We all know that reality can’t keep up with satire these days, but when even left-wing rag Crikey can see it, the clown car really has jumped the shark.
(I shouldn’t rag on Crikey too much, as it happens: sure, they’re a bunch of lefty wankers, but they’ve done the hard yards of building an independent media site, just as the BFD has done. So, I may not agree with their politics, but all credit to them. However, I digress…)
Just over a week ago, satirical Twitter ‘news’ page EZFKA tweeted that “Minister for Mansplaining” Katie Gallagher “says digital identity will help prevent data theft by centralising all your data in one location for hackers to steal”.
But, as Crikey’s Bernard Keane points out, that’s not even a joke.
Justin Hendry at Innovation Australia reported yesterday that a department official, Gudiya Riddell, said last week that corporations shouldn’t be holding identity verification documents because “biometrically [anchored] digital identities and digital credentials can help to limit the amount of personal information that an organisation collects by enabling an individual to share only the minimum amount of information needed for a transaction”.
Instead, home affairs could operate or nationally coordinate a biometric data repository that corporations would instead use to verify identity.
Boiled down, that means: “Let us put all your information in one place and let corporations get access to it.” There’s no way that could go wrong. I mean, it’s not as if Chinese Communist Party-linked companies have been buying up Australian medical firms as a way of getting access to the government’s My Health Record data.
No, nothing could possibly go wrong.
Crikey has come to the same conclusion I did a month ago: Labor is using recent hacking scandals as a Trojan horse to try and bring in by stealth the sort of national ID program Australian voters rejected so vehemently in the 1980s. A bad idea that the coalition tried to resurrect more recently.
That is exactly the idea put forward by Peter Dutton and home affairs secretary Mike Pezzullo in 2019 – which was savaged by the Andrew Hastie-chaired parliamentary committee on intelligence and security […]
The committee ripped the idea apart when home affairs drafted the proposal so widely as to allow myriad other uses for the biometric data, with no privacy safeguards or accountability requirements, no independent oversight and plenty of room for endless expansion of what data was included and the purposes for which it would be accessed.
In fact, various governments and Australia’s own Deep State have been trying to sneak the same idea in, more or less hidden in the open, time and again.
That reflected a longer-term ambition on the part of home affairs and its predecessor department, immigration. In 2014, immigration tried a similar trick as in 2019 – using legislation to sneak through a massive expansion of its powers. It proposed an unlimited power to keep biometric data on everyone entering and leaving Australia. Again, the intelligence and security committee stopped it, with Labor MP Anthony Byrne leading the charge against immigration bureaucrats.
Dutton then proposed a more voluntary border biometric data collection system in 2017, claiming it would enable much faster arrivals at Australian airports.
Now the hacks of Optus and Medibank Private are being used to justify another push for home affairs to become the one-stop shop for all your biometric data needs.
In the ’80s, even Labor’s own backbenchers ridiculed a national ID as a “Stalin Card”. Jazzing it up in the digital age is an even worse idea.
The risks of such a treasure trove of data are the same as they were nearly 10 years ago: home affairs has a woeful record on data security, a rotten record on procurement matters and it failed to implement the government’s own basic cybersecurity standards for many years (along with most other departments).
And once biometric data is stolen from home affairs or some third-party IT vendor obtained through one of that department’s many bungled procurement processes, the damage is permanent. You can get a new driver’s licence or passport; you can’t get a new fingerprint or iris.
Crikey
As Keane rightly says, the most obvious lesson from the recent data hacks is that the best protection for sensitive personal data is not to have it in the first place. Such an idea will send corporations and public servants into a spin, of course – which is all the more reason that it’s probably a good idea.
