Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
STANDING COMMITTEE ON FINANCE AND PUBLIC ADMINISTRATION
02/03/2007
Human Services (Enhanced Service Delivery) Bill 2007

CHAIR —Welcome, Ms Johnston. Would you like to make an opening statement?

Ms Johnston —Good morning. I would like to thank you for the opportunity to address you this morning. You will see from our written submission that the Australian Privacy Foundation has launched a ‘no ID card’ campaign, with the assistance of a number of other NGOs and individuals who are concerned about the access card proposal in general and this bill in particular. Our campaign and our submission therefore traverse ground beyond just the privacy impacts of the proposal—our traditional stamping ground, if you like. We are also concerned about social justice and financial impacts. I do not intend to take you through our submission in detail although I am obviously happy to take questions on any of the topics covered. In this opening statement I would simply note that our arguments against this bill can be summarised as follows.

The access card is an ID card by design and by effect. I might just briefly remind the committee that the Australia Card was not going to be compulsory either but was clearly seen as an ID card by the Australian public and rejected as such. The so-called safeguards in the bill are so full of holes as to be pointless. I note Senator Nettle’s question about prosecution in New South Wales under the New South Wales drivers licence rules. Some years ago when I was New South Wales deputy commissioner I asked the RTA whether there had ever been any prosecutions, and their answer was no. That was some years ago and I do not know if there have been any since that date.

CHAIR —Would you say that is an analogous situation?

Ms Johnston —Yes, it is a fairly similar provision. Our arguments against the bill continue as follows: the costs of the scheme will outweigh the savings; the risks of the scheme will outweigh the benefits; the likely social impacts on the disadvantaged make a lie out of the supposed aim of improving access to health or social service benefits; it is entirely inappropriate for parliament to even consider this bill in the absence of more details first being worked out; and the government’s undue haste in this matter is grossly negligent.

I would like to briefly expand on the point about the government’s undue haste. I am talking here about bringing forward this legislation before public consultation is even finished, about seeking to award tenders before the legislation is even debated, let alone passed, in the Senate, and about seeking to commence this project two years before the document verification service will even be ready for it. This undue haste in reviewing tenders exposes taxpayers to the risk of contractual liabilities, and implementing this project before the systems are ready for it exposes all Australians to an unnecessary risk of identity theft. All of this is before the government have even got the details clear in their own heads. Indeed, one of the most disturbing aspects of this bill is the fact that it is part of a package that is nowhere near complete. It is very convenient for the government to say, ‘Don’t worry about that; Allan Fels will figure that one out for us,’ or to say, ‘That problem will be solved with guidelines,’ or, ‘That will be in the second bill,’ or ‘That will be in the third bill.’ It allows the government to duck the tough issues today with no guarantee that they will deal with them tomorrow. From a policy development point of view, from a project management point of view and from the point of view of any taxpayer worried about the potential waste of more than $1 billion, this is an utter disaster waiting to happen.

The explanatory memorandum to the bill concludes with a section titled: ‘Matters not dealt with in this bill’. I have read the list of these matters and was surprised to find that there is nothing about perhaps the most glaring omission in the first bill: there are no permitted or prohibited uses of the national population register, and there are no restrictions or constraints on the role of third parties accessing a register. At this stage, we can only imagine the queue of organisations wanting access, from other federal government agencies such as the tax office, the Electoral Commissioner, police and ASIO to state governments, businesses, professional associations and perhaps even foreign governments. Until we know what else is proposed, how exactly this scheme will be managed or how our privacy will be protected, how on earth can anyone be satisfied with this bill? How can government members honestly put their hands on their hearts and claim that this will not be an ID card?

This failure of the government to even grasp the scope of the issues that still need resolution is quite extraordinary when you consider the government thinks it can start the tendering process, start signing contracts and get through this legislation when the whole scheme is still only half-baked. I wonder, are we in some kind of Donald Rumsfeld fantasy land? I suggest he might characterise this debacle of a policy process thus: ‘As we know, there are known “considereds”. These are the things we know we have considered. We also know that there are known “unconsidereds”. That is to say, we know there are some things we have not considered. But there are also “unknown unconsidereds”, the ones we don’t know we have not considered.’ Ultimately this bill is proof that there are still so many unknown unconsidereds, and it is about time the government grapples with the detail of what it is actually proposing before asking parliament and the Australian public to sign off on this bucket full of holes. This legislation is so half-baked and so unworkable that it cannot be fixed on the run and it cannot be fixed by amendment. This bill needs to be thrown out. Then, as a society, we can engage in a genuine and calm examination of how best to achieve streamlined services or a reduction in welfare fraud. The access card, as proposed, is not going to do it and this bill is not going to do it.

We most respectfully suggest that the committee should, at the end of its deliberations on this bill, ask four fundamental questions. Where is the demonstrated and provable benefit for the Australian public? That is to say, whose access to what services will actually be improved? Are the costs and the risks worth those benefits? What is the need to rush the legislation, the awarding of contracts or the project’s start date? Why doesn’t this bill do what the government says it does? This project has all the hallmarks of the former minister sold on a particular technology. It is a solution looking for a problem. I would argue that is not a good enough reason to spend $1.1 billion in an almighty hurry or to put Australians at increased risk of identity theft. I welcome any questions you have about our submission.

CHAIR —Thank you.

Senator STOTT DESPOJA —Thank you for your considered evidence, although ‘fantasy’ and ‘Rumsfeld’ are not words I was ever hoping to hear in the same sentence. I will begin by asking about the delay in the document verification service until 2010. What implications, if any, do you believe that has for the implementation of the card before us?

Ms Johnston —Implementing a registration process for the access card until the document verification service is up and running runs the risk of the government effectively entrenching false identities now. If I were an organised criminal, I would be rushing to get the access card as soon as possible, before the document verification service was up and running. I just do not see how the government can manually check 16.5 million people’s birth certificates, passports and the like.

The document verification service is intended as a real-time, online way of verifying the validity of the documents presented before the person doing the registration. As I understand it, it is still only going to work for Australian documents—birth certificates, drivers licences, passports and citizenship certificates—so there will still be a much longer process for people without all of those, especially people not born in Australia. If you are saying that you are going to enrol 16.5 million Australian adults before that system is even up and running, you are talking about a massive manual process. We have seen statistics that suggest something like 13 per cent of birth certificates are fake. Either the costs of this project are going to blow out enormously as public servants manually check the validity of every one of those documents, or you open the door for identity fraud. As I said, you run the risk of entrenching false identities in the access card system.

Senator STOTT DESPOJA —Most of us here have got very loudly and clearly the perspective of your organisation, as in: this should not proceed. If some of those members to whom you refer do actually put their hands on their hearts and decide that they can vote for this, and it does go through and we need to fix up what is certainly in my view fundamentally flawed legislation, what governance procedures or what changes or amendments, for example, would you envisage might improve the bill? This is specifically in relation to governance. Is it about having more of a role for the Administrative Appeals Tribunal or a public interest monitor? Is it formalising a specific and enforceable role for the Privacy Commissioner? Are there any amendments that you could suggest either on the record today or on notice that might fix up some of the problems?

Ms Johnston —I will reiterate the point: obviously our argument is to reject the bill in total.

Senator STOTT DESPOJA —I understand that.

Ms Johnston —Having said that, in terms of governance models, we would want to see something better than the models we have now. The Privacy Commissioner has very limited powers to step in and audit. Certainly resourcing is always going to be an issue. You asked the question of the department: if there is a victim of a privacy breach, will they be notified? Under Australian privacy law at the moment there is no requirement on agencies to notify. That is a feature in California and other jurisdictions, but not in Australia. That is something that we have been campaigning for as a reform to the Australian Privacy Act for some time and that would be a useful feature of any governance model—and not just for the access card; as I said, we would like to see that as an amendment to the Privacy Act in general. In the US, since that law came in only a few years ago, it has been the greatest incentive for businesses, in particular, to clean up their act when they realise that their customers will be told when there is some database breach. It is far more of an incentive than fines or penalties under the act.

Much has been made of the offences in this bill in terms of people not being required to use it as proof of ID except in the health and social security arena. There is nothing in there for someone to seek compensation or any kind of remedy if something bad has happened to them as a result. It is a criminal scheme. You have to go and get the police to investigate and prosecute. To be honest, I do not think the police—I cannot think of a way to say it politely—give a damn. Prosecution is not going to happen and, even if a prosecution did happen, it does nothing for the victim of a breach. Certainly some civil compensation regime is desperately needed.

Senator STOTT DESPOJA —The chair brought up the issue, as indeed Senator Fifield did, of the arguably broad discretionary powers that the minister and the secretary have. Is there something that you wanted to elaborate on in relation to those? Can you give specific examples again here—or, in the interests of time, on notice—of some of the areas where you would curtail or regulate more specifically those powers?

Ms Johnston —Yes, clause 17 of the bill, which talks about the information that goes on the register. Item 12, as Senator Mason has mentioned, includes the scanning of identity documents. Item 17 in the table to clause 17 is the ‘any other information’ clause. Clause 34 of the bill provides the table of the information on the card. Again, item 17 in that table is where the secretary or the minister can add any other information. The idea that this information is somehow technical or administrative because the wording of the legislation says that it cannot be personally identifying is a fairly ludicrous argument, because of course, once that information is included either in your card or as your entry in the register, it becomes part of your personal information.

CHAIR —Do you mean that identified documents become part of your record? Is that your point?

Ms Johnston —Whether it is item 12—the documents themselves—or an audit log or whatever. The senator asks what we are afraid of. In the last couple of weeks we have seen that what is going to be on the register and what is going to be on the card is a bit of a moveable feast, perhaps not from the government’s point of view but certainly from stakeholders’ points of view. Medicare came forward and said, ‘We really want place of birth,’ and then the government said yes and then they said no. Some people are saying citizenship. Indigenous status suddenly appeared out of nowhere; it was not previously a data field that appeared in any previous consultation or discussions. I know the Australian General Practice Network is saying, for example, that not only should that appear on the register; ‘We think it should also appear on the card and we should be able to download it from the chip into our systems,’ because that is somehow necessary for health service delivery. I should make it clear that I disagree with that statement. Stakeholders and potential users of the card and of the register of the system as a whole are already coming forward and saying, ‘Just add on this bit for us. We find this bit useful. This bit will be helpful for us.’

In the context of health service or social benefits service delivery, so many people are already trying to hang their baubles on the Christmas tree. In two years time, by the time that we implement it, there will just be so many more. Ultimately the system, like the Australia Card did, will collapse under the weight of so many people trying to hang their own projects off it.

Senator STOTT DESPOJA —Would you scrap clause 33B, which deals with the individual section of the card right now, given that we have got no information?

Ms Johnston —Yes.

Senator STOTT DESPOJA —Are you willing to take questions on notice in the interests of time?

Ms Johnston —Yes.

CHAIR —I appreciate your assistance to get everyone in. Welcome, Senator Lundy. Would you like to ask some questions now, or Senator Moore?

Senator LUNDY —I will defer to Senator Moore.

Senator MOORE —Thank you. I am really interested that your organisation has been formed because of the concerns that you have and people asking about these issues. You have given us a submission and today’s evidence with a whole host of quite specific questions. What has been your opportunity to get responses to those questions from the government and from the various stakeholders?

Ms Johnston —I might start by clarifying the nature of the organisation. The Australian Privacy Foundation was formed 20 years ago to fight the Australia Card proposal. We have been going since then.

Senator MOORE —How did you go on that—

Ms Johnston —We won. The ‘No ID card’ campaign/aspect/project is more recent. As I said, it brings together organisations and individuals who do not necessarily care much about privacy, or it is a peripheral issue to them. They might have an interest in social justice or a welfare background and things like that. We have had quite a large number of individuals volunteering to help us out on this campaign who have not joined the Privacy Foundation per se. That is just to clarify it.

Senator MOORE —So you have a double nature—

Ms Johnston —Yes.

Senator MOORE —The pre-existing organisation that was there, plus people coming on board on this particular issue.

Ms Johnston —Just on this issue. In terms of our history of getting answers from the government, the task force set up by the former minister, Joe Hockey, first met with us in early 2005. It was called something like the smart technologies task force. It was not just meeting with us. There were a range of public interest groups, and several meetings were facilitated by the Privacy Commissioner. The consultations were quite well handled and productive. However, in April 2006 we had the cabinet decision about the access card, which was quite a different proposal from what we had earlier been consulted on. Since that time, the former minister obviously set up Allan Fels’s task force, and most of the consultation has been through that mechanism rather than directly with the government. We were simply unable to participate in some of the more recent consultation. There were meetings held in mid-December and I was already overseas on my Christmas holidays. As to the time frame of meetings in mid-December, with the release of the exposure draft in mid-December with submissions due mid-January, other members of the campaign team had to work on that in lieu of having a decent Christmas holiday, and that obviously has affected our ability to have meaningful input.

As I mentioned in my opening statement, we are very concerned about the sudden speed at which this project is moving. That is in terms of not only the impact on our organisation or our concerns; ultimately, from a project management or policy development point of view, it is a textbook case of how not to run a massive multibillion-dollar IT project—that is, not to do it in a hurry or expect people to deal with Senate committees, draft bills and a task force and deal directly with a government department all at the same time.

Senator MOORE —You obviously have people involved who are very experienced in the processes of interaction with government. There are a range of issues that you have raised in your submission in terms of specific objection to the concept, but others are quite specific in terms of how this will work and what will happen with it. What option do you have now to get answers from the government on those particular issues, and what have you been told you will have?

Ms Johnston —I am not sure that we are really expecting any further answers from government at this stage. The arena has moved into parliament and the Senate debate. It seems not so much about getting answers as that the government now has a fixed position and we are challenging that position. Having said that, we will obviously make a submission on the latest task force discussion paper and the one still to come on registration issues, but we have been very disappointed in the government’s response to the task force’s recommendations to date. It has not picked up the critical ones that Senator Mason has already referred to. I should sum up by saying that we do not have a lot of faith in further consultation processes.

Senator MOORE —There is one specific question that you may want to take on notice, because it is to do with the concept of fraud, particularly in the welfare system, which is being repeated constantly as one of the major successes hoped for with this. You may have heard the evidence from KPMG this morning.

Ms Johnston —Yes.

Senator MOORE —You can be assured that we will be requesting more detail on that. In terms of the UK experience and comparisons with Australia, which I am sure have been put in the arguments on the significant savings on fraud, I would be interested in your views on whether that is a fair comparison, and I would seek some comments on the particular aspect of fraud prevention, from your perspective, balancing the important issues of privacy and effectiveness with the issue of fraud control.

Ms Johnston —If the committee is happy to give me time, I am more than happy to address that question quickly now.

CHAIR —I would prefer you to take that on notice. It is just that we are already well behind time. Can you take that on notice?

Ms Johnston —Yes.

CHAIR —Thank you.

Senator FIFIELD —I notice your title is Campaign Director, No ID Card. Are other organisations part of the campaign and, if so, can you take us through those?

Ms Johnston —There is no formal coalition, if you like, so there are no other organisations willing to put their names to the campaign publicly. I will say that we have worked with a number of organisations and individuals. The organisations come from a range of backgrounds—civil liberties, social welfare, welfare rights organisations, health consumers and public interest advocates. Obviously, it is public knowledge that we have worked with organisations such as Liberty Victoria, the Public Interest Advocacy Centre and NCOSS, the New South Wales Council of Social Services, in organising joint public forums, speaking events and so on. As I said, the campaign is organised by and coordinated by the Australian Privacy Foundation, with input from a range of organisations that do not necessarily want to put their names to a campaign. We are hoping to have a website where people can more publicly sign up to the campaign, but we are not at that stage yet.

Senator FIFIELD —There is a group giving evidence in Melbourne next week called Access Card No Way. Are you associated with them at all?

Ms Johnston —I would not say we are associated with them. I have had plenty of contact with Tim Warner, who runs that campaign. We have had plenty of discussions.

Senator STOTT DESPOJA —A former Liberal.

Ms Johnston —I think he is a member of the Victorian Liberals.

Senator STOTT DESPOJA —He might still be a member.

Senator FIFIELD —He could well be. It is a very loose coalition at the moment?

Ms Johnston —Yes, I think that is an apt description—a loose coalition.

Senator FIFIELD —I appreciate that. Thank you.

Senator NETTLE —I wanted to ask you about offences. There was discussion earlier around comparisons with the New South Wales drivers licence. Do you think that the offences in the bill do or do not address your concerns about the card becoming an ID card?

Ms Johnston —My characterisation of the government’s argument that this is not an ID card rests on two points. The first is that the card is not compulsory to have. It is not compulsory to carry at all times. As I said, nor was the Australia Card. Their second argument is that the legislation says that it is not an ID card and there are offences prohibiting people from requiring it as such. We think that the offences themselves are quite inadequate. Our submission goes through six reasons why. The first is that the Crown has immunity from prosecution for those offences, and the description of ‘the Crown’ in the bill includes state and territory agencies. From memory, it is in clause 9.

Senator NETTLE —So that would be police, AFP and ASIO?

Ms Johnston —Yes. The Taxation Office, the Electoral Commissioner, state police, state bus drivers—

Senator NETTLE —Transport cops.

Ms Johnston —Yes, transport cops—whoever. Presumably local government officials to the extent that they represent the Crown, but I have not had a chance to see whether we are talking about dog catchers. The first point is that the Crown has immunity. The second point is that the card can obviously be used as proof of identity, if the person so chooses. The third is that the card can be requested as proof of ID; it just cannot be required. There is nothing to stop a bank or Video Ezy or whoever saying, ‘Show us your photo ID,’ and your choosing to use your access card for that purpose. There is really nothing to stop them saying, ‘We want photo ID and we don’t accept drivers licences or passports.’ You are left with the access card. There is nothing to stop them saying, ‘Show us photo ID. We’ll take the access card or we’ll take 100 points of other ID and a statutory declaration.’ There is really nothing much to stop businesses making it as difficult as possible for you to choose anything other than the access card, but they could still defend any prosecution by saying, ‘We didn’t require the access card. We did give other options.’

The bill says that copying information from the card is allowed with the person’s written consent. We imagine that it will not take very long for the banks, the RSL clubs, the Video Ezys, Qantas and so on to simply have your written consent printed on your application form or your entry form. It will just be written into standard terms and conditions.

CHAIR —This has become quite common, hasn’t it—privacy waivers or disclaimers and so forth?

Ms Johnston —Yes, exactly. I do not think that this notion of written consent really adds a practical barrier. Other legislation will override the bill. There is also the government’s new anti-money-laundering legislation, which requires not only financial institutions but eventually a range of other businesses—those in the gaming/casino industry, and eventually lawyers, accountants and jewellers as well—to ‘know your customer’. That is the phrase. They will be required not only to sight proof of ID documents but also to copy down the unique identifier. That legislation will override this bill. That is stated clearly in the explanatory memorandum to the bill.

The sixth point is that the protections themselves only apply to information on the surface of the card. They do not apply to information found in the card’s chip. What we have discovered recently is that information in the card’s chip will include a second unique identifying number: the chip’s serial number is unique to the card. It is not encrypted and it cannot be PIN protected. It can be downloaded from the chip. It is not found on the surface of the card, but it is in the chip. It is a unique identifying number. All of these offences about not copying the number from the card without your consent do not even apply to the serial number of the chip itself. Effectively, as long as someone physically gets your card and they have a card reader, they can take at the very least the second unique identifying number off the card, without even needing you to sign a bit of paper saying that you have consented.

They are the six loopholes that we have described in our submission. The government has said continually that this cannot be used as an ID card, because no-one can require it to be used in that way, and they will go to jail for five years if they do so. We think this is very hollow rhetoric. As I said, there are six loopholes and, if nothing else, it is fairly ludicrous to think that police are going to routinely prosecute either government or business for these offences in any case. It is not going to be high on their list of priorities.

Senator NETTLE —They cannot prosecute government, can they?

Ms Johnston —They cannot prosecute government because of the crown immunity.

Senator NETTLE —My other question was about identity fraud. The Australian Federal Police Commissioner, Mick Keelty, has made some comments about his—I do not know if ‘enthusiasm’ is the right word; but he was talking about how he thought the card would be useful in terms of identity fraud. We have seen other comments from the Australian Tax Office and the Australian Institute of Criminology. You mentioned in your submission that they have a view that this will increase identity fraud. I asked a series of questions that your organisation had put out to the department before, and the answers that I received back were, ‘We think this is going to decrease, not increase, identity fraud.’ We have not yet—and perhaps we will pursue some of them further on Tuesday—got any idea about how we will take those contradictory statements from the Tax Office, the Institute of Criminology and Commissioner Keelty which say that it will increase identity fraud. Have you any comments about that?

Ms Johnston —As I understand it, Commissioner Keelty said in a speech recently that he estimated identity fraud cost the Australian economy $1 billion to $4 billion per year. I am not sure where he gets those figures from. The Australian government, through the Minister for Justice, Chris Ellison, commissioned an independent report into assessing the scale of identity fraud in Australia in about 2003. Those of us working in identity management areas expected the figure to be $2 billion. The report came down and said that it was about $1 billion—or half of what people were expecting—and quite a big chunk of that, about 40 per cent, from memory, actually related to the cost of law enforcement in dealing with identity fraud. So that was not the direct cost to victims.

I have to start by saying that the actual costs of identity fraud are lower in Australia. I do not know where Commissioner Keelty’s $4 billion figure comes from. I have also seen reproduced over and over again his comment that Medicare cards are used in something like half of all cases of identity fraud. It is important for people to realise that there are various kinds of identity fraud. A 17-year-old getting a fake drivers licence to go drinking in a pub is identity fraud but it is not fraud in a financial sense. That does not necessarily contribute to the billion-dollar figure. Just because Medicare cards might be used in ID fraud cases, that does not mean they are being used to defraud the Commonwealth or to access health benefits to which a person is not entitled.

CHAIR —I hate to cut you off, but time is getting ahead of us.

Ms Johnston —I appreciate that. I think I have made my point.

Senator LUNDY —I am interested in any views you have about the security of the card readers themselves. Obviously they are the key to accessing chip information. What is your knowledge of what the bill provides for in securing the readers, and also how easy is it to replicate a card reader and use it for illegal purposes?

Ms Johnston —I should start by saying that I am not an IT expert, so I do not know how easy it is to forge smartcards. I understand they are a lot more difficult than, say, magnetic strip technology. I should make clear that we are in favour of the use of smartcard technology over magnetic strip. We have said constantly that we have no problem with the idea of the Medicare card being upgraded to smartcard technology.

CHAIR —I was going to ask you that. You do not?

Ms Johnston —We have no problem with that. We think it would be a very good idea.

CHAIR —It is a very retro-technology card, is it not?

Ms Johnston —It is very insecure.

Senator LUNDY —My question is not really about the chip but the ability to read it. The chip is only secure whilst it is not in a reader.

Ms Johnston —It is only secure if it is encrypted. It is only secure if it is PIN protected. What we do not see in this bill and what we do not have clarity from the government about is authorised readers versus non-authorised readers.

Senator LUNDY —Will the readers have to be registered themselves or on a list and issued?

Ms Johnston —Exactly. In my discussions with the former minister, Joe Hockey, I asked: why do we need the photograph on the face of the card and why do you need the number if the people in the human services area—health and social welfare benefits people—can read the information from the chip? There was some discussion about DHS, Centrelink, Medicare and Veterans officers being one thing, but how about when you go to use it at the pharmacy? I said, ‘Does the budget for this project include giving all doctors, pharmacists, et cetera, photo readable card readers’, and he said, yes, that is possible and that is part of the budget.

One of our arguments is: why not put those details only on the chip, make them encrypted and make them available only to those with authorised card readers, and make those readers available free of charge to those in the health and social services sector, including the GPs and pharmacists, for example, but you do not give it to the banks, Video Ezy or Qantas, and you make it as tough as possible for those people to get those machines. I am not going to claim that they cannot be forged in some way.

Senator LUNDY —We will pursue that with the department. How widely these readers were able to be distributed and the policy relating to the distribution of the card readers would be a key determinant in how widely this card was used, particularly on the chip stored information.

Ms Johnston —Absolutely. The government’s argument that it is also a concession card suggests that, for people with changeable concessions, who are in and out of unemployment status, as opposed to a permanent concession status, if that information is going to be on the chip then you are going to be talking about people who sell bus tickets, movie tickets and a range of government and business organisations that offer people concessions having chip readers and being at least able to read that section of the chip. We have not really had a discussion about whether that means they can read everything on the chip.

Senator LUNDY —In your discussions with the minister previously, was there any indication that anyone with a card reader would have access to the central database or part thereof?

Ms Johnston —I do not think that I even asked that question. The minister was very gung-ho about his iPod Mini idea, that there would be this personal space on the chip where you can store anything you like. That very much suggests that at least that section of the chip could be read by anyone who had a chip reader.

Senator LUNDY —On another issue altogether, do you have any knowledge about the experience in other countries and other jurisdictions where some type of identity card has been introduced that resulted in cost blow-outs or major contract overruns in the implementation of that technology?

Ms Johnston —I would have to take the budget aspect of that question on notice, but I can say that I looked at the system coming in in Germany a year or so ago. The German smartcard health insurance rebate uses a similar kind of system. The card was moving to a smartcard system, and the Australian government has used that as a example of a similar system. It is always worth noting that there are quite distinct differences between Australia and Germany. For example, the card in Germany is not going to be issued by the federal government. It is to be issued by private health insurers, and then there is something like 10 per cent of the population not covered by one of those, and they will be issued by somebody else. There is a range of different databases and card issuers, none of whom can talk to one another. Identity cards in Germany are issued by the local regional government level, not the federal government level; their databases cannot talk to one another. They also have quite specific prohibitions in their constitution about use of the ID card number for unrelated purposes. Those systems are not proposed here and we certainly do not have those legal protections here. The comparison saying, ‘Something very similar is coming in in Germany; we have nothing to worry about’ is a fairly fallacious argument.

Senator LUNDY —I think we have given you lots to follow up on, but I would interested in any information about the implications for the government budgets.

Ms Johnston —I will take that on notice.

CHAIR —Thank you, Senator. I appreciate your expedition with those questions. I have a couple of questions. You touched on this with Senator Lundy’s questions about the access card. I did raise this with Ms Scott, and I think you were here but there was no time for her to debate the issue.

Senator LUNDY —We will quote you on that.

CHAIR —It is not Ms Scott’s fault. It is simply that there has not been the time, but perhaps next week there will be. You mentioned the photograph, the universal personal identifying number on the back and also the digitalised signature. If they were to be removed, would you be much happier about the card or is it the architecture or the infrastructure that worries you even more?

Ms Johnston —If they were to be removed from the surface of the card, we would be a lot happier about the card. That does not remove any of our concerns about the database.

CHAIR —We will keep those separate for a second. Professor Fels’s committee supported the photograph with some equivocation; you would be aware of that?

Ms Johnston —Yes.

CHAIR —It did not support the number and did not support the digitised signature. The Privacy Commissioner was against all three. Why are you against the photograph being on the access card? Why do you oppose it?

Ms Johnston —For two reasons.

CHAIR —In the end they came out in favour of it, as you know. It was with some equivocation, but they were in favour of it.

Ms Johnston —Yes. If this card is only about accessing a fairly limited range of government services—as I said, it is a finite number and I understand the budget can accommodate giving photo-readable card readers to all the Centrelink offices, Medicare offices and even GPs, pharmacists and so on—and if all of that information can be read off the chip, there is no need to have it on the surface of the card for the objective of the card. By having it on the surface of the card when it is not needed for that objective, it lends the card more weight as an all-purpose ID card and means banks, Video Ezy et cetera will want to see it.

CHAIR —It invites the use as an identity card, whereas if there is no photo, no number and no digitised signature—

Ms Johnston —If there is a name and an expiry date it is useless except for the purposes for which it was designed.

CHAIR —Thank you for your help. We will have a three-minute break while Vision Australia comes to the desk.

[11.03 am]