The ACT has become the first jurisdiction to push back against the federal government’s national facial recognition database, refusing to hand over drivers’ licence data until legislation is passed.
Queensland, Victoria, South Australia and Tasmania have already started uploading drivers licence biometrics data to the National Driver Licence Facial Recognition Solution – a federal government database which agencies and authorities can use to conduct facial recognition matches.
The database, known as The Capability, is not yet in operation and can’t be until legislation is passed by Parliament.
The government is currently redrafting its bill after it was dramatically knocked back by the powerful Parliamentary Joint Committee on Intelligence and Security (PJCIS) last year.
The ACT government has now become the first state or territory to officially decline to provide biometrics information of its citizens to the database. It says it will not do this until the legislation is passed and assuming it meets the privacy requirements in its Charter of Rights.
“The uploading of ACT data will not commence until Commonwealth and ACT legislation is passed, and participation agreements are signed. ACT residents will be informed of their drivers’ licence images being uploaded to the system when legislative frameworks are finalised,” an ACT government spokesperson told The Canberra Times.
Deakin University senior lecturer Dr Monique Mann praised the ACT government for taking a stand.
“It’s a prudent approach to take in waiting to see and then assessing to see compliance with state-based laws and human rights requirements of respective states. It’s going to happen, it will pass. So it’s about what the beast will look like, and what concessions they are willing to make,” Dr Mann told InnovationAus.
“It’s promising to see some states, particularly the ACT, express some reticence in relation to uploading images without seeing what that beast is.”
It’s still unclear when the federal government will re-introduce the legislation needed to put the biometrics database into action. The original Identity-matching Services Bill was introduced to Parliament more than two years ago, paving the way for the “secure, automated, and accountable exchange of identity information between the Commonwealth and state and territory governments”.
But it was knocked back by the bipartisan PJCIS, which called for a “significant amount of redrafting and not simply amending” due to a range of issues surrounding privacy, transparency and robust safeguards. The committee also criticised the bill for a complete lack of detail.
The federal government has reaffirmed its commitment to the facial recognition database but has not said when it plans to unveil the new legislation.
Digital rights advocates including Dr Mann are waiting for the government to attempt to pass legislation facilitating The Capability in the near future.
“I’ve been waiting for it to come back. I don’t think the Australian government is going to give up on the plans for The Capability, particularly given the investment in the technical infrastructure and the legal architectures they’ve been building for it,” she said.
“The PJCIS threw it out, they said it’s so invasive, there were no protections, no transparency and they needed to improve it and strengthen protections for individuals and improve accountability. They sent them back to the drawing board and to redraft the bill.”
State and territory governments provisionally agreed in 2017 to provide biometrics data from drivers’ licence to a national database to be run by Home Affairs. The database would allow for one-to-one and one-to-many facial recognition matches using this information.
A beta version of IDMatch has been launched by the government, outline how its services “give businesses and government users greater confidence in the identity of their customers”.
The website attempts to waylay some of the concerns surrounding the use of the technology, claiming that it is “deliberately designed not to accept live video feeds such as CCTV” and that it “cannot be used for real-time monitoring or live facial recognition of people in public places”.