“Not in the national interest.” “Watered down legislation to the point where they can become ineffective.”
That was some of the abuse flung by Peter Dutton at his colleague Andrew Hastie’s Parliamentary Joint Committee on Intelligence and Security (PJCIS) in July. Yesterday, Hastie rose in parliament to kill off Dutton’s latest attempt at national security overreach. Insult parliament’s most important committee at your peril, it seems.
The PJCIS usually recommends improvements to national security bills and call for reviews down the track, but rarely knocks bills back. Yesterday, the committee unanimously told Dutton’s department to go back to the drawing board with the Identity-matching Services Bill 2019.
That should illustrate just how far Dutton and his Home Affairs Secretary Mike Pezzullo overreached in drafting the bill.
Get Crikey FREE to your inbox every weekday morning with the Crikey Worm.
The proposed legislation would enable Home Affairs to run a biometrics hub so that every security agency in the country — state and federal — and local councils and corporations can use facial recognition to obtain information, verify identity and prevent identity fraud and abuse, ranging from multiple drivers’ licences to identity theft.
It’s designed to give effect to an intergovernmental agreement to facilitate biometric data-sharing: police in one state could submit a photo of a suspect for a serious crime to the hub and use interstate data to identify them. State and territory governments could improve the accuracy of their identity records. Corporations could, with the permission of individuals, submit requests for identity verification to the hub.
Except, Home Affairs saw the chance to go much, much further, and lay the groundwork for another national mass surveillance mechanism. They did so by writing the bill so that there were virtually no safeguards and no restrictions on expanding the hub.
This was no sloppy drafting — it was a deliberate effort to establish a scheme that could, ideally, be endlessly expanded until every Australian could be identified instantly and remotely in public using databases and facial recognition algorithms.
- Omitted privacy safeguards from the bill. As the committee noted, “few privacy safeguards are currently set out in the IMS Bill. Rather, they are detailed in the [Intergovernmental Agreement], in the Explanatory Memorandum and in proposed Participation Agreement and Access Policies. None of these materials have the force or protection of legislation.” And so far, no one has seen the “Participation Agreement” or “Access Policies”
- Left out any protective framework in relation to the operation of the hub — there is no oversight mechanism like an ombudsman or parliamentary committee to ensure privacy, or that any restrictions are being observed by participating agencies.
- There’s no requirement to disclose if the hub is misused by agencies or individuals
- There’s no limit to how often, or for what purpose, security agencies can use the hub, meaning an agency like ASIO can submit millions of requests for facial recognition and compile their own database
- There is no warrant requirement for accessing the data of innocent people via the facial recognition process
- There’s no way to enforce the basic rule of Australia’s privacy protection framework, that personal information is only ever used for the purpose for which it is collected
- The kind of data accessed via the hub can be endlessly expanded by ministerial fiat, as can the list of agencies and bodies that can access it, and the rationale for accessing it is absurdly open-ended: “prevention of crime”, “community safety” and “road safety”, not to mention the endlessly expanding category of “national security”
- There’s no reporting requirement for how often facial recognition algorithms fail (tech companies claim it’s nearly 100% accurate; the real world suggests otherwise).
According to the committee, “a citizen should be able to read a piece of legislation and know what that legislation authorises and what rights and responsibilities the citizen has in relation to that legislation”. But “the IMS bill which has the potential to affect the majority of the Australian population … does not inform the citizen reader in this way”.
That’s why, unusually, the committee recommended a complete rewrite. They knew Home Affairs was trying it on to see what they could get away with, and knocked it back. It’s a repeat of the then-Immigration Department’s effort to sneak mass collection of biometric information into the foreign fighters bill in 2014.
The committee killed that off as well. Or as Peter Dutton might call it, “watered it down”. Another stellar moment for Australia’s most incompetent and malicious public service agency.
Are we set for more Dutton-Hastie showdowns? Will Home Affairs’ reach continue to be checked? Let us know your thoughts at email@example.com. Please include your full name for publication.