the implementation of the Bill and the identity-matching services. Additional restrictions on the availability and uses of each of the particular identity-matching services further ensure that the limitations on the right to privacy resulting from each service are reasonable, necessary and proportionate to the legitimate objectives of the particular service.

The FVS

The Face Verification Service (FVS) enables agencies and organisations to quickly and securely verify a person’s claimed or suspected identity. The FVS has privacy implications for the individual whose identity is being verified, because it involves the sharing of identification information about that individual between the agency or organisation submitting a request for the FVS, and the agency or agencies providing the matching service. 

However, identity verification supports the legitimate objectives of fighting identity crime, and supporting national security, law enforcement and community safety activities.

Robust identity-checking practices have significant benefits for individuals and for the community. They help to secure the legitimate identities of individuals by enabling agencies and organisations to detect and prevent the use of stolen, fake or fraudulent identity documentation. This protects individuals from the financial and other impacts of misuse of their identity by others (for example, acquiring credit or debt in their name), and protects the community from other offences committed by those attempting to conceal their identity to evade detection. They also protect the integrity of government identification documents, ensuring that the majority of Australians who use legitimate identification documents can prove their identity and access services and benefits to which they are entitled.

Identity verification is particularly important in combating identity crime. Identity crime is one of the most common types of crime committed in Australia. The Identity Crime and Misuse in Australia Report 2016 (the Identity Crime Report) prepared by the Attorney-General's Department, in conjunction with the Australian Institute of Criminology, indicated that identity crime affects around 1 in 20 Australians every year (and around l in 5 Australians throughout their lifetime), with an estimated annual cost of over $2.2 billion.

In addition to financial losses, the consequences experience by victims of identity crime can include mental health impacts, wrongful arrest, and significant emotional distress when attempting to restore a compromised identity. By supporting fast and secure verification of government-issued identification documents by private sector organisations and government agencies, the Bill will reduce the frequency, severity and impacts of identity fraud.

The use of fraudulent identities is also a key enabler of organised crime and terrorism. Australians previously convicted of terrorism related offences are known to have used fake identities to purchase items such as ammunition, chemicals that can be used to manufacture explosives, and mobile phones to communicate anonymously to evade detection. An operation by the joint Australian Federal Police and New South Wales Police Identity Security Strike Team found that the fraudulent identities seized from just one criminal syndicate were linked to 29 high profile criminals linked to historic or ongoing illicit drug investigations, more than $7 million in losses associated with fraud against individuals and financial institutions, and more than $50 million in funds that were laundered offshore and were likely to be proceeds of crime.

In addition to combating identity and related crimes, there are a range of other situations in which identity verification is essential to law enforcement, national security and community safety. This may include verifying the identity of a person suspected of committing a criminal offence, a person seeking authorisation to access a government facility, or a person who is believed to be a missing person. In circumstances such as these, there is a clear need to be able to verify the person’s identity in order to protect the community or the individual themselves.    

By enabling the provision of the FVS by Home Affairs, the Bill is pursuing the legitimate objective of making fast and secure identity verification available to support a range of identity-check processes. These processes protect individuals and the community from identity crime and from other harms.

Making the FVS accessible through the interoperability hub, including the use of driver licence information via the NDLFRS, is reasonable and necessary to achieve this legitimate objective.

The Commonwealth has already taken steps to improve identity verification, including the establishment of the Document Verification Service (DVS). The DVS is an online system that allows organisations to check information taken from a person’s provided identity document, with their consent, against the corresponding record of the document issuing agency. The DVS has been available to government users since 2009 and private sector organisations since 2015.

The DVS has provided users with a fast and secure way to confirm that a person’s claimed identity details match those held in government records. It helps to prevent the use of fake identities (false names, dates of birth etc) by detecting when a document does not match a record held by the issuing authority. However, this has incentivised criminals to steal genuine identities and use them for criminal purposes, rather than create entirely false identities. Organised crime groups in particular are developing increasingly sophisticated methods for replicating genuine identification documents with fake photographs, using the same technologies used by the document-issuing agency. These documents are not detected by the DVS because the biographical details are genuine.

By contrast to the DVS, the FVS can take a facial image and check it against the facial image contained in a government record associated with the person’s claimed identity, using biometric matching. This allows users to detect when a person is attempting to use a fraudulent identification document that may contain genuine biographical details, but a substituted photograph. These types of fraudulent identities are used for wide range of criminal activities, including money laundering, obtaining firearms and other restricted goods, and avoiding detection for other offences.

There is a clear need for government and private sector service providers to improve their identity-verification processes to ensure they can continue to detect these increasingly sophisticated fraudulent identity documents. The FVS will assist with this by ensuring that the use of a wider range of fraudulent identification documents can be prevented in a fast, automated and secure way.

Many agencies and organisations already have data-sharing arrangements for the purpose of manual facial matching. However, these arrangements can be ad-hoc, often relying on manual processes, may not be secure and may be difficult to audit. By contrast, the FVS will be delivered through the interoperability hub. The hub will capture audit trail information of all services, to support accountability and transparency measures including regular audits and annual reporting.

The FVS will help ensure that identity verification processes are able to match the increasing sophistication of fraudulent identity document production, and to support fast, secure and auditable information-sharing. Given the importance of the objectives of the FVS in relation to reducing identity and related crime and supporting national security, law enforcement and community safety, the imposition on privacy as a result of the FVS is reasonable to achieve these objectives.

A number of measures have been included in the Bill to ensure that the limitations on the right to privacy as a result of use of the FVS (and other identity-matching services) are proportionate to the need to verify a person’s identity in particular circumstances.

In particular, the Bill limits the authorisation for Home Affairs to collect, use and disclose information for the purpose of providing identity-matching services to a defined set of identity and community protection activities. These activities are defined by clause 6 of the Bill. The activities cover preventing and detecting identity fraud, law enforcement activities, national security activities, protective security activities, community safety activities, road safety activities and verifying identity.

These activities align with the legitimate objectives of providing the FVS - fighting identity crime (through preventing and detecting identity fraud, road safety activities, and verifying identity), and supporting national security, law enforcement (including protective security) and community safety.

By defining the activities for which the FVS can be used, the Bill ensures its use is limited to circumstances where the imposition on a person’s privacy is necessary to achieve one of these legitimate objectives. Each of the activities is associated with the protection of individuals and the community, whether it be protection from identity theft and related crimes, or risk of harm from national security or criminal threats, natural disasters, individuals attempting to subvert road safety requirements, or individuals otherwise posing a risk to the community. These activities all promote the security of legitimate identities and the security of the community more broadly.

Requests for an FVS will be able to be made by authorities of the Commonwealth or a state or territory, local government authorities, and non-government entities.

Providing for access by local government authorities and non-government entities is necessary to achieve the legitimate objectives of providing for the FVS, in particular in relation to fighting identity crime. Through their day-to-day service delivery activities, local government authorities and non-government entities handle a significant volume of identification documents for the purpose of verifying identity. For this reason, these organisations play a significant role in detecting the use of stolen or fraudulent identification documents and fighting identity crime. In order to achieve the objectives of the Bill to fight identity crime, it is necessary for these front-line organisations to have access to the fast and secure face-matching provided by the FVS. This will significantly increase the number of illegitimate identity documents detected through the FVS and will help to reduce the impact of identity crime in Australia. 

To further ensure that access to identification information is proportionate to need, access to the FVS by local government authorities and non-government entities will be subject to a number of conditions set out in the Bill. These conditions include that the verification is reasonably necessary for their functions or activities, is done with the consent of the individual concerned, and that the authority or organisation is subject to the Privacy Act or comparable information protection requirements.

This recognises that whilst verification of identity is important in private sector and local government service delivery for a range of reasons, including detection of fraudulent identity documents, it is not appropriate to allow the use of the FVS by any organisation that may not have a need to do so, or in any circumstance. In particular, the requirement for consent from the individual will ensure that these entities cannot use the FVS without the individual’s knowledge and agreement. This will ensure that the limitation on the right of individuals to privacy in relation to the use of the FVS by local government and non-government entities is appropriately limited and within the control of the individual.

The range of accountability and transparency measures in the Bill will also ensure the use of the FVS is proportionate to need. Annual reporting, statutory review of the services, and disallowance and sunsetting provisions on rules made for the purposes of the Bill will all ensure that there is regular parliamentary oversight of the implementation of the identity-matching services and changes in their operation. Policy and administrative privacy safeguards including requirements for privacy impact assessments before agencies access the services and compliance audits will also help to ensure the use of the FVS remains proportionate to the need, and prevent any misuse of identification information.

The FVS will provide a fast and secure tool for identity verification by government and non-government authorities in support of the legitimate objectives of combatting identity crime and supporting national security, law enforcement and community safety. The FVS is necessary to support these objectives because current identity verification practices are inadequate to deal with sophisticated fraudulent identity documents, and to support fast, secure and auditable information-sharing. The Bill appropriately limits the availability of the FVS to defined identity and community protection activities, and limits local government and non-government use of the service to ensure its use is proportionate to need.

The FIS

The Face Identification Service (FIS) provides for identification of unknown individuals from a facial image, or the detection of persons using multiple fraudulent identities, and will only be available to a prescribed list of law enforcement, national security and anti-corruption agencies. The FIS has increased privacy implications for individuals compared to the FVS, because it involves one-to-many face matching.  This means that a facial image submitted in the FIS is compared against multiple facial images contained in a particular database, with a limited number of possible matches returned for manual review by the requesting agency. This is different to the FVS, which only compares the facial image to a facial image in a record in the known or claimed identity of the individual whose identity is being verified.

This means the FIS involves the collection, use and disclosure of information about individuals who may not be the subject of the request. For example, a response to the FIS inquiry may include the facial images of a small number of possible matches, of which only one may be the relevant individual who is the subject of the request. The privacy of the other individuals will also be impacted, because their information has been disclosed to the requesting agency.

Providing national security, law enforcement and anti-corruption agencies with a fast and secure service for identifying unknown individuals is a legitimate objective that will support the detection and prevention of identity fraud, national security activities, law enforcement activities, protective security activities, and community safety activities.

The detection of persons using multiple, potentially fraudulent identities is key to preventing and detecting identity fraud. Whilst the FVS will help prevent the use of fraudulent identity documents, it is not designed to detect whether a person is using multiple fraudulent identities in different names or aliases.

Many other national security, law enforcement and protective security activities also rely on establishing the identity of a person suspected of committing, or planning to commit, an offence. This may include identifying a suspect from CCTV or from a photograph obtained during a counter-terrorism or law enforcement operation. This could include a person suspected of planning a terrorist act, committing a criminal offence, or attempting to access a government facility without authorisation. Access to fast and secure identification in these circumstances is essential in keeping Australians safe from terrorism and other criminal activity, and ensuring that those who do commit offences are identified and brought to justice.

Identification of unknown individuals is also important in community safety situations where it is necessary to identify an individual who has experienced or is at risk of harm, or who may pose a risk to other members of the community. This could include individuals affected by natural and man-made disasters, missing persons, and people who have died or unidentified human remains.

Access to fast and secure identification capabilities in these circumstances may minimise any further harm or distress to the individual involved by allowing them to be brought to safety or offered support and assistance. It may assist to establish the identity of a missing person who otherwise is not able to provide identification information about themselves, and who may be at risk of harm to themselves or the community. The FIS will also assist authorities to identify deceased persons, which may be necessary to establish or investigate cause of death.

The FIS will also assist law enforcement and national security agencies to identify individuals who, due to their behaviour or the specific circumstances, give rise to a reasonable belief that they could pose a significant risk to public health or safety. This may be necessary in circumstances where a person may be believed to pose a risk to the community, but is not yet directly linked to a specific national security or law enforcement threat. This could apply to a person behaving suspiciously at a significant public gathering or major event, for example because they appear to be scoping out the venue. It could also include identifying a person who may have been exposed to an infectious disease or biohazard and who poses a significant risk to public health.

Keeping the community safe from national security and criminal threats, and supporting those affected by disaster and other harms is a key role of government. Identifying unknown individuals is an essential part of the functions of national security, law enforcement and anti-corruption agencies and is a legitimate objective of the Bill.

The limitation on privacy as a result of the use of the FIS by law enforcement, national security and anti-corruption agencies is reasonable and necessary to achieve this legitimate objective.

Where national security or law enforcement agencies have information about potential threats, it is essential that they can act quickly and efficiently to assess the nature of the threat, including identifying any individuals involved. This is particularly important where agencies may not have sufficient information about the known identity of the individual to verify their identity using the FVS. This may occur where the agency has a facial image of a suspect but no other identification information about the individual.

The FIS will provide these agencies with a single access point to check a facial image against multiple databases connected to the interoperability hub. This functionality will increase the likelihood of a fast, positive match, which may help them to identify and apprehend a suspect before they commit a violent offence.

Access to the FIS is also necessary to support community safety activities. Where insufficient information is available about an individual to conduct an FVS check, inability to identify the individual may have significant impacts. For example, if an unknown person poses a risk to public health or safety, it is essential that law enforcement agencies can identify the person quickly to prevent harm to other members of the community. If they are only able to obtain a facial image of the person and no other identification information, access to the FIS will be necessary to enable them to do this in a fast and automated way. 

Although the privacy implications of the FIS are more significant than the FVS, these increased privacy impacts are necessary to enable law enforcement, national security and anti-corruption agencies to perform their functions in identifying and apprehending unknown persons who may pose a risk to the community. These agencies keep all Australians safe from harm, but they are only effective if they have the tools necessary to effectively enforce the law and detect and prevent threats to the Australian community. Safety and security are key elements of a free and democratic society, and limited impositions on personal privacy are reasonable to achieve this.

Access to the FIS is deliberately restricted by the Bill to ensure that the privacy implications of its use are limited to those that are necessary and proportionate to the need to identify an individual in a particular circumstance.

In particular, the FIS will only be able to be used by a prescribed set of national security, law enforcement and anti-corruption agencies.

The agencies that will have access to the FIS are listed in the Bill and are limited to agencies that have national security and law enforcement functions, including Commonwealth and state and territory anti-corruption agencies. These agencies perform vital work to keep Australians safe from harm, and the effectiveness of these agencies is essential to protect the rights and freedoms of innocent members of the community. By specifying these agencies, the Bill will ensure that the right to privacy of individuals is only limited insofar as it is necessary to achieve the legitimate objectives of these agencies.

To further limit the imposition on the right to privacy, the FIS will only be able to be used by these agencies for the purposes of preventing and detecting identity fraud, law enforcement, national security and protective security activities, and community safety activities.

The availability of the face identification service for these purposes recognises the increased need to identify unknown individuals in these circumstances in a timely way, to limit the risk of harm to the community as a result of failure to identify an individual. For example, circumstances captured by these purposes may include identifying a child sex offender from child exploitation material, identifying suspects in hostage or siege situations, identifying gang members and associates, identifying suspected criminals from CCTV or other footage, or identifying a person who may pose a risk to public health or safety.

The risk of harm arising from these types of situations justifies the increased imposition on the privacy of individuals that the FIS involves. By contrast, the results of failure to identify an individual in the course of road safety activities and verifying identity (primarily use for service delivery activities) are less severe and do not justify the increased privacy implications of the FIS. As such, the Bill does not allow the FIS to be used for those activities.

The definitions of the activities in the Bill are designed to ensure that they only capture circumstances where there is a risk of harm that justifies the limitation on the right to privacy. For example, the community safety purpose specifically refers to identifying individuals at risk of, or who have suffered, physical harm, or individuals who are reasonably believed to be involved with a significant risk to public health or safety.

In relation to the latter, the requirement for there to be a reasonable belief that the individual is involved with a significant risk to public health or safety is intended to further limit the use of identity-matching services for this activity. It is not intended, for example, to allow for widespread scanning of CCTV footage in public places or at major events for example. The services can only be used where the requesting agency has formed a reasonable belief that a specific individual poses a risk to public health or safety, and is satisfied that the risk is a significant one.

In addition, access policies and data sharing agreements supporting the implementation of the Bill and the IGA will require that any request to use identity-matching services for community safety purposes be authorised by a senior officer within the requesting agency and details of this authorisation will be retained for auditing purposes.

A range of other privacy safeguards in the design, policy and administrative arrangements for the identity-matching services will also help to ensure that individual privacy is only limited to the degree necessary to achieve the objectives of delivering the FIS.

The privacy safeguards that apply to all of the identity-matching services include requiring participating entities to state the legal basis for their use of identification information obtained through the service and entering into data-sharing arrangements with the agencies from which they are seeking data. Training in the appropriate handling of personal and sensitive information will also need to be provided to any personnel using identity-matching services.

In addition, the design of the FIS will limit the amount of identification information that is released about an individual in any particular response to a query. It will do this by first returning a limited gallery of possible facial matches against the facial image submitted in the request, without providing any other identification information about the individuals. The user will then need to nominate a smaller shortlist of the particular facial matches for further investigation, and will only then have access to any biographic information about those individuals. These requirements are contained in the IGA and are designed to ensure that the information released in a response to the FIS is only that which is strictly necessary in each step of the process.

The measures in the Bill, and the supporting design, policy and administrative arrangements, ensure that the FIS will only be able to be used in circumstances where there is the greatest need to identify an unknown person quickly. In doing so, the Bill strikes an appropriate balance between the right to privacy of unrelated individuals and the legitimate objectives of law enforcement, national security and anti-corruption agencies. The Bill provides the tools necessary to achieve these objectives, with appropriate limitations and safeguards to ensure that the imposition on privacy as a result of the use of the FIS is proportionate to the need to identify unknown individuals to protect the community from harm.  

The FRAUS

The Facial Recognition Analysis Utility Service (FRAUS) will be a service for use by state and territory agencies that issue driver licences and other state and territory identification documents to test the accuracy and quality of their own data. The state or territory agency will be able to use the facial recognition capabilities contained in the NDLFRS for purposes such as the removal of duplicate records and the improvement of licence photo quality.

The FRAUS does not have significant privacy implications for individuals because it only allows for access to identification information held within the NDLFRS that has been supplied by the agency making the request. As such, the agency will not obtain any new identification information about individuals that it does not already hold in its own databases. No agency will be able to access another agency’s supplied data when using the FRAUS.

As with all identity-matching services, users of the FRAUS will need to have their own legal authority to collect, use and disclose identification information for the purposes for which they use the FRAUS.

The OPOLS

The One Person One Licence Service (OPOLS) will be a service for use by state and territory agencies that issue driver licences and other state and territory identification documents (such as gun licences or proof of age cards). These agencies will be able to use the OPOLS to check whether an individual holds more than one of the same type of licence or identification document across different jurisdictions, in the same or different identities.

The OPOLS will have privacy implications for individuals because it will allow a state or territory authority that issues certain types of identification documents to access identification information contained in the same type of identification document issued by an authority in another state or territory.

The OPOLS is a constrained one-to-many face-matching service, meaning it returns a gallery of a very small number of the highest matching facial images from identification documents of the same type across one or more jurisdictions. This means that the use of the OPOLS may have potential privacy implications for the individual that is the subject of the query, as well as a small number of other individuals whose images or identification information may be returned as possible matches to the query.

The OPOLS is designed to assist state and territory licence-issuing agencies to improve the integrity of the information they hold and the documents they issue. It will assist these agencies to detect when a person holds multiple licences across Australian jurisdictions, including fraudulent licences. This will support the legitimate objectives of detecting and preventing identity fraud and promoting road safety.

In particular, the OPOLS will make it harder for individuals to avoid traffic fines, demerit points or licence cancellations by acquiring a false driver licence or fraudulently obtaining multiple licences across multiple jurisdictions. This will improve road safety by increasing the detection and prosecution of these offences and deterring dangerous driving behaviour.

By assisting in the detection of fraudulent identification documents, it will also assist to prevent other crimes perpetrated by individuals using false and fraudulently-obtained identification documents. Driver licences are the most commonly used photo identification document in Australia. Providing issuing agencies with better tools to detect fake or fraudulently-obtained identification documents will ensure that fewer of these illegitimate documents are used by individuals for other identity checks in a range of contexts such as opening bank accounts or attempting to obtain government benefits.

Identity crime also acts as an enabler of a wide range of other terrorism and organised crime activities, including money laundering, financial crimes, drug trafficking and fraud. Identity crime can been used to commit welfare, tax and other fraud against government agencies, gain unauthorised access to sensitive information or facilities, conceal other criminal activities such as drug trafficking, and facilitate the commission of terrorist acts. Robust identity-checking processes for driver licences will improve the detection of identity crime and the prevention of associated crimes.

The imposition on the right to privacy as a result of the use of the OPOLS is necessary to achieve these objectives because states and territories do not currently have automated processes for conducting identity checks against identification information held by other states and territories. Existing processes for conducting these identity checks are ad-hoc, slow and may be difficult to audit. This can make it particularly difficult for a licence-issuing authority to conduct a check against identification information held by authorities in multiple other states or territories, which is essential to effectively detect if a person holds more than one licence in any one of Australia’s eight jurisdictions.

Given the importance of the objectives of preventing and detecting identity fraud and promoting road safety, the imposition on the right to privacy as a result of the OPOLS is reasonable.

The use of the OPOLS is appropriately restricted by the Bill to ensure that the implications for the right to privacy are limited to those necessary to achieve its legitimate objectives of detecting and preventing identity fraud and promoting road safety.  

The definition of OPOLS in the Bill restricts its use to those authorities that have supplied identification information to the NDLFRS, for the purpose of checks against identification information from documents of the same kind as those provided. For example, this means that only road agencies will have access to identification information that is derived from the records of other road agencies across Australia.

As with the other identity-matching services, the use of the service will still rely on authorities having a legal basis to share identification information with other authorities. The Bill does not provide that authorisation. The policy and access arrangements that will apply under the IGA will also ensure that each individual authority that provides data for the NDLFRS will be able to control which other authorities can access that data through the OPOLS. The IGA also specifically provides that the OPOLS will only generate a very small number of the highest matching facial images in response to a query. This will assist to ensure that the right to privacy of unrelated individuals is limited to the degree possible while allowing the service to be effective.

The OPOLS is an important service that will assist road and other licence-issuing agencies to enforce the ‘One Person One Licence’ principle. This principle supports the legitimate objectives of preventing and detecting identity fraud and promoting road safety. The OPOLS is necessary to support these objectives, and limiting the right to privacy for these purposes is reasonable. The Bill and design of the system ensures that the limitations on the right to privacy as a result of the use of the OPOLS are proportionate to achieve these objectives.

The IDSS

The IDSS will be a service for use by Commonwealth, state and territory agencies. The service will allow participating agencies to share biometric and other information with another Commonwealth, state or territory authority in a more efficient, accountable and transparent manner through the interoperability hub. The service does not involve any facial biometric or other data-matching, it merely transmits information from one participating entity to another.

By providing for secure transfers of information through the interoperability hub, the IDSS will allow for more efficient data-sharing between agencies that elect to use this service.  Under the Bill, use of the IDSS will be subject to audit logging in the hub, as well as annual reporting requirements, which will ensure the accountability and transparency of information-sharing between agencies.

An example of a possible use of the IDSS is where a police service confiscates a large collection of false passports. The police service could use the IDSS to send electronic copies of the false passports to the Department of Foreign Affairs and Trade (DFAT) securely in bulk to assist DFAT in protecting the integrity of its information and document holdings.

The IDSS has privacy implications because it allows for identification information about individuals to be transferred between authorities of the Commonwealth, states and territories. However, this data-sharing already occurs based on existing legal authorities that agencies have to share information with each other. The IDSS has been designed to pursue the legitimate objective of improving the efficiency, accountability and transparency of these data-sharing arrangements by providing agencies with a tool to conduct secure and auditable data-sharing. 

As will all the identity-matching services, any use of the IDSS to transfer data between two agencies will require both agencies to have a legal basis to do so. This limits the privacy implications of the Bill because the Bill does not itself authorise this data-sharing for agencies other than Home Affairs. 

Efficient data-sharing is an important element in the delivery of government services and functions. There are a range of circumstances in which government agencies are authorised to share information with other agencies. Many of these data-transfers may be routine, and some may involve a large volume of identification information. It is important that these transfers can take place as efficiently as possible, to minimise delays or disruption in government service delivery or functions as a result of slow, complex or inappropriate data-sharing practices.

Accountability and transparency are also essential in data-sharing between government agencies. Members of the community have a right to understand how governments are using their identification information, and to have access to publically available information about those uses. This is an essential aspect of a free and democratic society that supports trust in government processes and services.

The limitation on the right to privacy as a result of the provision of the IDSS is necessary and reasonable to achieve the legitimate objective of improving the efficiency, accountability and transparency of government data-sharing practices.

There are some existing data-sharing arrangements between agencies that are ad-hoc, cumbersome and can be difficult to audit. Such arrangements make it difficult for individuals to know how their identification information is being shared, and may make the information being transferred vulnerable to loss, theft or compromise during the transfer process.

Given the large volume of personal information that government authorities hold and that must, for various purposes, be transferred between them from time to time, it is important that the most efficient methods are used to transfer this data, and that it is done in an accountable and transparent way. The limitation on the right to privacy as a result of providing the IDSS is necessary and reasonable in these circumstances, to ensure that agencies have a secure and auditable data-sharing tool, and individuals have increased oversight of the use of data by government agencies.

The provisions of the Bill, and the design, policy and administrative arrangements that will support the IDSS, have been designed to limit the privacy implications of the service to those necessary for its delivery, and to ensure that they are proportionate to the need for efficient, accountable and transparent data-sharing between agencies.

In particular, the Bill restricts the usage of the IDSS to Commonwealth, state or territory government authorities. This means that identification information about individuals will not be able to be shared with non-government entities through the IDSS. This helps to ensure that the service is only used to support government service delivery and functions, not private sector service delivery. 

The Bill further restricts the usage of the IDSS to purposes related to an identity and community protection activity (as defined in the Bill). This restricts the usage of the IDSS to the specific purposes that the Bill has been designed to achieve, rather than allowing it to be used for any government data-sharing purposes. The identity and community protection activities set out in the Bill are designed to capture government activities that protect the community from harm, including from the impacts of identity crime and other criminal activities, national security threats, and traffic accidents.

These activities all involve identity-checking processes and rely on the accuracy and currency of identity information contained in government identification documents and databases. The imposition on the right to privacy as a result of the use of the IDSS is necessary to enable government agencies to transfer identification information efficiently in order to maintain these databases.

As with all the identity-matching services, the use of the IDSS will still rely on agencies having a legal basis to collect, use or disclose identification information to or from other agencies. This will further restrict the usage of the IDSS to circumstances where the agencies involved in the transfer have legal authority to share identification information with each other for particular purposes.

In addition, the provision of the IDSS through the interoperability hub limits the unnecessary disclosure of identification information, because the interoperability hub has been designed to avoid the need for Home Affairs to store identification information when delivering services between other data-requesting and data-holding agencies. The interoperability hub does not store any information except that which is required for audit logging. This design means that only those agencies involved in a data transfer through the IDSS will have access to the identification information transmitted between them.

Audit logging and reporting requirements for the use of the IDSS will also help to ensure that there is appropriate transparency and oversight to prevent any privacy impacts as a result of misuse of the service.

The IDSS is necessary to achieve the legitimate objective of providing for efficient, accountable and transparent data-sharing between government agencies. Through limitations and privacy measures in the Bill and the supporting arrangements, the imposition on the right to privacy of the service has been restricted to only that which is reasonable and necessary to achieve this objective, making it proportionate to the need for efficient and accountable data-sharing to support government functions and transparency in government data-sharing arrangements.

Article 19 of the ICCPR

The Bill also engages Article 19(2) of the ICCPR, which provides that everyone has the right to freedom of expression, including the freedom to impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media.

Article 19(3) of the ICCPR provides that this right may be limited on grounds including respect for the rights of others, or the protection of national security or public order. Any limitations must be prescribed by legislation and be reasonable, necessary, and proportionate to achieve the desired purpose.

Section 22 of the Bill engages the right to freedom of expression by making it an offence for a Home Affairs employee or a contractor working on behalf of Home Affairs (defined as ‘entrusted persons’) to disclose protected information contained in or related to the NDLFRS or interoperability hub, unless it is authorised by law, in compliance with a legal requirement, or necessary for the purposes of giving effect to the Act or a legislative instrument.

Unauthorised disclosure of such information may impinge on the right of members of the public to privacy. This is because the information held within the NDLFRS and transmitted via the interoperability hub is personal information and sensitive information about members of the public, including biographic and biometric material derived from driver licences and images of persons.

Unauthorised disclosure of this information may also compromise national security or public order by revealing that an investigation is being undertaken. This may hinder the investigation or allow a potential suspect to evade justice.

The offences only limit the right to freedom of expression to the extent necessary to protect the information from unauthorised disclosure, including by distinguishing between ‘entrusted persons’ who are subject to the offence provision, and other persons who are not, and providing for exceptions to the offence where conduct is authorised by, or in compliance with, a law. This limitation is reasonable given the sensitive nature of the information to which entrusted persons will have access, and implications for an individual if their identification information is unnecessarily disclosed. The limitation is proportionate to protect the privacy of individuals, and is one of the key privacy safeguards built into the Bill. It is also proportionate to the need to protect national security and public order by limiting the disclosure of information related to investigations or operations.

Article 9 of the ICCPR

Article 9 of the ICCPR requires states to provide reasonable and appropriate measures to protect a person’s liberty and physical security.  

The Bill engages Article 9 of the ICCPR by increasing the ability of law enforcement and national security agencies to investigate criminal offences, including offences in which a person’s physical security may be put at risk, such as terrorism and organised crime. The availability of the identity-matching services enabled by the Bill will also serve as a deterrent to persons who may otherwise commit such offences.

The Bill specifically includes provision for the use of identity-matching services for community safety activities, including identifying individuals who are involved with significant risks to public health or safety, or who are suffering (or at risk of) physical harm. This will help to protect the security of the community as a whole.

These provisions will allow law enforcement and national security agencies to more quickly identify people in these circumstances, and take time-critical action to prevent injury or loss of life. These positive protections are a key benefit of the Bill and will increase the safety and security of all Australians.

By facilitating better tools to support agencies to prevent and detect identity crime, the Bill will also reduce the impact of identity crime in the community. This can include wrongful arrest and detention where a person’s identity has been stolen and used to commit crime. By helping agencies to fight identity crime and make it more difficult for people to obtain and use fraudulent identities, the Bill will have positive impacts on the liberty and physical security of Australians.  

Conclusion

The Bill is compatible with human rights because it promotes the safety and security of all Australians and, to the extent that it may limit human rights, particularly the right to privacy, those limitations are reasonable, necessary and proportionate to achieving that objective.

In aiming to promote identity security, minimise the impact of identity-related crime on innocent individuals, as well as protect individuals from national security, criminal, and road safety threats, the Bill is consistent with the provisions, aims and objectives of the ICCPR.