Biometric facial map. The federal government is experimenting with facial recognition for users of its online services. Photo: Science Photo LibraryThe federal government is experimenting with a system that would allow Australians to use selfies to log ontoCentrelink, Medicare and other Commonwealth services.
Prime Minister Malcolm Turnbull’s digital re-invention agency is designing a system that would use “bio-metric” facial recognition technology to allow easylog-ins while protecting accounts from identity thieves.
The Digital Transformation Agency insists that no collection or data base of images would be built, the system would be voluntary and the strictest privacy safeguards would be in place.
But privacy activists are worried the idea is simply a high-tech versionof the unpopular “Australia card” plan, resurrectedmore than 20 years after the national ID schemewas dumped.
The government is determined to improveto access to its services online, to save time and money, and to step-up the automation of many of its core activities, particularly in the expensive health and welfare sectors.
But security and privacy has been a huge issues, with many of the problems associated with the much-maligned myGov portalput down to the complex and glitch-prone log-in protocols.
Improvements have been made to myGov but now the Digital TransformationAgency is working on a next generation online entry point that would ultimatelyallow a user to access about 1500 government entities with a single log-in.
The new project, the “Trusted Digital Identity Framework”, is a huge undertaking, according to an initial PrivacyImpact Statement,produced by consultantsGalexia.
“This is obviously a very significant decision at the Commonwealth level,” the consultants noted.
“TheTDIFis a complex program involving multiple Commonwealth stakeholders, possibly all States and Territories, plus the private sector.”
A user of the proposed new system, after establishing their account, would log-in by scanning their traditional forms of ID and as a fail-safe against hacker and identity thieves, take a selfieand upload it fromtheir mobile, tablet or computer.
Central the the architecture of the scheme would be an online “identity exchange”, a portal that would confirm to a government agency, Centrelink for example,that a user’s identity hadbeen verified and cleared to use their account but would not supply the photoor any other data used to make the confirmation.
Buttalks with”stakeholders” including state and federal privacy authorities as well as online privacycampaigners, have begun to reveal the full complexity of the privacy problems facing the TDIF.
Many of those consulted were surprised they had not already heard of such a game-changing project and questioned the motivation for the decision.
“Stakeholders queried whether due consideration had been given to the failure of previous centralised models in the Commonwealth identity field, such as the Australia Card and the Access Card,” Galexia reported.
There were worries that various parts of the system “wouldobtain, over time, a large and rich source of personal data that will be attractive to third parties for surveillance…or subject to external attack (e.g. hackers), and or subject to accidental breach.”
“The consequences of surveillance or a breach were likely to be significant,” Galexia noted.
“”Some stakeholders predicted that, over time, each [agency]would collect biometric information (photographs) and contribute to the development of a national data set of photographs.
“Although there is no intention to retain photographs in the TDIF, and they are destroyed as soon as a verified match has been made, stakeholders believed that ‘it was only a matter of time’ before the system was changed and photographs were retained and shared.”
A prototype of the TDIF system is expected to be ready for testing in mid-2017.