Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download PDFDownload PDF 

Previous Fragment    Next Fragment
Human Services (Enhanced Service Delivery) Bill 2007

CHAIR —Ladies and gentlemen, I call the committee to order and welcome Professor Allan Fels and Professor Chris Puplick to the table. Before I invite questions from my colleagues, Professor Fels, do you have an opening statement?

Prof. Fels —Yes. Thank you very much. When the government announced its intention to introduce a card, it established an independent task force to advise it publicly on privacy and consumer issues, and its reports would be issued publicly. The task force is made up of me, Professor Puplick and Mr John Wood. We have issued an early discussion paper. We also issued report No. 1 on the architecture of the card. We also published comments on the draft bill in the form that it was in, in early January. We have put out already a discussion paper on emergency and health data. We also have a discussion paper on registration. It has been with the Minister for Human Services for a few days but—

CHAIR —The registration paper is with the minister?

Prof. Fels —Yes, with him. We also have a few upcoming things that I should mention by way of our work program that I am sure will interest you. We are going to do a report on appeals processes under the proposed legislation. That is in regard to things like whether someone is refused a card or decisions by the secretary and so on. We are also going to do the privacy impact assessment about how personal data is handled and dealt with. We are doing a report on the customer controlled section of the chip. We will also be doing a paper on any further tranche of legislation.

CHAIR —Professor, by ‘any further’ do you mean the second or a further tranche than the second?

Prof. Fels —I think each tranche of legislation. The next tranche is the second, and we would be reporting on that.

CHAIR —You are not foreshadowing a third, are you?

Prof. Fels —No. We are also doing work that will be embodied in a report about exemptions and exceptions and about cancellations and suspensions of cards. Finally, we will do a report on governance issues in regard to the card. When the government announced its proposal for a card, we saw our role as being to advise on privacy and consumer issues arising from that. Our focus has been less on the justification of the card and more on the details. Not that I have general problems with the card, but we are more concerned with the details.

The broad view that I and the task force have is that it is possible to have a new card of broadly the kind the government has proposed that would benefit consumers, make transactions easier, not harm privacy, benefit government processes, and not be an ID card in the sense that one is required to produce it or in a number of other popular senses. We think it is possible to have a card of that kind.

CHAIR —That is good news.

Prof. Fels —We have made a number of recommendations. The major recommendation in the first report was that indeed there should be comprehensive legislation to define the nature of the card and its functions, to limit function creep as far as possible and to ensure privacy protection, and that is the legislation that you have before you. Most of the recommendations in our first report were accepted. Two recommendations that were not accepted included our saying that the number on the surface of the card—on the rear of the card—should not be there; it could be on the chip. Similarly with the signature, we did not think the case had been made out for the signature to be on the surface of the card. I am happy to discuss that, but I will continue this statement for a minute or two. Also, I would suggest that at this very moment there has not been a fully comprehensive response to issues about the destruction of documents. Although I have not quite followed it all, I did pick up Senator Stott Despoja’s question about this. I think it was said to her that that is unresolved.

We also put out a paper on the draft legislation as it appeared in January. That was a public submission. The government accepted a fair number of the recommendations that we made; for example, that the place of birth was irrelevant, and that has now been removed. Also, we were critical of the use of titles on the face of the card or even inside it, and on the whole we had some success with that recommendation but there are also some titles left on it—’Mr’ and ‘Mrs’, which we do not mind. We have some doubts about ‘Dr’. Also, there was the fact that it should be made a lot clearer in the legislation that the card should not be used as an ID card. On the whole that proposal was also accepted. Really they are the things. I am happy to talk about the issue of the number on the card, the signature and that kind of thing or to answer any other questions.

Senator STOTT DESPOJA —I am happy perhaps to facilitate this process. If I bring up a topic that other senators want to ask about, maybe that is one way of doing it. Professor Fels, you pre-empted my question in relation to some of the recommendations of yours that had not been adopted. I, perhaps cheekily, ask you for your top three recommendations that have not been adopted so far—those that you wished were adopted.

Prof. Fels —The number on the card and the signature on the card. And, I am not 100 per cent comfortable with date of birth. On the question of the number on the card, there are three options.

CHAIR —We have just had this discussion with the Privacy Commissioner. I questioned her at some length. She had no particular objection to the number. I queried that and I was not particularly satisfied with her answers. Nonetheless, that was her stance.

Senator LUNDY —We were not satisfied either, for the record.

CHAIR —I just wanted to raise that. I wanted you to know that. On the other hand, she was against the photograph, or thought that it should be optional, and against the signature being on the face of the card.

Prof. Fels —I am happy to talk about the photo also. On the issue of the number, to state the obvious, you could either not have the number on the card, you could have the number on the card for everyone—that is, it could be compulsory—or cardholders could have the option of having the number on the card. We originally leant against the idea of the number being on the card, but we see much merit in the idea that it is the option of the cardholder whether or not there is a number on their card. I suspect you know all the arguments for and against, but I will briefly mention a few. The arguments for the card—indeed, I think they are set out by the government—are that the number can be used by customers and agencies for quick identification over the phone or online, and that is rather convenient. But it is also a double-edged sword, because having the number visible on the surface of the card also increases its vulnerability to fraud and to identity theft—and that is despite the fact that there are secret questions and so on as a safeguard. Also there is an argument put up by the government, which I do not fully understand, about providers sometimes needing a reference number to get a refund. I also wonder whether this is a question of asking the government whether they could think about changing their ways of doing business a little bit, because there are significant privacy issues involved in regard to the card and so everything should not be entirely dictated by a given way of doing business.

Also it has been said that clients cannot remember numbers. That is quite possible, and the numbers will be rather big ones. But I think, on the other hand, that would be a factor if people had a choice. They might think, ‘It is more convenient for me and I’d prefer to have it on the card so that I can always know what it is.’ Others would not want it on the card. Why not, perhaps, make it a question of consumer choice. In regard to the issue of not remembering numbers, one can think of quite a variety of situations where you cannot remember the number and it does not matter; at other times there may be some inconvenience through not having the number in front of you. Another point put forward is that systems fail and therefore you need some numbers around. But this is a rather unhappy basis upon which to support having a number on a card, it seems to me.

We have heard from the Department of Veterans’ Affairs that veterans are very attached to the number. They have a familiarity with the number and they are attached to it. Again, maybe that could be dealt with by giving people a choice. The problem with the number that we have had—as, I am sure, have others—is that it is a little bit of a step in the direction of having a unique personal identifier number. I think the number has to be in the system and it has to be on the chip. We are not against that. So this one is a more marginal call. Nevertheless it is just taking a little step closer to a unique identifier. Of course it is proposed now that the number changes, and that is an improvement over the original proposals. Originally we thought there would be one number that you had for life. Now if you change your card, you get a new number. Nevertheless, it is a step in the direction of a unique personal identifier, and there would need to be quite a strong case for it.

I think, in regard to the number, you have to strike some kind of a balance between privacy issues, protection against fraud and identity theft, and things of that sort versus some probable greater inconvenience if people do not have the number on the card. What better way could there be of resolving this issue than giving people the choice? I suppose giving them the choice does bring up the problem that it starts to get a bit complicated enrolling for the card, because you would have to give people some idea of the issues in determining whether or not to put their number on the face of the card. I have not heard anything thus far that suggests this would make registration impossible or anything like that.

Senator LUNDY —The way you have articulated it, there is a cascading list of reasons for why the government has contended that the number ought to go on the card. But from our perspective, we hear the government saying all the time that the primary reason for this whole initiative is to crack down on fraud. Do you agree with the proposition that therefore the decrease of vulnerability to fraud ought to be the primary objective?

Prof. Fels —Of the whole card?

Senator LUNDY —Of the whole exercise, which would logically mean that the number not be on the card at least in a default situation?

Prof. Fels —My general take on the card is that the present card has reached its use-by date, or soon will, and it has to be replaced. But it has to be replaced—

CHAIR —Do you mean the Medicare Card?

Prof. Fels —Yes. It has to be replaced by some kind of smartcard technology, and there are quite a few pluses in the new card. It is not simply a question of fraud. There is also some convenience in that if you go into Medicare to make a claim or into Centrelink, you often have to spend more time on identity questions and things of that sort than will likely be the case with the card. So it does have some other advantages besides just cracking down on fraud.

Senator LUNDY —The point I am making is that the government has self-nominated that as being one of the primary policy motivations for it. We know there are lots of other reasons, but that is the one that the government keeps waving about first and foremost. From the opposition’s perspective, that is the one that they try and say that we have a problem with in terms of our concerns with the access card.

Prof. Fels —I have mentioned a number of reasons, and I suppose you are making the point that you might reduce the fraud in one dimension and transfer it to another dimension. That is a concern that is on our minds in regard to the card. There are fairly complicated trade-offs in that, but I think there is some onus on the proponents to be able to show that you need the number on the card.

Senator STOTT DESPOJA —I am going to draw you back to your top three again. We have covered the number. You mentioned the signature?

Prof. Fels —Yes. The story in regard to the signature seems to me to be fairly similar. Again, a signature on the chip is fine or is necessary, but whether it should be on the surface of the card is more problematic. There seem to be three options: that it is not on the card at all, that it is on the card or that it is optional for cardholders, even though it would still be on the chip. Regarding the signature, firstly, we have heard that a lot of people, including veterans, actually like having the signature on it. It also probably facilitates processing, but remember that the signature will be on the reader so it will be possible to check the reader, and maybe that will be less efficient and slower, although I am not totally sure of that. The main checking seems to be on forms that come in. Against the signature on the face of the card are fraud or identity theft possibilities. It is one more piece of centrally stored data, and one should exercise a bit of caution and be satisfied that there is a reasonable case for actually having stored somewhere millions of signatures. I think there are some reasonable arguments for making this a matter of choice.

Then, again, we go back to what the registration process would be like in this situation. It would complicate it a bit, because people would have to be informed in some minimal fashion as to what the kinds of issues are in whether or not they sign up. Also it may be, for all I know, that people make a choice on the day and then they think about it in the light of experience in following years and change the card so we get a number of card changes as time passes and so on. On the whole, we favour the choice option.

There are two other issues. On the date of birth, as you may recall—and I have no criticisms of this—the issue of users having the choice of putting their date of birth on the card came up a bit late. You can see why many people would welcome that, and who are we to interfere with people’s choices? One thing that has, however, struck me as a possible way of addressing this would be to give people the option of simply saying what the month and year of their birth is, so it would leave their birth date off. That would reduce the chances of identity theft and fraud somewhat. The more data on the card, the more the problems. As we have mentioned in the report, it can be quite a big operation and there will be not nice people, whether here or overseas, thinking of ways of using the card for their advantage and getting the full birth date on it. I just raise that question.

We also raised the question of whether there could be flagging so that there is a flag if you are 18, 55, 60 or 65 years of age. I understand, although I have not checked this, that there is a fairly large number of alternative ages in relation to various concessions, so the number of flags would be fairly large. I am not particularly arguing against that. I do suggest that it would be useful to have a look at this question of whether you could have less information on the card. If you were heading in that direction, a further issue would be: do you mandate that people can only put the month and year of birth and nothing else, or do you give them a wider choice? It will start to be quite a complicated enrolment process if we are not careful. I see some merit in having the month and the year of birth, but I think it would be useful to get a government response on that one. It has not been publicly discussed by them.

CHAIR —And the photo?

Prof. Fels —Isn’t it interesting? There is a somewhat similar set of options here. Do you have it on the card? In our first report, we said yes.

CHAIR —Yes, you did, with some reservations, though.

Prof. Fels —Yes. There are options there. There is the question, again, of whether it is optional but it is in the chip. The government has said in its submissions and so on that having the photo on the face of the card would facilitate transactions for consumers. There would be quick recognition of them in dealings with the government and maybe in dealings with doctors, pharmacies and so on. It is the idea that you just hold up the card and it shows your face. If you did not have the photo on the card, I think whoever was dealing with you, the cardholder, would have to take a bit of time to look you up. This is a social services and Medicare card, and all the people dealing with you will have their own reader. Presumably the readers will work pretty quickly. Probably having the photo on the card would speed up processes and would have consumer convenience advantages. Certainly there is a case for having the photo to begin with, because that stops this double claiming or multiple claiming that we have heard about in terms of someone under the present system sometimes getting many cards. It would seem that there is a justification for having a photo in the system,

CHAIR —By ‘in the system’ do you mean on the chip?

Prof. Fels —Yes, on the chip.

CHAIR —It does not have to be on the face?

Prof. Fels —Yes. We are not against it being on the chip or on the register. It is not an insignificant issue having a photo in this situation. It is also true that photos are part of the modern scene these days, and we have all sorts of instances of photo identification—drivers licences and many other forms. Some of the great battles over privacy have been lost. Again, this involves the government having a collection of photos, which again should be viewed with some caution.

Senator STOTT DESPOJA —On that point, do I dare weigh up the arguments you have just put to us? It sounds like you are still quite equivocal at best on the issue of a photograph. In fact, I would argue the information you have just given us now would weigh against having a photograph on the surface of the card as opposed to—

Prof. Fels —It could be a matter of choice.

Senator STOTT DESPOJA —What do you mean by ‘consumer convenience’?

Prof. Fels —What I mean is that if you walk into Centrelink or Medicare—and also when you go to doctors and other things—with a card with your photo on it you can be immediately identified as the person. As you know, if you walk in with a Medicare card with someone else’s name on it they cannot really—

Senator STOTT DESPOJA —But they still have to use the reader, don’t they?

Prof. Fels —Yes, that is right.

Senator STOTT DESPOJA —So it is certainly an added bonus in that respect, from a convenience perspective, but it is still not something that is necessary?

Prof. Fels —Yes, that is true. They have to use the reader for these purposes. But there are cases where people will look at the card and immediately see that your face matched it without having to open up the reader and all that kind of thing. That was what I was—

CHAIR —But you would not allow someone to access welfare without reading the cards.


Prof. Fels —Maybe I could clarify this. In the non-Commonwealth-government situation, for some people the card with the photo on it would be a very useful form of personal identification. Isn’t that what you are on about?

Senator STOTT DESPOJA —No. I think the chair is going to pick up on that point.

CHAIR —I am going to put this into context. We have heard arguments about consumer convenience and we have heard from veterans and blind people about the advantages of another form of identity. I think we all accept that. But I am not convinced that that of itself justifies the apparatus. Getting back to your point, Professor, if you can make a choice, in other words, if you want a better form of identity—and I think this is what Senator Stott Despoja is saying—in other words, if veterans want it, blind people want it, other people want an extra form of ID, then let them have the photo, the number, the signature or whatever. But that does not mean it has to be compulsory for the rest of the country. Is that putting it in the right bundle?

Prof. Fels —Yes. As I said, we originally supported the photo on the card and the idea of it being a matter of choice did not come up. But I now tend to see the idea of it being a matter of choice as having a lot of merit, almost to the point where I think a very strong case would need to be made against that before you would remove the consumer choice possibility.

Senator LUNDY —To follow up on that point: despite previous recommendations to government, are you now confirming for this committee that the preferred way forward, in your view, would be to have an optional photo on the surface of the card?

Prof. Fels —On balance that is our current position, but I think also that it would be useful to hear more from the government on their perception on this, whether there are any major administrative problems or whether this would mean that the whole system that they are proposing to have does not work. I would have thought, however, that the big thing for them is to have a photo in the chip and on register rather than necessarily compelling it to be on the card when there would be some people who would be strongly opposed to that and not like it and there would be others who, given the choice, would not want their photo on it.

Senator STOTT DESPOJA —Thank you for that. I asked for your top three and I got four and counting. I am sure we could go on, but I might just ask questions on a couple of other matters, Professor, just in the interests of time.

Prof. Fels —Yes, please.

Senator STOTT DESPOJA —We should check if you are happy to take questions on notice, by the way.

Prof. Fels —Yes.

Senator STOTT DESPOJA —You are in the process of a privacy impact assessment.

Prof. Fels —Yes.

Senator STOTT DESPOJA —Obviously there has been one previously, which is a very private privacy impact assessment. The rest of us are not allowed to look at it, and I know I am not going to see it, but I still plug that particular request to the department/government. Do you understand why some of us are feeling very uncomfortable about potentially passing the first tranche of legislation with minimal if any privacy safeguards in this bill or, in fact, areas of the legislation, such as clause 33(a), which allows for the individual’s space on the card, yet no details as to what the functions, role or the protections will be in relation to that section. I find it staggering that some of the key issues of privacy protection and security, and broader matters, have yet to be resolved. They are in the process of being discussed, debated and analysed but not necessarily solved. Do you think it is a bit of a big ask to expect this tranche of legislation to be passed?

Prof. Fels —I am reasonably inclined to leave that to your greater wisdom than mine and to note that you will get the second go, anyway, in this next tranche.

Senator STOTT DESPOJA —Sorry, get a—

Prof. Fels —I do not know that I could add anything for or against it, except to note the obvious point that the matter is coming back to you for a second bite at the cherry, in any event. We are doing a specific paper on the customer controlled part of the chip. That will be made public.

Senator STOTT DESPOJA —Indeed. I realise that you are doing a paper on that, but it is effectively legislated for in this part, this tranche. It is provided for in this part of the legislation. I acknowledge that your good work is ongoing, but that should belong here, should it not? This is the foundation that is being laid for those specifics but we do not have the specifics. Can’t it wait? Could we at least delete this part—33(a)—and just deal with this bill, which is essentially about the Commonwealth functions?

Prof. Fels —I am not very keen to get into that one. This is for the wisdom of the legislators, which we know is really big.

Senator STOTT DESPOJA —You know how to turn down a question in a really polite way. Using ‘wisdom’ and ‘legislators’ in a sentence gets me every time. Can I ask about the smartcard technology? You have said on record today something that we all acknowledge: the Medicare card has an antiquated element to it and the world is getting into smartcard technology. You mentioned it had pluses. We are talking about a fairly ambitious proposal. Do you believe that the technology is sufficiently mature for a project of this kind? You are confident in the maturity of the technology?

Prof. Fels —Is this in my capacity as one of the world’s leading economists or as one of the leading regulators?

Senator STOTT DESPOJA —Just your general wisdom.

Prof. Fels —My general feelings about it are that the technology is okay for this. That is, I see that things like banking cards and the technology there works well. There are worries and hazards about the whole fact that there is an industry out there working extremely hard to try to bust into these systems and so on, but they seem not to have got caught up. My own feeling—but it is no more than that—is reasonable confidence about the robustness of the technology from the point of view of protection against false invasion and so on.

Senator STOTT DESPOJA —Can I ask you a bit about the process? You have been obviously involved in consultations, and for that we thank you personally, and particularly Professor Puplick, for including us in your discussions. Have you had feedback from some of your submitters expressing concern about the pace at which this legislation for the smartcard/access card is unfolding?

Prof. Fels —There were grumbles about the consultation process with regard to the legislation and the turnaround time in January. On the other hand, the whole project was announced in the middle of last year and there has been an ongoing release of information about it. My impression is that the well-informed critics have had a fairly good opportunity to look at the policies and so on. There is a fairly well-informed critique, it seems to me—and an appreciation, for that matter—of what is happening.

Senator STOTT DESPOJA —Have you had many discussions with the Privacy Commissioner on the implementation of this card?

Prof. Fels —I have had some but not a huge number. Of course I know her quite well, and we had an early discussion. She has put in significant submissions, which I have read and studied. It is just I have not had a lot of meetings with her. I have also met the UK Information Commissioner. I had a big talk with him about it. That is in a slightly different setting. We are taking heaps of notice of the Privacy Commissioner’s submissions.

Senator STOTT DESPOJA —Do you have a view for the committee on the role or potential role of the Privacy Commissioner in the context of this legislation passing and the access card being in operation? For example, do you believe there an argument for strengthening the role of the Privacy Commissioner or added resources for dealing with complaints that may or may not arise with an access card or maybe for strengthening provisions in the bill that see consultation being mandatory? Obviously there is a provision for consultation, but it is not just about seeking advice; it is also about the advice being taken. I am just trying to work out a role for another party in keeping an eye on privacy.

Prof. Fels —Yes. We are going to do a separate paper on governance and that will undoubtedly bring up that question. Also, the Privacy Commissioner will obviously be giving us assistance with the privacy impact assessment.

Senator STOTT DESPOJA —So that governance paper presumably will look at broader accountability, public accountability mechanisms and issues like a public interest monitor or—

Prof. Fels —Yes, and whether it should be the Ombudsman, the Privacy Commissioner or someone keeping an eye on it and things of that sort. That is the sort of issue we will address.

Senator STOTT DESPOJA —Do you have a comment on the broad-ranging discretionary powers in the legislation for the minister and/or the secretary of the department? There are 20-odd mentions in the legislation or provisions for quite broad discretionary powers. Is that something you would care to comment on?

Prof. Fels —Again, we are doing a paper on appeals, but that is mainly on the mechanism. As a general principle, we think for most of the decisions that can be made under the legislation there should be some rights of appeal or parliamentary scrutiny and that kind of thing. There is reasonable provision for that, but I would suggest that one should err on the side of caution on this matter in terms of maximising the parliamentary review processes and appeals and so on. The question of the discretion is dealt with in the registration paper, which the Minister for Human Services is no doubt thinking about at the moment.

Senator STOTT DESPOJA —You mentioned in your opening statement that that has gone to the minister; that paper was with the previous human services minister, Senator Campbell. When did he get that?

Prof. Fels —On Wednesday night.

Senator STOTT DESPOJA —It was a big week. I am assuming it will be passed on to the new minister and then obviously that will be made public.

Prof. Fels —I believe so.

Senator STOTT DESPOJA —The issue of discretion I think has an impact on privacy considerations, particularly, for example, the role of the secretary in designating who is an authorised person. That is why I am asking those questions. I realise that there are lot of papers on which you are working and that are in the offing, but again I get back to my point that I want to be able to look at this legislation in conjunction with some of those issues and those questions being asked and preferably answered. For example, would you support or do you have a view on enshrining in the legislation a list of authorised persons or making clear who has access to the register—for example, actually explicitly stating or defining authorised access?

Prof. Fels —My initial take is that I would be a little hesitant to put that into legislation, but there should be some process where the parliament has a chance to review these matters, and I think there are some mechanisms for parliamentary scrutiny and so on. Also, I am happy to come back to you on that one a little bit.

Senator STOTT DESPOJA —Perhaps even now or on notice you could consider the converse—the idea of explicitly prohibiting unauthorised access and making it very clear what constitutes unauthorised access to information. Again, I know you have mentioned the appeals mechanism. I am happy to make this my last question. I know I have had a lot of time. I could just keep going. You mentioned the appeals paper and other issues that you will be working on. On the issue of redress, which you commented on in your opening submission, do you believe that people who have had their information accessed for one reason for another, in an unauthorised way, should have not just the right of a civil remedy, if you like, but actually the right to be informed of any potential privacy breach or browsing through their information that is in some way unauthorised? I am not suggesting it is easy to do. The Privacy Commissioner today talked us through thresholds and a range of other interesting things. Is that something—

Prof. Fels —As a very broad principle, yes, if someone’s information is improperly accessed, generally speaking, they should be informed.

Senator STOTT DESPOJA —I will put further questions on notice, unless we suddenly have a lot more time.

CHAIR —We will see how we go. Professor, before I hand over to Senator Lundy, I just want to raise an issue that was raised earlier today with the Director-General of ASIO and also the Australian Federal Police and then I raised it with the Privacy Commissioner—that is, the Privacy Act and how it relates to law enforcement and law enforcement exemptions. With the creation of the access card and the national register of information and also potentially a photographic database, do you think that the Privacy Act offers sufficient protections to both the photographic database and the national register? The director general said to me: ‘We don’t in certain circumstances need a warrant. We will have access to the information if required.’ That is right, but the fact is that this is creating new sources of information and bringing them together. Does the Privacy Act offer sufficient protection to the community against privacy invasions from law enforcement bodies?

Prof. Fels —This is not exactly false modesty. I am stronger on the more obvious consumer privacy things and the trade-offs in regard to national security and so on. But we have suggested, by the way, that there should be some cross-referencing in legislation to possibilities of gaining access and that in some way the ASIO/AFP access should be set up in legislation rather than relying on other acts, as far as possible. I do not know the practicalities of that, but that would seem to make some sense to me as a possibility.

CHAIR —Thank you for that. That does make sense. That progresses the debate for us. The Privacy Commissioner did tell the committee that she was proposing for the second tranche some secrecy provisions. That is fine, but I am just not sure it goes far enough. If we can specifically address these issues in relation to the AFP and ASIO, and that is your proposal, that is terrific.

Senator LUNDY —We have heard a lot of evidence from other parties about the fact that there is very little information about the technological design of this system. We are not privy to the tender documentation, although I plan to ask the department lots of questions about that later today. We do not know that the technical features of the system are. We do not how secure the readers will be or whether the readers will have software capable of making copies by their nature and it will only be the law that prevents that rather than the technical capabilities of the readers and so on.

There are lots of other questions about the intraoperability of the databases and how agencies providing services will be able to communicate with that database and how secure that exchange of data will be as well as how secure the actual systems work. We just do not know. How confident are you in the conclusions you have reached and the advice you have given that you have enough information about the technical and technological design of this system to inform your determinations to date?

Prof. Fels —It is a question of the process that is followed in advising us of the technological soundness of the scheme. In that regard there are some processes being set up within the government, which we have discussed in our initial report. Basically, the idea is that the Defence Signals Directorate, which is a very high-powered group, is going to review the technology and, in particular, the security of the information. We would expect them to give it a really rigorous workout, and if they give it a clearance then that would make me feel comfortable.

Senator LUNDY —Further to that, do you think it is possible to design privacy into a system or do you think that the privacy has to be an innate or built-in part of the technology itself?

Prof. Fels —Generally, my concerns on privacy are not strongly on the technology side, although everyone knows there is always the possibility of something going amiss, but more in terms of the uses of the data. I have been keen to see that there should be very strong protections, safeguards and so on about ordinary people in government and elsewhere getting access to the data. Maybe there needs to be a double-barrelled approach to this so that everything is done in the technology to protect privacy, but at the same time you need a strong legislative backup. I do not know if that answers it.

Senator LUNDY —It does. As I said before, the frustration is that we have a lot of quite grand statements from the government about how rigorously protected privacy will be; it is being closely analysed by you and your committee. But most of the conclusions really come down to public policy intent. What I am interested in being able to test, which this committee will not be able to do, is how closely the features of the system match that intent in a technological sense. I have a lot of experience in looking at how closely the public policy intent matches up with the technology deployed, and this government does not have a good record. When companies were first allocated an ABN number as a result of the GST introduction, the ABN data was put on CD and sold to Dunn & Bradstreet, because there was no public policy consideration about the implications of that and so forth. I am sensitised to this match or the potential mismatch. Because we do not have any of that technical design detail, we are sort of living in hope that there will be a match.

The recommendations that you have made—and perhaps even the ones that you have made and have not been accepted—might be a part of the ultimate legislation that passes the Senate. Who knows? That is unlikely, but we live in hope about that, too. That is all good, but how closely that matches the ultimate outcome is something that concerns me greatly. It is a lot of words, but it leads into: what is the ongoing role? Do you have a role in looking at making sure that the public policy intent, as expressed in the legislation, is followed through in the design, deployment and operation of the system?

Prof. Fels —Generally, we are definitely around for the first two years dating back to last July or thereabouts. I think the appointment is for two years but with the possibility of some renewal, I guess while the registration is going on. I have never thought that we are here permanently, but we might be—

Senator LUNDY —You might need to be.

Prof. Fels —We will be making some recommendations on governance, anyway, once the law is in as to how that should be done. There is always uncertainty about new technology. Sometimes it goes wrong initially and gets corrected, so sometimes the problems are temporary not permanent. I do not think this is a very valuable statement of mine, but I am not deeply worried about the technology at the moment, but I am not an engineer.

Senator LUNDY —In a previous Audit Office report into the IT outsourcing of three major contracts—I think it was conducted in about the year 2000—the Audit Office found that departments had not taken care to ensure that the IPPs and the MPPs had been reflected in the contracts. The Audit Office made a series of recommendations advising all agencies and departments to ensure that their IT contracts did impose those requirements on their contractors. Have you tested that within the current tender documentation that is now being responded to and are you satisfied that the successful contractor will be required to abide by those privacy laws?

Prof. Fels —We have not had access to any tender documents, and this is for probity reasons.

Senator LUNDY —Are you likely to be able even to ask this specific question to see how the tender documents treat the issue of responsibilities in relation to the privacy principles?

Prof. Fels —All I know is that we do not have access to them for probity reasons, and I do not know if there is anything more I can say on that. We just do not—

Senator LUNDY —You do not have any access to them? Just going back to the earlier points, how are you able to then test—

Prof. Fels —I missed your question?

Senator LUNDY —How are you able to test the veracity of how your accepted recommendations are being implemented as far as the tender documentation goes?

Prof. Fels —We could ask if there is some form of access we could have to this information that you have raised. I would be willing to ask the question about it. Also, as I said, we know there is a process under which the Defence Signals Directorate is going to have a careful look.

Senator LUNDY —That is more security rather than privacy, though. They do not tend to look at privacy per se. There is quite a formal standard for the security attributes of software and hardware that I think they will test the tender against. Privacy is slightly different because there is not a standard.

Prof. Fels —Yes, I agree.

Senator LUNDY —There are the privacy principles. One of the problems in other IT contracts was that where the contract did not adequately evoke them and create that requirement, whilst the Commonwealth is always responsible for it, there was confusion among the contractors in how they had to acquit themselves against those privacy principles that existed nationally.

Prof. Fels —I wonder if you would like to ask the government later today about that question, and we can at least put that question to them ourselves. But it would be even better if you do. I will be happy if you wanted to send us a question after that on notice or—

Senator LUNDY —I will certainly try and find now the reference to the Audit Office report in the past so you can have that.

Prof. Fels —I suppose another way of putting it is that we have made a number of recommendations on privacy, and a question could be asked about how much they have been taken up in the tender documents. That would be a reasonable question to ask.

Senator LUNDY —Yes. I remember trying to get that information myself for many years and also in the contracts once they were signed. The audit report was the Implementation of whole-of-government information technology and infrastructure consolidation and outsourcing initiatives. The year was 2000-01 and the tabling date was 6 September 2000. I have a general question: why have you not been given a copy of the tender documents to have a look at it for the purposes of assessing the privacy regulations?

Prof. Fels —We were told it was for probity reasons.

Senator LUNDY —What are the probity reasons that would somehow compromise the government if you had a look at those documents? Probity is a general issue. What is the potential conflict for you?

Prof. Fels —I do not particularly know. Maybe you could ask the department what their take on that question is. I do not know that I have got anything on that. I would be speculating on what the reasons are. We all know that there are rather strong probity requirements, a lack of a statutory basis and all that kind of thing. At the moment only the people responding to the tenders have been given access to them. Perhaps you could ask that question of the department.

Senator LUNDY —Thank you.

Senator NETTLE —Thank you for your submission. This is a question that I asked the department at estimates. There is a conference being held at the end of this month which is called Cards and Payments Australasia 2007. Ms Johnson from the Office of Access Card is presenting at that. I have got the documentation here promoting the conference and when I read out to her and she said, ‘That is not what I told them I was going to talk about.’ I want to read it out to you because I think it is a useful insight into how the industry is perceiving the access card and then I want you to comment on that.

The title of her speech is ‘Towards a cashless Australasia’ and it says that it will cover the retail implications as foreseen by project leaders. The blurb advertising it says, ‘The question on everyone’s mind in industry circles is will the private sector be able to get in on the act and tap into the benefits of the card’s technology.’ To me that makes it pretty clear what people are thinking. We had the Australian Bankers Association appear before us yesterday. When they were asked if they had an opinion on the personal side of the chip, whether it should be there and what should be on it, they said they did not have a view at all. We are a bit stuck in terms of getting an idea from industry about what ideas they may have, because of course there has been speculation on content and people’s concern around it. I do not know if that is an area that you have looked into, but do you have any comments or views in relation to it?

Prof. Fels —We have generally seen the card as being about access to government services. We have had a huge number of suggestions about other uses of the card. It is true that there are a lot of people in the street that say, ‘This is terrific. We’d like it to cover everything, including shopping lists and the works.’ The private sector has been very interested. Our take from the beginning has been that it is extremely important that there be comprehensive legislation which limits what the card is about so that it would require parliamentary approval for major uses of the card. No doubt you know all of this but there is limited capacity on the card, and so it is not such an ambitious card that a lot can be done on it anyway.

As far as what will be on the card, we are doing a report on the consumer control bit of the card and that will address questions, but at the moment our broad approach is that there will not be massive capacity on the card to do really ambitious things. Again, I had a look at estimates but you have already said that the department disowned it. My take on it is that it is not about that. I have also thought that it is important that it is understood that this is not meant to be a national ID card for security purposes. Once you say that, many things follow from it about what it should and should not be.

Senator NETTLE —You talked about the capacity of the chip. I have a question in on notice with the department about the capacity of the chip, so if you are able to give us an answer in terms of how big the chip will be that would be good.

Prof. Fels —I think it is best if the department answers that. Everything I have heard suggests that it would be somewhat limited capacity.

Senator NETTLE —A number of times in the committee over the past three days people have raised the idea that the Queensland government is in discussions about whether they can use part of the chip for their drivers licence. I would have thought that you would need a fair bit of space for that. I am just trying to reconcile your answer on there not being much space with what we have been hearing about the Queensland government wanting to put drivers licences on it. Maybe you are not in a position to be able to answer that.

Prof. Fels —You will have to send that one off to the department.

Senator NETTLE —That is fine. I want to go to the point that you were discussing with Senator Mason before in relation to ASIO and the view that you expressed around some regulations about their access to the database. I wanted to ask you whether that comment referred to the AFP and the state police as well, because we have not had the opportunity to find out how that is going to interact. My understanding of the legislation is that it would be overridden by any ASIO act, so if we tried to put anything into this legislation that restricted ASIO’s access to the database, under its own legislation and guidelines it does not require a warrant to get access to information held by Commonwealth agencies. So even if we did something in this bill, my understanding is that it would not prevent that access. I could be wrong about that but I want to ask about that point.

Prof. Fels —I am not an expert on this but if the parliament made it clear in this bill that it overrode another piece of legislation, that would prevail. Whether you would get that past the government I do not know, but in principle you should be able to pass laws that say that no other law of the Commonwealth overrides this one and that would be valid.

Senator NETTLE —You are absolutely right. We are working off a document that says it is the other way around.

Prof. Fels —It is true that ASIO is different from the AFP. Also on the state and territory ones that you mentioned, again there is an interesting question as to whether or not you want to do anything in the legislation about state and territory police access, and whether you could constitutionally—I suspect you could constitutionally. There are tricky questions about whether, as a policy matter, you would want to override state police who may have serious matters where they need some information. Again, that would be up to the wisdom of the legislators.

Senator NETTLE —I agree with you that the parliament could ensure that there were restrictions on ASIO and other police forces to the database in this legislation. Following on from your previous comment to Senator Mason that you thought that there should be legislation that stipulated some limitations or restrictions on ASIO’s access, would you recommend that that be in this legislation?

Prof. Fels —Our main view has been that there be cross-referencing of legislation so that as far as possible the public understands what the particular rights of access of ASIO and AFP are. It is a bit beyond me to comment and say what the rules of the game should be; I am just pointing to a possible legislative mechanism.

Senator NETTLE —Thank you.

CHAIR —I might follow up on that comment. You have spoken about ASIO, the AFP and now state and territory police forces. Just in general, we had evidence from Professor Greenleaf on Friday in Sydney, who argued that the Privacy Act was not an adequate protection to the privacy of information on the register. This is not just including law enforcement agencies such as the AFP or ASIO, but more generally. Professor Greenleaf attached to his submission a whole list of information gathering powers from APRA, ASIC, the ATO, Centrelink, the ACCC—I note!—and so forth. These are quite comprehensive information gathering powers. He mentioned section 11.1(d) of the privacy principles, which is that ‘disclosure is required or authorised by or under law’. He said: ‘This is the exception that is capable of driving a pick-up truck through the register. The government has tried to hide it.’ I do not know about that. That is pretty colourful language, but his general thesis was that, with those sorts of powers in other legislation, all sorts of bodies might have access to the new databases. What is your view on that? Is the Privacy Act simply insufficient? You have considered that it might be in relation to ASIO and the AFP, but is it in relation to all of these other bodies as well?

Prof. Fels —I hesitate to give a legal opinion on it. Again, you would be best to ask the department what they think of it. Regarding the ACCC aspect of it, that is civil law. I know it is popularly thought of as criminal because of fines, but it is essentially civil. I would be a bit surprised if the ACCC and APRA had access to this data.

—What about the ATO?

Prof. Fels —The ATO?

—They are our next witnesses.

Prof. Fels —Maybe you could ask them. It has generally been said all the way through that the ATO does not get in on this game, but when you put the question to me I would prefer that you get a considered response from the department.

—In relation to all of those bodies, I am asking you because I do not know the answer. We have received this submission from Professor Greenleaf and, again, I am just not sure of the veracity of it. I am not saying it is incorrect, I just do not know.

Prof. Fels —I am not sure. I was going to make the comment that there is already data matching by the ATO for social security purposes under the data matching act with a protocol approved the Privacy Commissioner. I had generally assumed that those set the limits on ATO and others in their ability to get into the system, but that should be clarified.

CHAIR —The committee would be interested to know whether these bodies have those powers in relation to this new database.

Prof. Fels —Yes.

CHAIR —As I said, it goes back to the more general question as to whether the Privacy Act is sufficient protection.

Prof. Fels —Maybe the legislation could impose specific limits so that access could only be for the stated purposes of the card.

CHAIR —Yes. That is not a bad suggestion.

Prof. Fels —There could be something along those lines.

CHAIR —The committee will think about that.

Senator STOTT DESPOJA —But obviously that would not cover ASIO and AFP—it is different from law enforcement. Is that what you mean?

Prof. Fels —Yes. I have the AFP and ASIO in a different box from all the others that have been mentioned.

Senator STOTT DESPOJA —The Privacy Act would override that anyway, so in those exceptional cases in the Privacy Act, apart from IPP 11 dealing with the law, there would still be room for other legislation to override this legislation anyway. But anything that prescribes the purposes and the access is a good start by me.

CHAIR —I would like to go to one other issue that Professor Greenleaf raised the other day. It is in relation to clause 57 of the bill, which covers unauthorised copying of access card number, photograph or signature. He argues that section 57 does not prevent electronic copying of the information on the chip; it prevents simply copying what is on the surface of the card. Again, this has been raised by one other submitter, but do you know—

Prof. Fels —I do not know the answer to that.

CHAIR —Are there any further questions?

Senator FORSHAW —I think that what I am going to raise with you has not been raised by other senators, but unfortunately I have had some other commitments and have not been here for the whole hearing. An area of concern amongst a range of areas of concerns that I have relates particularly to the operation of clauses 45 and 46. I have raised it with a range of other witnesses today, but I am still unclear. Currently a person—for example, a senior citizen—can produce their senior citizens card or something equivalent to that to obtain concessions and discounts out there in the private sector. It is very widespread, as you know. The explanatory memorandum and those two clauses of the bill go to this issue that you start from the premise that with this card there is a prohibition on it being required to be produced unless it is for one of the lawful purposes, which is a complete reverse of what currently applies with all other cards. It starts from that premise and then states that there are exceptions to that. I quote the bill:

For example, some service providers provide some of their services at discounted rates to pensioners or to persons who are entitled to particular kinds of Commonwealth concessions. Subparagraph 46(1)(d)(i) is intended to ensure that these service providers can continue to provide these discounted rates to persons who are entitled to the relevant concession.

What is troubling me is that the current system seems to work fairly well, because simply showing the card, which identifies the person and their status as a pensioner or whatever, is sufficient—they get their cheap movie ticket or whatever it is. This is going to be a different process because the definition of and provisions for exceptions in that section are very loose. It is an indefinable class that potentially can require the production of the access card in those circumstances.

I am interested in what comment you might make about that type of regime now being set up, which presumably would become widespread, and how people are going to know—not just the cardholder but the business—as to whether they are in or out and whether they can do it or not. It also says that it is not an offence to require them to produce the card, but the card does not indicate, on its surface at least, that the person may have the status of a senior, pensioner or whatever, so you then potentially have to read the card. That opens up a whole new area. Are all the retailers and everyone else going to have these readers and is that going to enable them to access information that they should not otherwise get? Should we have a system whereby a card which is intended to be primarily an access card for accessing Commonwealth benefits is able to be used through an electronic process as some form of identification for other purposes? I am sorry about the longwinded commentary, but do you see what I am getting at? It really troubles me that there are no defined boundaries in a lot of this.

Prof. Fels —It is a philosophical issue. The technology is available so that it can be an access card for government services and have these other uses. We want to maximise the beneficial uses without generating bad uses, like it becoming a compulsory ID card or something like that. In some respects, technology comes to our assistance in this regard because, as you have implied, the readers may have the technology which means that they simply give a yes or no answer on whether the cardholder is eligible for the benefit without revealing the other data held on the card. That is the general idea behind it and apparently the technology is there.

Senator FORSHAW —That is what we have been told—sort of! We have also been told that you can possibly buy these readers at Dick Smith’s, or somewhere like that, and it may be that somebody very quickly develops some mechanism, software or system whereby that is overridden. That is one concern.

Prof. Fels —Horror stories abound with new technology.

Senator FORSHAW —Overlaying all of this, it seems to me that we are undertaking a huge task to move from a simple production look at the card that has the data on it and away you go, to what seems to be in some ways a more sophisticated system that is going to operate in these sorts of circumstances.

Prof. Fels —If they are not already covered, you could make some of these abuses that you have in mind an offence under the law, either now, if you know what they are, or in future.

Senator FORSHAW —These sections do go to that, but this then leads to the question of really how realistic and how effective those offence related sections are going to be? At the end of the day, when people are used to the production of the old card, how are you going to ensure right across this country that you are not going to have the same pattern develop? It defeats the whole purpose of the concept of it being restricted to primarily an access card for government benefits. It is a conundrum in many ways.

Prof. Fels —Yes. The sanctions under the law are quite strong and I would have thought they are likely to have a fairly strong deterrent effect in themselves. There is a quite strong set of sanctions such that you would think twice about mixing it with this set of laws. That is a bit of a safeguard. Again, when you have a card brought in for access purposes and then it happens to have these other beneficial uses, it is hard to deny making some of them available.

Senator FORSHAW —Yes, but there are any one of a number of propositions that can be advanced. It is not my task to do that, but one that we have heard from the Department of Veterans’ Affairs is that, in their area, the problem is probably overcome by information being on the card about their status. It will be a particular colour and it will have what is on there now. I do not hear that being said in regard to seniors. We were debating earlier the question of date of birth and so on.

Prof. Fels —These are difficult matters. Balancing acts are required in regard to quite a few of these decisions.

Senator FORSHAW —The other option is that you continue to have more than one card, but I am not asking you to support that. Thank you.

Senator MOORE —I am struggling with community awareness and understanding of what is going on. From what we have heard over the last couple of days it seems to me that your group has taken on the public face of the card. I have asked most of the people that have come before us about how they have engaged in the process and most of them have said that they made submissions to your group. From their perspective, that was how they got their views into the process. Leading on from that—and I know that people in your office will be looking at the Hansard to see what people said—there was also a view from people, who had particular concerns about quite specific issues on how it is going to work, that they did not get any answers. It was probably a case of it being the people who bother to make submissions are the ones who have the interest and the questions, but we have been seeing over the last couple of days people who are quite knowledgeable with long histories in the area of privacy and community awareness and who have given submissions to this group and also to yours. Most of their questions, as they presented to us, remain unanswered. I checked the website to see when you were set up and what you were set up to do and my understanding is that you are independent—that goes all the way through the process—and you were set up to address concerns over privacy issues related to the development of the access card. The ball was clearly in your court. Was it your role to answer the very specific questions such as, ‘How will this work?’, ‘Can it be copied?’, ‘Will it have creep?’ and some of the other things that come out? I do not mean you personally.

Prof. Fels —It is basically the role of the government. We have said that they have to gain the confidence of the community in this card by means of very full information and transparency and by a fairly big publicity campaign about what is involved in the card and so on, because public confidence is essential. As you are implying, this is a difficult question that you are raising. It is the primary responsibility of the government to explain things. When we consult with people, we give them information about our understanding of what is planned for the card. It is our responsibility to try to find out for ourselves what is involved in the card because it affects our recommendations. Also, there are a number of questions where the technology answer has to be known; there are certain ways out of some of the awkward problems that we are hearing about if we have really good technology. So we ask questions, but the short answer is that it is the government’s job to explain the card. We have had about 150 submissions and about 140 consultations, with another round coming up, on the registration paper, and our job is to reflect that to the government, including the fact that people do not understand it. We have mentioned in reports that, particularly in the early days, public understanding was pretty limited, as we all know. When we pick that up fairly strongly, even from the relatively well-informed groups that appear in front of us, we try to pass that on to government.

Senator MOORE —I will not get into the technological area because I just cannot. Listening to the evidence, we have heard that some people had philosophical objections. That was clear in the way they presented and what came through. But underneath the philosophical issues, we have had really evidence from a number of people, such as that they do not think this will work because of certain reasons and they have asked, ‘How will this work?’ The Hansard of the evidence that we have had in the last two days contains quite specific questions. I have asked each time, ‘What have you got back?’ Consistently the answers that we have got back from people from different groups, and also on electronic issues, is, ‘We have not got any answer back.’ For my own peace of mind, and also for the process, I am trying to find out whose responsibility that is. They gave submissions to your group saying, ‘These are our concerns about the privacy aspects.’ Looking specifically at your job description, it deals with the issues around privacy. Yesterday someone from Electronic Frontiers Australia gave very detailed evidence about technologies here and overseas and about whether they would work and whether you would be able to put blockers and things like that on it. Did you give those submissions to the government in toto and then to the department?

Prof. Fels —Yes. All of the submissions are public. There may be a few for which they claim confidentiality.

Senator MOORE —Was it your understanding that the department would be getting back to people if they had particular issues?

Prof. Fels —I know that the department has been through all the submissions and had a careful look at them.

Senator MOORE —Sure. The crux point is: from your point of view in doing the work that you were doing as the public face of the process, did you think that these people would be getting a response to their issues?

Prof. Fels —From the department? I am not sure. I do not quite know the answer to that.

Senator MOORE —I will definitely be asking the department as well.

Prof. Fels —I do not think the department is issuing line-by-line responses to submissions or queries that come in through submissions to us. We try to pick up virtually all the issues that are raised and in some way address them.

Senator MOORE —Senator Mason referred to the evidence that we had in Sydney from Professor Greenleaf. In terms of process, there were very detailed longstanding issues about exactly how a process would operate in his submission.

Prof. Fels —Yes.

Senator MOORE —He gave us the understanding that he had given that information to your group.

Prof. Fels —Yes, that is right.

Senator MOORE —He also gave us the understanding that he had given that to the department.

Prof. Fels —Yes.

Senator MOORE —At this stage in our deliberations, when we are looking at the threshold issue before the first round of legislation comes, I would like to know the answers to the questions that he is raising. If they are without substance or if they are perhaps for a future discussion, I would like to know that. But to the best of my knowledge I have not got answers back on those issues that were raised by him and by Liberty Victoria yesterday, who made quite specific statements about the evidence that they had given to different groups. I want to clarify that before I speak to the department your role in that.

Prof. Fels —Yes, that is right. I will make one extra comment. While it is the responsibility of the department, it is also true that we wade through all of these submissions. With some of them, like Professor Greenleaf’s, we have tried to pick up where we think he is on to a substantial point.

Senator MOORE —In your opening statement, you alluded to a number of papers that you have in train. Do we have expected dates for those—in particular the governance paper?

Prof. Fels —The governance paper will be later on. It is probably the last one. I will give you an indication of the thinking. We are aiming for the governance paper—which is almost at the end of the line—to coincide with the second tranche of legislation.

Senator MOORE —Do we know that date?

Prof. Fels —I do not know what the date of the second tranche of legislation is. Maybe the department does.

Senator STOTT DESPOJA —The department would not tell me, but we will try again.

Prof. Fels —I am sure the new minister will make up his mind very quickly.

Senator MOORE —This is another philosophical issue, in that the governance of the process seems to me to be the threshold to the whole process. I understand what you said in response previously about the timeframes in which you are operating. It seems like we are passing something before we know how it is going to be governed. That is concerning, and that point has been raised on other days. I have quite a specific question on the evidence that you gave earlier about consumer choice, which has come up consistently in terms of giving people the ownership and consumer choice. It seems to me that the threshold to that is having informed consumer choice.

Prof. Fels —Yes.

Senator MOORE —It is my understanding that the department/government has worked out a process for how they are going to engage the community, and an idea that it is going to be quite a short-term interview with a photo and all that kind of stuff. That is all to do with budget and so on. I am unclear as how we are going to be able as a government to inform people thoroughly and individually about all the things that they have to know about before they sign up to this. We have been told that it is not compulsory, but it is if you want to have social welfare payments or Medicare, so it is kind of fallback compulsory. Interestingly, many of these threshold things—such as the signature, the photograph and the ID number—could, from the stuff you are giving to the government ,well be consumer choice. We do not know yet what their decision will be. Having the card is a consumer choice. The second bit is what you are going to have on the card. If your recommendations are taken up, there could be another series of consumer choices.

Prof. Fels —Yes.

Senator MOORE —Has your group given any thought as to how that consumer choice could be informed?

Prof. Fels —No, we have not gone into that in detail. We have said along the way a few times that the issue you raise is very important, both the most general thing about informing the community but also in terms of the choices that have to be made. I have to say, in fairness, that the Department of Human Services has been working quite hard and—as far as I can tell—intelligently on thinking through all the issues involved in the physical side of registration. That has given me more confidence that they will come up with some fairly substantial measures to try to address your concerns on the public relations side and on informing the public. But that is just an expression of confidence. I do not lack confidence that they are going to make a serious effort. One of our very first recommendations was for a major public education campaign in multiple languages, plus online information, to assist with registration and understanding. There will probably have to be some kind of system under which there are different layers of information, some for people like Dr Greenleaf who want to know everything and others for those who just want to have a more shallow take on what it is roughly about.

Senator MOORE —Is there any expectation that your task force will have any ongoing role in giving advice about how that would operate, now that you have made your recommendation? Is there any consideration that the knowledge that you have gained by the work you have done could be used in the information campaign?

Prof. Fels —From memory, my general understanding from Mr Hockey when he appointed me was that it was initially for a couple of years and possibly for a couple of years after that, particularly during the registration period. In regard to recommendations on public information, at the moment we are sticking to slightly general exhortations to the government to address these things. We are emphasising the huge importance of that point that you were making, which is that if people have a choice there will have to be a serious attempt to educate the public and a huge amount of public discussion. We also recommended that the Privacy Commissioner should have a role in the development of public information and drawing up forms and so on.

Senator MOORE —I am sorry I missed the Privacy Commissioner’s evidence, but I would have thought that would have been a threshold part of their job in terms of the process. But I saw that recommendation. You agree that they should have a role. Thank you.

Senator WATSON —I would like to take you through an everyday situation in a pharmacy. A lady goes into a pharmacy and gets a PBS script that is dispensed by the pharmacist and is then handed over to a dispensary assistant to do the computer work. Cash is collected from the lady, and she says, ‘How far do I have to go to get to my concessional limit?’ In providing that information to the client, does that dispensary assistant have access to who the other doctors she has seen are—other professionals, chiropractors, optometrists, physiotherapists and so on—or is there a blockage?

Prof. Fels —There would be a statement about the financial position, but there would not be a general linkage to Medicare type information. It is more specifically confined to the transaction, as I understand it, and the pharmacy end of the transaction is not linked to wider Medicare details.

Senator WATSON —It is just confined to the PBS side?

Prof. Fels —Yes, that is my understanding.

Senator WATSON —This is very important, because in terms of health professionals there has to be a blockage at each stage; otherwise you are going to run into very significant privacy issues.

Prof. Fels —Yes, indeed.

Senator WATSON —Because the people that you are dealing with are not the doctors or the pharmacists. You are dealing with their assistants, their cashiers or their bookkeepers and just a simple unintended scrolling could, if we are not careful, reveal a whole host of personal information about whether somebody is suffering from diabetes or heart problems, has a football injury or all sorts of things. Have people raised this issue with you?

Prof. Fels —Yes. I will say something, and you may also wish to raise this with the department.

Senator WATSON —I raised it yesterday and one of the expert witnesses said that you might even need a separate PIN for each service to ensure that there is a complete blockage, which I thought would make the whole thing completely impractical.

Prof. Fels —My take on it has been that the technology allows the isolation of different uses of the card. If it is for pharmacy, then nothing else comes into it. If it is for Centrelink, nothing else comes into it. The ultimate one, just for your interest, is, say, transport concessions or something: there might be a reader that just does this very limited thing that says, ‘Yes, you are eligible for this concession,’ and there is nothing else to it—that is the one bit of information that you can get from that reader.

Senator WATSON —You are saying that, for the pharmacy person who collects the cash and does the necessary entry, the information can be blocked and they can see prescription items only?

Prof. Fels —That is my understanding, and I will correct it if I have got it wrong.

Senator WATSON —Could we get that clarified, because it is a very significant point. The other thing is: even if you limit it to pharmacy items only and the client asks, ‘How much further can I go before I reach the end of my concession,’ would the names of other pharmacies that provided services during that build-up also be in there?

Prof. Fels —My impression is that they would not be. The pharmacy that you go to would not know that you have been to another pharmacy, and in general the card will not be linked to electronic health records. It is a general point: the card will not be linked to electronic health records.

Senator WATSON —The card will contain information about how far you are up the concession list, though, to have that prescription dispensed.

Prof. Fels —There is a lot of data within agencies, and not that much on the card. I went into Medicare a while ago to check the system.

Senator MOORE —How long did you have to wait?

Prof. Fels —I did not take in my card or anything. They have huge amounts of information on you as to which doctor you have visited and all of that.

Senator WATSON —That is right.

Prof. Fels —That is of course held separately from this card. The card has limited information on the face and a bit more in the chip, and there is a bit you may want to put in, which you will control, and then the register more or less just reflects what is in the chip. It does not pick up the millions of transactions that you may or may not have done with Medicare, Centrelink or Veterans’ Affairs.

Senator WATSON —I am trying to confine my question to a simple case, just to the health area, because I think there is a lot more information supposedly on the chip than you have suggested to me. You are suggesting that all this information is on the register, say, within the PBS system?

Prof. Fels —Yes. Generally—

Senator WATSON —Can you get a clarification in this particular case of the sort of information on the chip that can be accessed by a reader? Once it is on the chip you can access it by a reader unless there are very sophisticated blockages.

Prof. Fels —Yes. The information on the chip is set out specifically in the bill. Indeed, we thought it was quite important to recommend that the law should say what is on the chip, no more and no less, so you can get a guide to what is on the chip by carefully reading the law and also the guidance in that. There is not much about individual transactions. Yes, the individual transaction stuff go to the agencies and so on. There is a lot of that.

Senator WATSON —I do not have a problem with that.

Prof. Fels —There will not be a national storage system introduced now to pick up all of this information. The card is a mechanism, I suppose, to give you access to these benefits, and then, broadly speaking, there is enough information to facilitate your access. But the information on the card is not meant to be a record of what you are doing with a doctor or a pharmacist.

Senator WATSON —Thank you for that clarification, because we were advised otherwise yesterday by a so-called expert, who indicated that you would have to have separate PINs.

Prof. Fels —I see. I think that is not quite correct. I would suggest that you confirm that with the department.

Senator FORSHAW —That is not my understanding. My understanding is that the proposition that you should consider having separate PINs was to ensure that, where there needed to be access through use of the access card to one area and not another, you could have a series of PINs that would allow you to get into the Centrelink one here and into the Medicare one there. That is what I understood.

Senator WATSON —You could have 17 different cards and 17 different PINs.

Senator FORSHAW —Not necessarily. For most people it would be about three. I am not saying that I support this; I am just saying that was my understanding. If you go to an ATM and use a MasterCard, you might be able to access three or four different accounts or any number of accounts, but the command that you have to put in is a different command each time, if you like. It is very simple, but you have to designate. You cannot just press one button and get all of the information about all of those accounts. You have to work your way through.

Senator WATSON —Yes, you can.

Senator FORSHAW —No, you can’t.

Senator WATSON —You can get all your account balances.

Senator FORSHAW —Each time you have to do a separate transaction. If you want to use your Visa card to access your savings account, there is a separate process to access your Visa, to access Mastercard or to access any other linked cards. The one keycard may do the lot, but as you go into each one of those associated accounts, each one is a separate process. The machine asks if you want to do something else with it.

Prof. Fels —The card has flags to allow access to Medicare, Centrelink and the DVA, but you cannot access all through one number. The PIN is only for the customer controlled bit of the card. We have got a discussion paper out now that goes into the emergency and health data. In general terms, what we have raised is that the minimum information that is absolutely needed in an emergency should be in the card and there should be a big emphasis on minimising that information, because all sorts of people can get access to it. There is then another bit that is PIN controlled, if you want it to be—and most people would have a PIN control—where you have more personal data on it. For example, someone might want to have a few extra pieces of personal information, including medical, in their part of the card and that would be PIN protected so that, if the person is caught in an emergency, they cannot bust into that stuff; what they can do is bust into the core information that is relevant to an emergency, which information we are discussing with the Australian Medical Association and others at present.

Senator FORSHAW —Yesterday we heard from the Australian Bankers Association, and I am trying to recall precisely their concern. It related to, as I recall it, their concern about their right to be able to photocopy access cards and retain that. There are statements in the explanatory memorandum specifically to deal with banking because of their other obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. I think I recall that they may have raised this with you.

Prof. Fels —Yes.

Senator FORSHAW —They still had their concerns yesterday.

Prof. Fels —They may not get everything they want at the ABA, because privacy issues are fairly paramount. Also, we believe that they do not need to copy data for the money-laundering act and that kind of law. They may have claimed that they do. The advice we have had is that they do not need to copy the data for the money-laundering act.

Senator FORSHAW —Could you have a look at their comments from yesterday and, if there is something further, could you come back to us?

Prof. Fels —We will come back to you on that.

Senator FORSHAW —Obviously, they are one of the major sectors of the economy where people would be providing this card as a form of ID, either voluntarily or otherwise.

CHAIR —Are there any further questions for Professor Fels?

Senator LUNDY —I have the reference from that audit report that I would like to give to Professor Fels as well.

CHAIR —Do you want to refer to that publicly now?

Senator LUNDY —I did before. It is the implementation of the Whole-of-Government Information Technology Infrastructure Consolidation and Outsourcing Initiative audit report. It just references some of the specific privacy issues when looking at those previous major IT contracts of the Commonwealth government.

CHAIR —As there are no further questions, I thank Professor Fels and Professor Puplick for their attendance and assistance today. It has been very useful.

[4.52 pm]