The Digital ID Bill 2023 was officially tabled in parliament on the 30th of November, and it has citizens across the political spectrum rightly concerned.
The term ‘Digital ID’ refers to the digitised economy of personal information that will be uploaded, stored and used by various institutions (both domestic and foreign) to supposedly create greater ‘efficiency’ in a technologically developing world. The government is adamant that the bill will streamline online transactions, and create greater ‘convenience’ for organisations and citizens who depend on digitised systems.
It seems reasonable to want to streamline services and digital operations. What is not convenient, however, are the added dangers that arise from adopting such technology, without adequate accountability mechanisms, or safeguards.
With any new technological development, central to its induction should be a critical analysis of the ramifications of this centralised and digitised framework inherently fraught with privacy issues and national security concerns, particularly in times of rising global tensions.
One of the objectives of the bill, according to the first ‘provision’ in the exposure draft, is to verify the identity of individuals in online transactions concerning the government and businesses. The first problem with this method is that it will inherently require more data to be collected by public or private entities. Not all private businesses within Australia are even Australian owned, and secure.
The contents page of the bill is enough to alert critics to potential issues with the infrastructure – there are penalties for those who misuse data for example, for marketing purposes. This indicates that digitised ID and data can be hacked and used by various entities for profitable gain or other malevolent activities.
The bill is being promoted by Labor. The bill provides the ‘green light’ for organisations to hold data offshore, which will increase hacking potential or foreign interference. According to the Australian Signals Directorate (ASD), cybercrimes are increasing rapidly. With a 23% increase in cybercrime reports.
The top cybercrime for individuals, according to the ASD? Identity fraud.
The digital ID system may also jeopardise human rights. Is the infrastructure compatible with the notion of a truly democratic and free society, or will it set the stage up for further surveillance and government encroachment on civilian life?
Facial recognition software is an obvious concern for citizens who partake in the digital ID system. It is incompatible with the notion of human rights and the right to bodily integrity and autonomy, as expressed in the International Covenant of Civil and Political Rights, particularly at Article 17 which states the following:
“1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.”
Another major issue with the bill, is it’s soft attitude to organisations involved in data breaches.
Section 79 of the digital ID exposure draft protects entities participating in the digital ID system from liability. It is shockingly broad and negligent drafting, which shows the government’s casual disregard for real citizen privacy concerns and protections.
The draft of the bill also outlines what kind of data can be collected if passed into law. The scope of the data in question is enormous – and it includes biometric data.
Biometric data within the bill is defined as follows: ‘biometric information means information about any measurable biological characteristic relating to an individual that could be used to identify the individual’. An accredited entity may collect this data from citizens and disclose it, with consent, they say. If certain fundamental services are withheld from individuals unless they consent to a digital ID, this ‘protective’ provision is rendered completely useless.
Imagine if anti-Australian actors for example, got their hands on data through the conduit of an accredited entity that has access to private information.
The bill includes objectives indicating the system is ‘voluntary’ however, we’ve all heard that one before. ‘Voluntary’ is often a ‘euphemism’ for ‘coercive.’ The bill itself tells you in the ‘objects’ section that it wishes to facilitate the advancement of digital IDs. How do you do that and simultaneously make the function truly voluntary?
Further to the above point, section 71 of the bill indicates that the ID system is ‘voluntary’ (subsection 1) however this does not apply to a service of a participating party if the service provides access to another service, for example. This would enable companies to coerce digital IDs, through the guise of ‘voluntary choice.’
The digital ID bill does contain some provisions attempting to safeguard privacy, however the reality of the situation is that a citizen may never know whether an entity has disclosed confidential information to a relying third party, in order to use the legislation to sue the breaching entity. If one does discover a breach, the bill provides ample protections from liability through vague and broad drafting, particularly at section 79.
The digital ID bill and developments should be opposed for the above reasons – it will pave the way towards greater governmental surveillance, foreign interference and data breaches, and allow transnational entities to further promote centralised digital infrastructure which can lead to serious human rights abuses down the track, or threaten the nation’s sovereignty. Australian citizen information should not be centralised in infrastructure that simultaneously reduces civil or criminal liability from Digital ID promoting entities. Australia should instead strengthen its existing privacy and human rights frameworks and work on models which eliminate corruption, and allow for ample accountability mechanisms.
It may be prudent to therefore reject the digital ID developments, and caution others to do the same.
