"Amendments to sections 166, 170 and 175 of the Migration Act will authorise a clearance authority, which is defined as a clearance officer or an authorised system, to collect and retain personal identifiers (specifically a photograph of the person‘s face and shoulders) of citizens and non-citizens who enter or depart Australia or who travel on an overseas vessel from one port to another within Australia. The amendments will also permit the disclosure of that information for specified purposes ... The amendments include new subparagraphs 166(1)(d)(ii), 170(1)(d)(ii) and 175(1)(d)(ii) that will allow an authorised system to collect other personal identifiers ..."Those other identifiers are to be prescribed by regulation. According to the EM, "other personal identifiers such as a persons‘ fingerprints or iris scan may be prescribed in the Migration Regulations". That is, the government could decide to give itself the power to collect fingerprints and retina scans of everyone entering and leaving Australia merely by regulation, not by legislation. Labor's Anthony Byrne, deputy chair of JCIS, pushed an official of the Department of Immigration and Border Protection to justify the new laws at a committee hearing last Friday. The official insisted there were adequate safeguards around the current database for personal identifiers (which is in essence facial recognition data) and sharing procedures, which were based on needing to have a reason to access the data, similar to accessibility of metadata. It wasn't enough to satisfy Byrne. "Do you think it might be a bit helpful, if we do approve this legislation, to have very, very strict terms and conditions in terms of who you can share this biometric-style metadata with?" he asked. "From my perspective," the official replied, "the protections lie in the reasons for the exchange. It is not so much in the organisations it can be shared with; it is the reasons for the exchange -- not for any general purpose but simply for the purposes of --" But Byrne interrupted him: "That is the same with metadata, and you can see how there has been mission creep all over that in terms of who can access that. If the bill ever comes towards the committee we will be looking at that very substantially. We looked at it at the previous committee. There were too many people who had access to it. So, my point to you is that if you have this really important information, you would need to be very clear about who you would share this information with -- and not just a series of ideas; you would need to stipulate and limit who you shared this biometric data with." Even more alarming is that the Immigration and Border Protection portfolio has a woeful record on data security. In February, in an astonishing security breach, the Department was revealed to have published online personal details about nearly 10,000 asylum seekers, potentially placing their lives in danger if they were returned to their home countries. This year, the department has also sought to cover up details of grossly inadequate health care services for detainees while confidential information has been leaked to News Corp tabloids for favourable coverage. Neither the provisions of the bill, nor the EM, nor the responses of the official attempting to justify them to Byrne address the fundamental concern about biometric data: that once stolen, leaked or accidentally transferred to unauthorised people, the damage can't be undone. Fingerprints and retinas can't be changed like a credit card number can, and a database of millions of Australians' and international visitors' fingerprints and retina scans will prove an irresistible honeypot not merely for other law enforcement and security agencies but criminals as well. Given Immigration's form, we may be lucky it doesn't simply publish them online for all to collect.
You can trust us with your fingerprints and retina scans, says Immigration
The government proposes to give itself the power to fingerprint and eye-scan every person entering and leaving Australia. And they couldn't have picked a worse agency to store the data.