Tanya Plibersek (Sydney, Australian Labor Party, Shadow Minister for Human Services, Housing, Youth and Women) Share this | Hansard source

The Human Services (Enhanced Service Delivery) Bill 2007 relates to the government’s plan to spend almost $1.2 billion over four years on an access card which will replace the Medicare card, the pharmaceutical benefits concession cards and all Centrelink cards. The government claims that the card will: firstly, make it easier for people to deal with government agencies; secondly, speed up payments and rebates; thirdly, reduce fraud; and, fourthly, replace up to 17 other cards.

Of course, these are all good aims. If this legislation delivered on these aims, we would not have difficulty supporting it. But without significant change, this legislation does not deliver on those goals. In addition, it will have a number of other significant negative impacts. Our concerns about this legislation are not, for the most part, with the technology proposed but rather with the systems designed to collect, store, maintain and transfer information on the card and on the database which backs it up.

Labor support the use of smartcard technology in service delivery. We support the aim of improving service delivery in Medicare and social security and the aim of reducing fraud, but we do not support this proposal because it is full of problems. We will not support a half-baked proposal that simply reproduces identity fraud, that allows a whole lot of personal information on every Australian to be collected and stored without adequate protection and that potentially costs the taxpayer more than it saves.

The first claim made by the government is that the access card will make it easier for people to deal with government agencies. I think it is worth saying that the card will make it a little easier for some people to deal with government agencies but only in that users will not need to notify several government departments if, for example, they change their address. The central register will have the address details changed and that will notify other government departments. But this is a very small change compared with the other improvements that it is possible for the government to make when it comes to service delivery for citizens.

For example, anyone who has seen the body of Centrelink paperwork will know that Centrelink claim forms are far too long and repetitive. Information is required to be provided over and over again—even information that does not change, like the dates of birth, names and ages of children, and so on. Australians should not have to give their income estimates separately every time they apply for a different benefit. Parents will know that they continually get a barrage of letters in the mail querying details of childcare use, of income and of their children’s immunisation status. These come regularly even when there has been absolutely no change in a parent’s circumstances or there is not likely to have been a change in the parent’s circumstances. Anyone who has dealt with Centrelink would know that the paperwork and the correspondence that has to be entered into is long and unnecessarily complicated, and questions are often included that have little or no relevance to the issue at hand.

If the government were interested in improving service to citizens, we would see a greater commitment from the government to the proper resourcing and training of Centrelink staff. An internal Centrelink random sample survey conducted by the Australian National Audit Office in June last year showed that around 30 per cent of Centrelink records contained an error which resulted in the wrong payment. These errors will not be fixed by the access card, and it is one of the greatest difficulties for people who are interacting with Centrelink. The access card will certainly not make fixing these errors any easier. All it will do is have some marginal effects around people establishing their credentials with Centrelink. The access card also does nothing about issues such as the time that Australians are spending in Centrelink and Medicare queues. That is probably one of the things that is raised most often with members of parliament when it comes to dissatisfaction with social security and Medicare services. Again, this card does nothing to improve that issue.

The government’s second claim is that the access card will speed up payments and rebates. There is simply no evidence in the legislation or any of the explanatory material of how an access card would do that. It is certainly a short cut to proving identity to government agencies, but it does not change the way that claims are processed or payments are made. The access card is not related to the separate initiative for Australians to receive their Medicare rebate electronically, which is planned for sometime this year in any case. So while electronic payment of rebates will reduce the time that Australians spend in the Medicare queue that I was just talking about, the access card is a separate initiative to this e-payment of Medicare rebates.

The third claim made by the government—that the access card will reduce fraud—is perhaps the most difficult to understand. The government says that the access card will reduce fraud, in particular through the registration process which will seek to verify the identity of everyone who currently possesses a Medicare card, health care card, veterans card or any of the other cards I mentioned. This would be a much more convincing argument if the registration process was rigorous and watertight. Unfortunately, the fraud-reducing potential of the access card has been completely undermined by the fact that the registration for cards is supposed to begin early next year, long before the planned national document verification service comes online.

As the proposal stands at the moment, it is actually possible that the access card will make things worse when it comes to perpetuating existing fraud. On top of that, it obviously puts at risk the security and privacy of the vast majority of honest Australians. But focusing specifically on the issue of proof of identity, there is currently no efficient way of checking the proof of identity documents of the 35,000 Australians that are supposed to be issued with cards each day until this national document verification service comes online.

From April next year, the government plans to start registering 35,000 people every day. The national document verification service that is being developed by the Attorney-General’s Department to check the authenticity of birth certificates, marriage certificates, death certificates and so on—along with drivers licences, visas and other forms of identification that applicants for the access card will be presenting—is simply not ready. This system, a massive online data-sharing network, is just not built yet. And it will not be built by next year. In fact, the Attorney-General’s Department last week said in the estimates hearings that that system will not be completed until 2010.

The document verification system is critical to the registration process and, as it will not be ready until 2010, it makes little sense for this legislation to bring the registration period forward to as soon as April next year. Anyone who was really clever about wanting to set up a false identity would make sure that they did it in the first months of the operation of this system, when the government’s ability to check identification documents will be much weaker.

The government’s fourth claim, that the access card will replace up to 17 cards, sounds all very well on the front page of the newspaper, but most people have only one card—they have a Medicare card—a small number of people have two cards and fewer still have three cards. At the same time that the government is claiming people will be liberated by the access card—they will be able to throw out their bulky old wallets—they are introducing another card. The childcare smartcard is an ill-conceived idea that childcare operators have unanimously said is stupid. And parents have just shaken their heads about the idea that they will have to pull out a card every time they drop the kids off or pick them up at child care. They will have to work out which parent is going to have the card at which time of the day when they drop off and pick up the kids.

It seems to be nonsensical to try to spruik a benefit of this access card as reducing the need for all these government cards and at the same time talk about introducing extra cards like the childcare smartcard. I think the fact that people have two or even three cards is generally of less concern to them than knowing that their identity is secure from hackers and that any information that they have provided to the government is safe and will not be stolen and used inappropriately. The notion is that there is a clamour out there for people to have the number of cards reduced. It is not a bad aim; it is a good aim, but it has to be done with all of the proper safeguards to ensure that this card, with all of the important information stored on it, will not become a honey pot for criminals interested in stealing people’s identities.

Our main concerns with the proposal are, firstly, the accuracy, security and privacy of the data to be stored on the card and the database which supports it. Many individuals and groups have expressed their concerns about the card, including the Australian Medical Association and some government members of parliament. The member for Moncrieff said that the access card could become a Trojan Horse for a national ID card. The member for Mackellar said that it does not pass the Nazi test. And even the Attorney-General has admitted that the access card could be exploited by future governments. I am surprised that he thinks that only future governments might do the wrong thing. I would be a little more concerned about the current government.

There is too much information stored on the face of the card. All of the public critics of the card say that it is unnecessary to have a number of the key identifiers on the face of the card. The government says that it is not an ID card by stealth but critics—including Professor Allan Fels, who the government had work on the privacy issues surrounding the card—rightly point out that if this is true then it is unnecessary to have so much information printed on the card. The bill provides that a name, a unique personal identification number, a digital signature, a photograph and an expiry date must all be displayed on the face of the card. In addition, people can choose to have their date of birth, veteran status and—if they are blind and on a disability support pension—their blindness listed on the face of the card.

With so much on the face of the card it is difficult to see how it is not an identification card. As I said, Allan Fels was commissioned by the government to report on the privacy aspects of the card. That means that the government probably knows that there are some very significant privacy issues here and that the decisions should not be made on the run when we have to decide on such important and technical matters relating to privacy.

Allan Fels recommended to the government that the unique identifying number and the electronic signature not be displayed on the card because they are unnecessary and pose a risk to people’s security. The government has ignored this recommendation but did not give any reasons for ignoring it. The digital signature is an obvious risk. A teller at a video store could take a photocopy of your card and use your signature for all sorts of inappropriate reasons. In relation to the unique number which Professor Fels is concerned about, if people want the convenience of having their number on their card, why not make it voluntary like some of the other information that is included in the card? Indeed, many people have said that you could contain the photograph within the chip in the card rather than having it on the face of the card.

There is a great deal of concern about the amount of information on the face of the card and how this makes this card a de facto ID card. The information stored on the chip repeats the information on the face of the card, and there are some additional pieces of information that are contained in a microchip embedded in the card. The information will be divided into what can be read by any card reader that you can get for a few dollars at your local Dick Smith shop or any other electronics store and information which requires a personal identification number as well.

Last week Professor Fels brought down a report on the voluntary medical information to be stored on the chip. He said in that report:

The decision about what specific health and emergency data might be listed in the card is a considerably more complex matter than might have been anticipated ... This is because the data entered into the chip is data which is intended to be acted upon by other people—

in life-threatening situations. The example that the AMA and others have given is that, if there is incorrect information about medication or the information has not been updated recently, you can be given other medication that interacts, potentially fatally, with the medication that is noted on your card. So the information has to be dead right, and the fact that the information can be loaded on and changed by anyone at any time who has access to the card reader is obviously of concern. There is no real detail in this legislation about who can load on the information and under what circumstances. I think Professor Fels’s comment about the potential uses of the card initially sounding appealing but turning out to be a lot more complicated and problematic than they seemed is a pretty sound comment on a great deal of the suggested uses of this card.

Turning now to the information stored on the database, the registry, as it is called, will include: a date of birth; citizen or permanent residency status; sex; residential and postal address; date of registration and status of registration—full or interim, for example—the personal identification number; veteran status; and electronic copies of documents used to prove your identity when initially registering. Information that people can opt to have on the register includes Indigenous status, email and phone contact.

The government proposes that scanned copies of original documents presented when Australians are interviewed before being given their card be kept on an electronic file. That makes this register an enormously valuable resource for criminals, who can hack into it or bribe public servants to get access to it. A criminal could steal a person’s whole identity by getting access to the information contained in this register.

For the most part, I believe government information is closely held and well managed, but there are examples of identity theft that has depended on false documents and on unauthorised accessing of databases by public servants that should give us pause for thought when we consider just how valuable this honey pot of information is. Just recently, at the end of last year in December 2006, an Australian man was arrested in New Zealand for using the birth certificate of a baby born in 1965 who had lived only 13 days. He used that birth certificate to apply for a New Zealand passport. There were 600 privacy breaches within Centrelink reported in August 2006 where staff had accessed customer records without proper cause or authorisation. There was a report by the Child Support Agency obtained under freedom of information in June last year that found that 405 privacy breaches had occurred in the previous nine months. In at least two of these cases mothers and their children had to be physically relocated at taxpayers’ expense because the Child Support Agency’s release of information had put them at risk. You can see the very high stakes of people getting access to documents not their own and information that they should not have access to. Bringing all of this information together in this way and including electronic scanned copies of original birth certificates and so on seems to me to be asking for trouble.

The additional problem that has been raised by a number of critics is something that we call function creep. The concern is that every minister and every department will want to use the card for some other new whiz-bang purpose and that over time the amount of information stored on the card and the purposes of the card will expand. That makes the card more valuable, not only to the owner but to anyone seeking to steal the card and use it for improper purposes. The more functions the card has, the more valuable it is to a criminal and of course the more vulnerable it is to theft or misuse. The issue of function creep is particularly concerning because of the vast amount of discretion left to the minister about the information which can be collected in this legislation. There really is nothing to stop the minister changing what information is collected over time or the uses to which the information is put.

The AMA has suggested that this problem could be minimised by the government specifically legislating what the unique identification number on the card could be used for. But, like a number of other sensible suggestions made by the AMA and by people who have commented on the draft legislation and made other comments about this bill, this suggestion has been ignored.

When it comes to the forgery of cards, it was interesting to hear the chief of the Australian Federal Police, Mick Keelty, say that he is very enthusiastic about the card because it will help reduce identity fraud. He has happily acknowledged that the devil is in the detail, because this card will not reduce identity fraud unless we can be confident of the security of the information on the chip and on the register. There will be many people who tell you that smartcards are easily forged, as all mass-produced cards are. Even if the chip on the card is inactive, the face value of such a card will be high because of the hoops you have to jump through to get it in the first place. Dame Stella Rimington, former chief of MI5 in the UK, said in relation to the UK ID card:

ID cards have possibly some purpose. But I don’t think that anybody in the intelligence services, particularly in my former service, would be pressing for ID cards. My angle on ID cards is that they may be of some use but only if they can be made unforgeable - and all our other documentation is quite easy to forge. If we have ID cards at vast expense and people can go into a back room and forge them, they are going to be absolutely useless.

She said that in a speech in 2005. The government says that this is not an ID card. It keeps denying that this is an ID card, but obviously Mick Keelty is excited by the possibility of using it as a source of identification, and I think it is pretty plain to anyone who has followed this debate that there is nothing to distinguish this card from an identification card.

There is a danger, obviously, with lost and stolen cards. The government currently runs the ASIC—the aviation security identification card—system, which is used by officials who need access to sterile areas of airports. Three hundred and eighty-four of these cards were reported as stolen or missing in 2005 alone. The government says that access cards which are lost or stolen will be deactivated the next time they are swiped, but of course the face value of the card is still very useful.

The strongest opponents of this in the community are the people who believe that this is to all intents and purposes an ID card. It is just amazing to have members opposite who were such strong opponents of the Australia Card proposal, including the Prime Minister himself, now seeing no problem with introducing something that is essentially the Australia Card on steroids. This card and the register contain a great deal more information than the proposed Australia Card, and the use of biometric technology means that it is much more useful for surveillance measures than the Australia Card ever would have been. The biometric photo on the card can obviously be matched with surveillance video taken in public places to track people.

The government says that people will not be able to ask to see your card as a form of ID and that there is a two-year jail term and a 120-penalty-unit fine for people who do, but this relates to people who require you to show your card, not to people who request, not to people who ask nicely, not to people who might offer the option that you might want to show your card. On top of that, there is what is called a Crown exemption, which means that, even if someone improperly asks to see your card, the fact that they work for a state or federal government department means that they cannot be prosecuted for it. We also think it is incredibly unlikely that the poorly-resourced Privacy Commissioner will have the resources to follow up on the misuse of this card or that the police would ever have the resources and energy to investigate and prosecute in this area.

There is no guarantee that the collection, storage and maintenance of the information on the database will not be outsourced. It could be outsourced overseas; we do not know. We do not know what that means about the protection from onselling of very sensitive information.

The government says that the card is voluntary, that nobody is forced to get one. You are only forced to get one if you ever want to use a Medicare service; if you ever want to have access to the Pharmaceutical Benefits Scheme; if you are a veteran and you want to access your veterans entitlements; or if you ever want childcare benefit or family tax benefit. That is not voluntary at all!

The biometric technology that is used has a very high failure rate. It can be affected by weight gain or weight loss. It has about a 10 per cent failure rate, we are told. That means that people may actually be stopped from accessing services that they are entitled to because of faulty technology.

The registration process is going to be an absolute nightmare, with people needing to present all sorts of documents. For people living in the outback, the government say that they are going to send out vans, but I do not believe that they are going to send out a van to every community and every farm in Australia.

On the cost, the government say that they will save $3 billion over 10 years. They keep claiming this figure, although the KPMG report that they have released in a highly censored version says that they could save between $1.6 billion and $3 billion over 10 years. If the figure is actually $1.6 billion, they would save more money by putting the $1.1 billion or $1.2 billion that they are going to spend in the bank and collecting the interest.

This also restricts the Medicare access of 16- and 17-year-olds in a way that is of extreme concern. For this reason and a number of others, a second reading amendment is proposed by Labor. I move:

That all words after “That” be omitted with a view to substituting the following words: “while supporting the use of smart card technology to improve service delivery in Medicare and social security; to reduce the number of cards necessary for people using these services; and to reduce social security and health fraud; the House is of the opinion that the bill should not proceed in its current form because:

(1)

there are inadequate safeguards to protect the accuracy and privacy of information on the card and in the register;

(2)

the Government continues to keep secret key information about the costs of the card; and

(3)

there is no guarantee that the Document Verification Service will be fully operational with appropriate safeguards by the commencement date proposed”.

Labor will be moving further detailed amendments both in the House and in the Senate, particularly after the Senate inquiry into this bill. The inquiry is rushed and inadequate but nevertheless may cause us to come up with further amendments to be moved in the Senate.

See this speech in context