Digital Rights Watch is recommending that the Australian government stop law enforcement agencies from accessing data under the proposed Digital ID legislation.
In a submission to the Senate inquiry into the Digital ID Bill 2023, the group raised concerns that digital ID could be used for mass surveillance and law enforcement.
Australian federal finance minister, Senator Katy Gallagher, put forward the national digital ID legislation to the Senate on the final sitting day of Parliament of 2023.
The bill has been referred to the Senate Economics Legislation Committee.
“While we appreciate that the Digital ID bill seeks to narrow the scope of disclosure to law enforcement that is permissible in the Privacy Act, we strongly oppose any repurposing of Digital ID data or infrastructure for surveillance purposes. No justification has been put forward for allowing such access.
“Individuals ought to be able to voluntarily use a Digital ID without any concern that doing so may later be used to enable mass surveillance. Such concerns undermine public trust in these systems.”
The advocacy group, which is registered as a charity, suggested that law enforcement agencies should be stopped from using digital ID data.
What is the Digital ID?
The Digital ID Bill 2023 (pdf) provides a formal legislative framework for Australians to verify their identity online via a single platform with both government and businesses, according to an explanatory memorandum.Already, Australians can voluntarily use a digital ID to connect with government services including MyGov, Centrelink, Medicare, and the Australian Tax Office.
However, the digital ID, which the government claims will be voluntary, will expand the Australian Government Digital ID System (AGDIS) for use by state and territory governments, as well as the private sector.
“Digital ID is a major economy-wide reform with significant economic, security, and privacy benefits for individuals and businesses,” the government said.
“The bill will provide for the minister to make rules to regulate the accreditation of other kinds of services in the future to account for changes in technology and the way in which digital ID systems operate.
Senate Committee Will Report By Late February
The Senate Economics Legislation Committee received submissions up until Jan. 19, after the Bill was introduced into parliament.This committee is due to report by Feb. 28. A public hearing will be held on Feb. 9 in Canberra.
In November, Senator Gallagher said the “voluntary bill” was about reducing the amount of information that was being held to verify your ID.
“That information is currently being held in a number of places. Every time you have to prove your ID, where you provide information to different organisations—this is about reducing that. This is in response to Optus. It’s in response to Medibank,” she said.
“The private sector wants it in place. They want it regulated. We have the system in place now, and we have private-sector ID providers who are unregulated. There’s no regulator.”
“What the government is trying to do here is to rush this through without proper scrutiny, without Australians being able to understand what the government is doing with their data, with their security and with their privacy,” he said.
One Nation Senator Malcolm Roberts proposed an amendment to extend the inquiry timeframe to May 14. However, this attempt was blocked by the Labor- and Greens-controlled Senate.
“The effect of this bill is to tie every Australian to a digital identity that unlocks services necessary for life,” he said.
Major Supermarket Throws Support Behind Digital ID
The government has received 97 submissions to the inquiry, including a “supportive” contribution from Woolworths.“We are keen to offer Digital ID as an alternative verification option for our customers as soon as we can safely and securely do so,” Woolworths said.
Tougher Penalties Needed
Digital Rights Watch also raised concerns the penalties for entities failing to comply with privacy and security obligations in the proposed legislation are too low.The group is suggesting the government raise these maximum penalties to “better reflect the gravity of collecting and handling individuals’ personal and sensitive information.”
“We note that the proposed penalties sit at 200 or 300 penalty units, depending on the conduct. As noted in the table on page 33 of the guide, this translates to a maximum penalty of $469,500 (US$306,000) for a corporate or government entity,” Digital Rights Watch said.
The group said the digital ID system must be “genuinely voluntary,” with practical non-digital alternatives available for Australians.
In addition, they said there is a need for the government to engage in meaningful consultation to build trust.
“While Digital Rights Watch is eager to participate in digital identity consultations to provide a digital rights civil society perspective, we do note that the extremely short timeframe of three weeks does not allow for genuine input from, or engagement with, many civil society and community concerns,” the group said.