Monday, 27 March 2017

Australia Card Mark 3: Surprise! Without justification we will be collecting biometric data to create one centralised identity for each and every one of you and we will be retaining your metadata for an indefinite period at our discretion

The Turnbull Government received the Commonwealth Digital Transformation Agency (DTA) preliminary report, Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha, in December 2016.

The origin of this particular digital identity proposal was a recommendation by the Financial System Inquiry set up by then Treasurer Joe Hockey in December 2015, with an inquiry committee dominated by representatives of banks and the financial services sector.

This preliminary Privacy Impact Assessment is the latest step in establishing a single digital identity for each and every Australian citizen, with all the same privacy and security risks as the formerly proposed Australia Card and Access Card.

It is proposed that an individual’s digital identity information will initially be made available to federal government departments/agencies and later to state government departments/agencies that apply to join the TDIF.

As yet there is no underlying legal authority for the Trusted Digital Identity Framework, much of the security arrangements for this framework are apparently not yet developed and a full independent risk assessment has either not been completed to date or is not publicly available.

Cross-border data transfers of personal information held on Australian citizens may occur under this framework.

It is expected that complaints and correction requests may cause some difficulties in the TDIF because multiple participants may each hold part of the relevant data and responsibility for dealing with complaints and corrections may be difficult to determine.

On 24 March 2017 The Canberra Times reported:

The federal government is experimenting with a system that would allow Australians to use selfies to log onto Centrelink, Medicare and other Commonwealth services.

Prime Minister Malcolm Turnbull's digital re-invention agency is designing a system that would use "bio-metric" facial recognition technology to allow easy log-ins while protecting accounts from identity thieves.

The Digital Transformation Agency insists that no collection or data base of images would be built, the system would be voluntary and the strictest privacy safeguards would be in place.

But privacy activists are worried the idea is simply a high-tech version of the unpopular "Australia card" plan, resurrected more than 20 years after the national ID scheme was dumped.

The government is determined to improve to access to its services online, to save time and money, and to step-up the automation of many of its core activities, particularly in the expensive health and welfare sectors.

But security and privacy has been a huge issues, with many of the problems associated with the much-maligned myGov portal put down to the complex and glitch-prone log-in protocols……

A user of the proposed new system, after establishing their account, would log-in by scanning their traditional forms of ID and as a fail-safe against hacker and identity thieves, take a selfie and upload it from their mobile, tablet or computer.

Central [to] the architecture of the scheme would be an online "identity exchange", a portal that would confirm to a government agency, Centrelink for example, that a user's identity had been verified and cleared to use their account but would not supply the photo or any other data used to make the confirmation.

But talks with "stakeholders" including state and federal privacy authorities as well as online privacy campaigners, have begun to reveal the full complexity of the privacy problems facing the TDIF.

Many of those consulted were surprised they had not already heard of such a game-changing project  and questioned the motivation for the decision.

"Stakeholders queried whether due consideration had been given to the failure of previous centralised models in the Commonwealth identity field, such as the Australia Card and the Access Card," Galexia reported.

There were worries that various parts of the system "would obtain, over time, a large and rich source of personal data that will be attractive to third parties for surveillance...or subject to external attack (e.g. hackers), and  or subject to accidental breach."

"The consequences of surveillance or a breach were likely to be significant," Galexia noted.

""Some stakeholders predicted that, over time, each [agency] would collect biometric information (photographs) and contribute to the development of a national data set of photographs.

"Although there is no intention to retain photographs in the TDIF, and they are destroyed as soon as a verified match has been made, stakeholders believed that 'it was only a matter of time' before the system was changed and photographs were retained and shared."

A prototype of the TDIF system is expected to be ready for testing in mid-2017….

Key stakeholders consulted sometime in October-November by Galexia Pty Ltd for its 5 December 2016 report:

Australia Post
Australian Communications Consumer Action Network (ACCAN)
Australian Privacy Foundation (APF)
Commissioner for Privacy and Data Protection Victoria (CPDP)
Department of Finance, Services and Innovation NSW (DFSI)
Digital Rights Watch           
Information and Privacy Commission NSW (IPC)
Office of the Australian Information Commissioner (OAIC)
Office of the Information Commissioner QLD (OIC)
Queensland Government Chief Information Office (QGCIO)
Queensland SmartService (Digital Productivity and Services Division)
Service NSW

According to Galexia on Page 27 of its report:

In the consultation conducted for this PIA, the following views were expressed on this issue:

* Stakeholders questioned where the decision had ‘come from’ as it appeared to take nearly all stakeholders by surprise;
* Stakeholders queried the link between the decision to establish a single Commonwealth IdP and the recommendations of the Murray Report (which in part endorses the development of multiple IdPs in order to foster competition, choice and innovation);
* Stakeholders queried whether due consideration had been given to the failure of previous centralised models in the Commonwealth identity field, such as the Australia Card and the Access Card. Although stakeholders recognised some differences between those proposals and the TDIF in relation to the overall framework and the Identity Exchange, they viewed the decision to establish a single Commonwealth IdP as a ‘throwback’ to those earlier proposals. Even after detailed discussions and explanation on the details of the TDIF most stakeholders still viewed the single Commonwealth IdP as an updated version of the Australia Card / Access Card;
* Stakeholders were strongly of the view that such an important and far-reaching decision should have been the subject of extensive community consultation and debate, with many stakeholders calling for a public discussion paper and / or legislation; and
* Almost all stakeholders struggled to see any justification for the establishment of a single IdP – a common question was “what is the problem that needs to be solved?”.

No comments: