The Australian government has unveiled new details surrounding highly controversial changes to ‘anti-terrorism’ measures this week, including the introduction of a new national facial recognition system, following the Coalition of Australian Governments (COAG) meeting in Canberra last month.
The changes, outlined in draft documents released this week, describe the use of new ‘federated identity ecosystems’ (or ‘identity federations’) to share information between authorised agencies, including the introduction of a new ‘trust framework’ system to replace traditional legal processes.
On October 1st, following a mass-shooting in Las Vegas, it was confirmed that the Australian government would use the event to further push for an even tougher overhaul of current ‘anti-terrorism’ legislation at a special Council of Australian Governments (COAG) meeting in Canberra.
In the meeting, state leaders and ministers unanimously approved a counter-terrorism package that “enhances” public safety by increasing surveillance of private citizens – including utalising new national facial recognition capabilities – and removes longstanding rights for those suspected of terrorist involvement.
The overhaul will see all states and territories handing over driver’s licenses and passport photos for a national identification database, allowing for real-time facial recognition when matched to state CCTV footage, bypassing current state restrictions and laws on obtaining such information.
FACIAL RECOGNITION SYSTEM
Following the COAG meeting in Canberra in October, it was revealed that government officials had agreed to establish National Facial Biometric Matching Capability systems, and signed an Intergovernmental Agreement on Identity Matching Services to outline the changes.
The documents revealed the new system “will make it easier for security and law enforcement agencies to identify people who are suspects or victims of terrorist or other criminal activity, and prevent the use of fake or stolen identities — which is a key enabler of terrorism and other serious crime”.
Under the Agreement, agencies in all jurisdictions will be able to use new face matching services to access passport, visa, citizenship and driver licence images – while attempting to maintain robust privacy safeguards.
PART I – FRAMEWORK
Today, details of the framework have been revealed under the Trusted Digital Identity Framework Structure and Overview, where accreditation for the “identity federation” will be based on a ‘Trusted Digital Identity Framework’ rather than traditional service level agreements (SLAs) in order to provide ‘more transparency and scale’.
The 14 draft documents, published on the Digital.gov.au website, include the following:
- Trust Framework Structure and Overview
- Trust Framework Accreditation Process
- Privacy Assessment; Core Privacy Requirements
- Core Protective Security Requirements
- Core User Experience Requirements
- Core Risk Management Requirements
- Core Fraud Control Requirements
- Digital Identity Proofing Standard
- Digital Authentication Credential Standard
- Information Security Documentation Guide
- Risk Management Guide.
The new ‘Trusted Digital Identity Framework’ refers to how citizens’ digital identity information must be managed, which is said would sit alongside the current Govpass digital platform.
“The framework sets out a nationally consistent approach to how digital identity will be managed,” Assistant Minister for Digital Transformation, Angus Taylor said on Thursday.
“This includes documents outlining how providers will be accredited, privacy, security, risk, and fraud management requirements, as well as standards for usability and accessibility. The framework sits alongside the Digital Transformation Agency’s Govpass technology platform, which is currently in private beta.”
“It provides the required structure and controls to deliver confidence to participants that all accredited providers in the identity federation have met their accreditation obligations and as such may be considered trustworthy.”
The Trusted Digital Identity Framework Core Privacy Requirements [PDF] outlines privacy requirements that must be fulfilled under the trust framework, with companies handling such data must have a “privacy champion” with overall responsibility and accountability for privacy.
The Trusted Digital Identity Framework Core Protective Security Requirements [PDF] covers the minimum security controls that applicants must provide for an identity system, including the applicant undertaking an active role in protecting their identity service.
Other key documents include the Trusted Digital Identity Framework Core Risk Management Requirements [PDF] and the Trusted Digital Identity Framework Core Fraud Control Requirements [PDF], which both define the controls for preventing, detecting, reporting, investigating, and supporting the victims of fraud.
Finally, the Trusted Digital Identity Framework Core User Experience Requirements [PDF] ensures an applicant’s identity system is “simple and easy for all to use”.
PART II – FACE MATCHING
The new framework for Australia is set to be active by mid-2018 in Australia, with all jurisdictions able to use new ‘face matching’ services within the framework to access passport, visa, citizenship and driver licence images shortly after.
The Face Verification Service (FVS) is a one-to-one, image-based verification service that can match a person’s photo against an image on one of their government records (such as a passport photo) to help verify their identity. Often these transactions will occur with the individual’s consent.
The Face Identification Service (FIS) is a one-to-many, image-based identification service that can match a photo of an unknown person against multiple government records to help establish their identity. Access to the FIS will be limited to police and security agencies, or specialist fraud prevention areas within agencies that issue passports, and immigration and citizenship documents.
Under the plan, companies using the FVS within the Trust Framework would collect a facial image of their customer and send it to the “Biometric Interoperability Hub”.
The hub then uses the national database to check the photo against an image on one of their government records, such as a passport or driving license photo, to verify that it is the same person. The company would receive a yes/no response, without seeing the image held by the government or having direct access to the database
This decision by COAG has been described as ‘nothing less than a complete betrayal of a fundamental civil liberty of all Australians’. If implemented, it will ensure that the presumption of innocence no longer has any effective meaning in this country. Such an untargeted, mass surveillance database is just the latest attempt by governments to categorise everyone as potential suspects, not citizens.
The government is accepting feedback on its 14 draft documents until December 8.
Note: We will be continuously updating this article in greater detail the more we read through the documents. Please check back or subscribe to TOTT News for FREE to have notifications of new posts directly to your email!
For more TOTT News, SUBSCRIBE to the website on the right hand panel for FREE and follow us on social media for more exclusive content:
Let’s face it, we’ll be no safer with a national recognition database: efa.org.au
Turnbull dismisses privacy concerns in asking for a national identification database: huffingtonpost.com.au
Premier Hodgman on ‘anti-terrorism’ changes: “This is the New World Order”: tottnews.com
Queensland announces trials to replace public transport cards with facial recognition: tottnews.com
Facial recognition to replace passports in radical security overhaul at Australian airports: tottnews.com
Commonwealth Games – QLD Privacy Commissioner slams facial recognition plans as ‘unprecedented’: tottnews.com
Australian schools are now implementing biometric identification technology: tottnews.com
The Fall of Australia – An overview of new ‘anti-terrorism’ legislation: tottnews.com
Erosion of Privacy in Australia – Basic facts you need to know: tottnews.com