My doctoral dissertation highlighted the significance of age as a key constituent of legal identity, featured on identity documents such as driver licences and passports and formal eligibilities such as 'voting age', 'drinking age', 'pension age' or 'driving age' (the latter being liminal for most Australians).
In the Netherlands there has been much attention to to litigation by Emile Ratelband, a sprightly 69 year old 'positivity guru' who is unhappy about age discrimination. The latest report from Associated Press claims that Ratelband unsuccessfully argued that his age was 'causing him to struggle to find work and love', something that could be remedied by striking 20 years off his registered age.
Last month Ratelband asked a court in Arnhem to formally change his birthdate to make him 49, arguing that his registered (and thus official) age did not reflect his emotional state and was causing him to struggle to find work and love. Ratelband claimed he did not feel 69. (I on the other hand sometimes feel 89.) He argued that his request was consistent with other forms of personal transformation that have legal acceptance, notably the right to change name or gender.
The court responded negatively, according to AP, noting that law in the Netherlands assigned rights and obligations on the basis of registered age, including the right to vote and the duty to attend school. Acceptance of Ratelband’s request would vitiate those age requirements. Ratelband did not demonstrate that he suffered from age discrimination, with the court commenting “there are other alternatives available for challenging age discrimination, rather than amending a person’s date of birth”. In Australia people often tweak their online persona - shed a few pounds and years, add a few centimetres - on online dating services used by individuals seeking love.
A media statement by the court reportedly indicated
Mr Ratelband is at liberty to feel 20 years younger than his real age and to act accordingly. But amending his date of birth would cause 20 years of records to vanish from the register of births, deaths, marriages and registered partnerships. This would have a variety of undesirable legal and societal implications.
The court reportedly acknowledged “a trend in society for people to feel fit and healthy for longer, but did not regard that as a valid argument for amending a person’s date of birth”.
In NSW the report by the Legislative Council's Standing Committee on Law and Justice regarding the
Road Transport Amendment (National Facial Biometric Matching Capability) Bill 2018 (NSW) notes 'issues raised by inquiry participants' in relation to that Bill and the
Identity-matching Services Bill 2018 (Cth), concerned with the biometrics 'Interoperability Hub'.
Chapter Two of the report states
Evidence from stakeholders focused on both the Road Transport Amendment (National Facial Biometric Matching Capability) Bill and the Commonwealth's Identity-matching Services Bill 2018 [noted here]. This is because the Commonwealth legislation provides the overarching framework for the new biometric face-matching services. It is therefore important to consider the Commonwealth bill when discussing the Road Transport Bill.
The NSW Council for Civil Liberties, Australian Lawyers for Human Rights and the Law Society of New South Wales all raised concerns with the legislation, including that:
- facilitates the ability to provide information to local government and non-government bodies and is inconsistent with the Intergovernmental Agreement on Identity Matching Services
- contains ineffective privacy safeguards
- could be seen as creating a virtual identity card and may facilitate profiling.
These issues will be considered in turn in the following section.
Access for non-government and local government bodies
While the NSW Council for Civil Liberties agreed that the power to rapidly check the identity of an unidentified person of interest in a terrorist or public safety context is justified and proportionate, it argued that the current proposal goes well beyond these circumstances, with access 'provided to a broad range of government, local government and non-government entities for a wide range of non-urgent purposes'.
It indicated that the Commonwealth bill is open-ended regarding local government and non- government use of the service. The bill states that these bodies can use all identity matching services, if 'verification of the individual’s identity is reasonably necessary for one or more of the functions or activities of the local government authority or non-government entity'. This broadens access to the Face Verification Service from what was agreed to in the Intergovernmental Agreement. The Agreement stated that a private sector organisation must have a legislative basis or authority to access the Facial Verification Service.
The council therefore concluded that the Road Transport Bill should not proceed until 'major anomalies' between the Commonwealth bill and Intergovernmental Agreement have been resolved. It noted that Victoria and the ACT have not put forward corresponding legislation, reportedly because of privacy concerns regarding the sharing of information with non- government bodies.
The Law Society also stated its strong opposition to information being made available for commercial purposes.
Response to concerns
Mr Andrew Rice, Acting First Assistant Secretary, Identity and Biometrics Division, Department of Home Affairs explained that a non-government organisation, such as a bank, could never access the Facial Identification Service as this is for law enforcement purposes as prescribed by law. However a non-government organisation could gain access to the Facial Verification Service.
Access would however be limited to a query and response. An organisation would be able to query whether the information it had in relation to a person is the same as the information in the system. The organisation would only receive a yes/no response and would not be privy to further data on the individual. Mr Rice elaborated:
... they have the ability to pose a query. They have already captured the sensitive personal information and they have the ability to query the system and receive a yes or no answer. They do not receive that my mum's maiden name was X, they just get a yes or no answer.
Mr Rice confirmed that there were arrangements in place that allowed in some instances for private agents to be granted direct access to the interoperability hub as brokers. These private agents would then field queries from other private entities such as banks and provide an answer to them whether or not the Capability identified the person as the person asserted.
Mr Patrick Seedsman, Senior Legal Counsel, Roads and Maritime Services stated that 'each agency has ultimate control over what other agency accesses its data in the hub'. So a bank would need to make an application to Roads and Maritime Services to access its data. It is not a foregone conclusion that the bank would have access to the information.
The Information and Privacy Commission NSW advised that the Intergovernmental Agreement details the terms applicable for access by non-government organisation to the Facial Verification Service, including:
- searching or matching of facial image records on a ‘one to one’ basis to help verify an individual’s identity
- a ‘match’ or ‘no match’ response to queries as to whether an individual’s facial image and purported identity match a relevant government record
- use must be compliant with the Privacy Act 1988 (Cth), relevant state and territory privacy legislation and/or other applicable legislation
- an organisation must comply with the requirements of the participation agreement, including the Facial Verification Service Access Policy developed by the Coordination Group.
Mr Rice noted that the Victorian Government provided a submission to the Parliamentary Joint Committee on Intelligence and Security which raised some concerns with private sector access. He noted that the department responded that the 'bill was about futureproofing ... and it is still a decision for all the governments of Australia as to whether the private sector gets access to driver licences'. He noted that he is in close contact with Victorian Premier's department officials 'who have been at pains to say they are still with us and, indeed, are very close to being brought into our technical program for integration of their images'.
Privacy safeguards
The Australian Lawyers for Human Rights agreed with the aim of allowing identity-matching services to be used by government where there is a question of wrongdoing, while noting that such services must be surrounded by safeguards. It considered that insufficient safeguards have been adopted at the Commonwealth level, and no safeguards have been included in the Road Transport Bill. It argued that legislation which impinges upon human rights must be 'narrowly framed and proportionate to the relevant harm it addresses'. The Australian Lawyers for Human Rights indicated that in their view the Commonwealth bill does not strike the correct balance, and New South Wales should not provide information 'to be used for unspecified possibly commercial purposes through the hub or the Capability’.
Further, the Australian Lawyers for Human Rights argued that the Road Transport Bill should not be passed as it opens New South Wales citizens up to government surveillance:
The Federal Bills exempt the Federal Government from the normal operations of the Australian privacy principles and allow individuals’ personal and sensitive information, including biometric data to be used for any purpose the Federal Government may wish. The Federal Bills do not respect privacy but enable surveillance and exploitation. NSW residents should not be made part of these arrangements. Australian Lawyers for Human Rights was also concerned that under both the State and Commonwealth bills data can be obtained for one purpose, but used for other purposes:
It is a fundamental aspect of the Australian Privacy Principles that individuals should know the reason for collection of their personal information and that the information should be used only for that particular purpose or purposes. This fundamental concept is not honoured by the Identity-Matching Services Bill, which indeed specifically provides that data obtained for one purpose can be used for other purposes, with section 3 providing that: ‘The Department may use or disclose for any of those purposes information so collected (regardless of the purpose for which it was collected)’ (emphasis added). The information may also be shared with other countries, amounting to a substantial breach of personal privacy.
The Law Society was also concerned about the scope and reach of the Capability and the associated risks of unnecessary encroachment on the privacy of citizens. It stated that the Road Transport Bill does not include any assurances as to what controls or safeguards will operate to protect the personal information shared to the Capability. It recommended that the Road Transport Bill not proceed until a thorough public Privacy Impact Assessment is undertaken by the NSW Privacy Commissioner.
During evidence, Dr Lesley Lynch, the Vice President of the NSW Council for Civil Liberties noted that while she was assured the Capability will not be used for 'general mass surveillance' at this stage, it does provide the building blocks for close to real-time mass surveillance by government which could have very negative effects for our democracy:
The transformational element in the overall surveillance agenda is then enhanced capacity for close to real-time matching of unidentified facial images against a growing and eventually pretty large national database. The sources for these images, as we know, are many. CCTV is almost everywhere we go now; almost everybody has their own phone in their hands most of the time, their iPhone and so on and so on. This delivers a technical capacity for real-time mass surveillance of public gatherings as well as the terrorist and other public safety incidents.
...
If we are putting into place a capability which gives government the capacity for real-time surveillance, it is big stakes. And it is big stakes not just in terms of people's privacy; it is big stakes in terms of the nature of our democracy. I think it is a pretty incontrovertible historical fact that if you have that kind of surveillance you have a profound chilling effect on people's willingness to go to a demonstration if you know you could be picked up.
Dr Lynch stated that all aspects of the national database and the identity-matching and identification capabilities should be very tightly controlled to give maximum protection to the privacy of individuals who are not police suspects. The NSW Council for Civil Liberties asserted that there are no robust privacy safeguards in the Commonwealth bill and that there are weaknesses in the New South Wales privacy framework. It recommended that the Road Transport Bill not proceed until the Commonwealth bill is amended to include robust privacy safeguards.65 The council also considered that the Road Transport Bill should be subject to independent review every three years. The NSW Council for Civil Liberties also noted the substantial rule making power in the Commonwealth bill provided to the Minister for Home Affairs. The council argued that rules which have a significant impact on individual rights and liberties should be included in primary legislation. By deferring important decisions to delegated legislation, the level of scrutiny is reduced because there is little parliamentary oversight.
The NSW Council for Civil Liberties recommended that the Road Transport Bill should not proceed until the Commonwealth Act is amended to ensure that rules which will have adverse effects on individual liberties or rights cannot be made by the Minister for Home Affairs. Stakeholders also expressed concerns about the timing of the Road Transport Bill.
The NSW Council for Civil Liberties argued that it seemed 'premature to pass cognate legislation at a State level when the precise parameters of the Face Matching Service and much other detail, have not been settled within the main legislation'. The Law Society also expressed concern that the Road Transport Bill is being advanced ahead of the passage of the Commonwealth enabling legislation. It noted that the bill is proposed to commence on assent, potentially ahead of the commencement of the Commonwealth bill and associated privacy and security safeguards foreshadowed in the Intergovernmental Agreement. The NSW Council for Civil Liberties and The Law Society both considered that the Road Transport Bill should not proceed until the Commonwealth bill has been enacted.
Virtual identity card
Some inquiry stakeholders likened the Capability to a virtual identity card. The NSW Council for Civil Liberties informed the committee that this proposal has quietly evolved over the last decade following failed attempts by governments to introduce identity cards in Australia: This proposal is not a sudden development. It is the latest iteration in the development of a national facial recognition identity framework and system which have quietly evolved over the last decade or so. In 1987 and in 2006 the Federal Government attempted to implement national identity schemes – most memorably, the Australia Card and then the Access Card. These aimed to provide administrative efficiency but the perceived threat of increased government monitoring and surveillance and loss of privacy and the right to anonymity generated solid resistance from civil society. Neither was implemented and it was reasonable to assume that, given the strength of community opposition, future Governments would be wary of trying again.
The NSW Council for Civil Liberties argued that the 'combined scope and capacity of this national identity matching framework will provide a far more powerful identification and surveillance tool than would have been delivered by the Australia Card'.
Legal practitioner Ms Valerie Heath noted that in 1987 the Australian people rejected the proposed introduction of an Australia Card identity document. She stated that the introduction of a 'national virtual identity card system' is significant, and there should be a wider public policy debate to discuss the ramifications.
The Australian Lawyers for Human Rights also indicated that the arrangements in these bills are being advanced 'with no real public consultation, despite the well-known opposition of a majority of Australians to any national identity card system'.
Profiling
Some inquiry participants noted their unease that the incidental collection of certain biometric
data may lead to the Capability being used for racial profiling.
Ms Valerie Heath observed that the experience of existing systems shows that it is likely such a facility will emphasise identifying, monitoring and detaining persons profiled as ‘risky’ and will include persons considered by law enforcement as demographically more likely to offend, leading to 'disproportionate targeting of indigenous Australians and other minorities selected by law enforcement for particular scrutiny'.
The NSW Council for Civil Liberties indicated that the Commonwealth bill specifically permits the collection of sensitive information. While this excludes the collection of information regarding racial or ethnic origin, health information and genetic information, the incidental collection, use or disclosure of this information is in fact permitted. The council explained that 'biometric information, by its nature, captures information about a person’s health, ethnicity and race and for that reason has been linked to inappropriate profiling'.
The NSW Council for Civil Liberties recommended that the bill not proceed until the Commonwealth bill has been amended to include a robust compliance framework, including transparency, independent vulnerability tests and mechanisms for responding to public complaints.
Response to concerns with the Road Transport Amendment (National Facial Biometric Matching Capability) Bill 2018
The Attorney General, Mr Mark Speakman SC, MP, addressed privacy concerns with the Road Transport Bill in his second reading speech. Mr Speakman stated that the Capability includes robust privacy safeguards, a compliance framework and independent oversight:
I reiterate previous statements from the New South Wales and Commonwealth governments that the Capability has been designed and built with robust privacy safeguards in mind, has been subject to detailed privacy impact assessments and data security assessments, will only be accessible by authorised agencies and by individuals within those agencies who are also appropriately authorised and have undertaken required training, and will be subject to a robust compliance framework and independent oversight at both the New South Wales and national level.
The NSW Government indicated that the Capability has been designed with robust privacy safeguards:
- each agency authorised to use the identity matching services will be bound by strict conditions about their use of the Capability
- the Privacy and Personal Information Protection Act 1998 continues to apply, with the exclusion of ss 9 and 10
- the Capability has strict authorisation, audit and training requirements; an established compliance framework to identify and manage misuse; and clear conditions on the parameters of permissible use of the different services within the Capability
- data would not be available to the private sector without the prior approval of the NSW Government.
The Information and Privacy Commission supported the government's views that the Capability was designed to include robust privacy safeguards. The commission indicated that it had been consulted by the Commonwealth and NSW Governments about the development of the Capability, the National Driver Licence Facial Recognition Solution, and the legislation. The commission noted its in-principle support for the bill's objectives, subject to appropriate privacy and security controls, and considered 'that the bill operates within the framework of relevant legislation and the State's privacy regime, including the requirement for legislative authority to collect, use and disclose facial images and other personal information'.
The commission supported the exemptions to the Privacy and Personal Information Protection Act 1998 proposed by the bill in order to facilitate New South Wales' participation in the Capability.
The Information and Privacy Commission also argued that under the Government Information (Public Access) Act 2009 (GIPA Act) there is a general public interest in favour of the disclosure of government information and submitted that the policy objectives in the bill are consistent with the object of the GIPA Act and the public interest.86
Response to concerns with the Identity-matching Services Bill 2018 (Cth)
Stakeholders also addressed concerns with the Commonwealth legislation. The Commonwealth Department of Home Affairs explained that the identity-matching services outlined in the Identity-matching Services Bill 2018 (Cth) have been informed by a ‘Privacy by Design’ approach, with a range of privacy safeguards built-in throughout the bill, as well as policy and administrative arrangements that will support the services. The department advised that all jurisdictions have been involved in developing these safeguards and will be expected to implement the policy and administrative measures.
Ms Samantha Gavel, the NSW Privacy Commissioner, outlined the extensive consultation that has taken place on the Commonwealth legislation:
It has gone on over a number of years ... The most recent one that I was involved in was in about March this year, a roundtable of privacy commissioners with the Department of Home Affairs to look more closely at some of the compliance documentation that underpins the scheme and also to have input into the latest privacy impact assessment that has been done. There have already been two done, as I understand it.
The Commonwealth Department of Home Affairs submitted that the Commonwealth bill has a range of privacy, accountability and transparency measures to ensure appropriate safeguards exist in relation to the use of identification information in the delivery of identity-matching services, including:
- restricting the kinds of identification information that can be collected, used or disclosed
- defining and limiting the scope of the identity-matching services that can be provided by
Home Affairs
- limiting the purposes for which Home Affairs may collect, use or disclose identification information to prescribed identity and community protection activities
- establishing an offence for unauthorised recording and disclosure of information by entrusted persons
- requiring the Minister to submit a report to Parliament on the use of the services each year.
According to the department, the Facial Identification Service is subject to particular privacy safeguards in the Commonwealth bill, including:
- limiting its use to a specific list of Commonwealth, State and Territory national security, law enforcement and anti-corruption agencies
- providing that it can only be used for the purposes of preventing and detecting identity fraud, law enforcement, national security, protective security and community safety.
The participation agreements (outlined in Chapter 1) also provides a framework within which agencies will negotiate details of data sharing arrangements, so that these arrangements meet minimum privacy and security safeguards in order to support information sharing across jurisdictions. The Commonwealth Department of Home Affairs explained that it will not have the ability to access driver licence or other identity information provided by states and territories, other than through the agreed data sharing arrangements.
The department informed the committee that, together with the Intergovernmental Agreement, these agreements include additional privacy protections that participating agencies need to comply with before obtaining access to the services, including:
- providing a statement of the legislative authority or basis on which an agency may obtain identity information through the face-matching services
- conducting a privacy impact assessment which includes consideration of the entity’s use of the identity-matching services
- entering into arrangements for the sharing of identity information with each data-holding agency it wishes to receive information from
- providing appropriate training to personnel involved
- conducting annual compliance audits.
In addition to the privacy safeguards, the Commonwealth Department of Home Affairs will remain subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to personal information that it collects, uses or discloses. This includes being subject to the Notifiable Data Breaches scheme under the Privacy Act, as administered by the Office of the Australian Information Commissioner. In responding to questions concerning 'bundled consent', Mr Rice committed to the Department of Home Affairs working with Federal and State colleagues to put in place appropriate consent arrangements, through the participation agreements.
In answering the committee about what purposes will Roads and Maritime Services be using the information obtained from the capability, Mr Seedsman responded that it was his understanding that Roads and Maritime Services does not have any present proposal to use information from the Capability.
Committee comment
Stakeholders were united in the view that the facial matching capability for the purposes of law enforcement, such as in the event of a terrorist attack or a siege situation, is a sensible and important measure.
However, the committee acknowledges stakeholder concerns raised during this inquiry. This process has provided an important opportunity for these matters to be aired and for government representatives to respond.
The committee notes that the Commonwealth bill potentially allows non-government organsations such as banks to access the Facial Verification Service. However, we note that this access would be limited to a query and response process and would not allow the organisation to access personal information it was not already privy to.
The committee acknowledges that the Commonwealth legislation has not yet passed and there is some uncertainty about what, if any, amendments may be made to it.
Many concerns were also raised that the bills provide inadequate privacy safeguards. On this issue, the committee notes that the participation agreement and policy framework surrounding the New South Wales and Commonwealth legislation form a major part of the privacy safeguards. In addition, extensive dialogue has been undertaken at all levels of government in developing this framework. Further the interoperability hub provides many of the same services as the current Document Verification Service. However it is much faster, more accountable and allows for the cross-checking of images.
Therefore the committee notes that the Legislative Council will proceed to debate the Road Transport Amendment (National Facial Biometric Matching Capability) Bill 2018, but that the government should use this opportunity to address key concerns raised by stakeholders.
We therefore recommend that when the Legislative Council proceeds to consider the bill that stakeholder concerns raised in this inquiry be addressed by the government during debate on the bill, primarily:
- the reasons why the Road Transport Bill is being considered before the Commonwealth legislation passes
- whether specific privacy safeguards should be included in the Road Transport Bill
- whether New South Wales will allow its agencies to enter into participation agreements
with local government and non-government bodies.