As the government considers reviving the controversial facial recognition legislation needed to expand an identity matching scheme, Home Affairs has awarded a $37 million contract to Fujitsu to manage the technology behind the current system.
The Home Affairs-run Identity Matching Services (IDMS) is currently used for issuing core identity documents like driver licences and passports.
A proposed expansion of the IDMS to add a national facial recognition database and automate data sharing stalled in 2019 when enabling legislation was rebuked by the bi-partisan Parliamentary Joint Committee on Intelligence and Security (PJCIS) amid a raft of concerns, including mass surveillance.
The unusual recommendation to entirely redraft the Identity-matching Services Bill 2019 and significantly amend a supporting bill for automating passport data sharing came after expert evidence that the planned expansion lacked necessary safeguards.
The bill was not reintroduced to the last Parliament, but Home Affairs has pursued its planned expansion, again raising the concern of privacy experts.
A spokesperson for the department said: “The government is considering how to take forward legislation to further enable the IDMS, including the PJCIS recommendations.”
In the meantime, Home Affairs has awarded a $37.6 million contract to Fujitsu Australia to provide managed services for the IDMS scheme. This is a continuation of the existing scheme and the department “did not seek to expand the existing services” with the new contract, which runs to 2026.
The new arrangement with Fujitsu includes both core IDMS aspects, the Document Verification Service (DVS) and the Face Matching Service. Both these services had been managed by NTT under separate contracts – a ten-year $27.2 million deal and a seven-year $66.6 million deal, respectively.
The DVS was established 2014 to check if the biographic information on identity documents matches the original record for things like birth certificates, passports and licences.
The Face Matching Services was established in 2016 and is used by government agencies to compare a photo with what is on passports, citizenship certificates or visas to speed up access to government services and combat identity crimes.
The 2019 bill would have expanded the IDMS scheme to include a range of new services to identify, recognise or verify a facial image. It also proposed systems for the collation, access, use, sharing and disclosure of this type of data.
Under the changes, Home Affairs would operate an interoperability hub for government agencies and non-government entities to transmit information as part of the identity-matching service.
It would also establish a National Driver Licence Facial Recognition Solution — a federated database of information contained in government identity documents such as driver licences.
Digital and human rights groups campaigned against the bill, while privacy experts highlight the profound risks the expansion would create.
The 2019 bill was ultimately rejected because the significant changes proposed varied from what state and territory governments had agreed to earlier, and because the legislation lacked appropriate privacy and oversight requirements. A lack of detail also opened the possibility of scope creep, according to the PJCIS.
Home Affairs has said amendments to address the PJCIS recommendations were made and referred back to the Committee in 2020. But a spokesperson for the PJCIS confirmed this week no subsequent inquiry has ever occurred.
It now falls to the Albanese government with Home Affairs minister Clare O’Neil and Attorney General Mark Dreyfus to resurrect the plan.
Mr Dreyfus, who was a member of the PJCIS when it rejected the bill, called for the redraft to include an explicit prevention of the identity services being used for mass surveillance. At the time, he also raised concerns with an ability for authorities to utilise the new services to identify protestors.
Do you know more? Contact James Riley via Email.