Peter Andren (Calare, Independent) Share this | Hansard source

I must say at the outset that I have had no overwhelming opposition from the electorate to the Human Services (Enhanced Service Delivery) Bill 2007 or the card that will no doubt emanate from it, but perhaps that is due to the piecemeal way in which the legislation is being introduced in several phases. We do not have the benefit of much of the relevant reportage and, indeed, a Senate inquiry addressing all of those processes which I certainly believe are absolutely crucial to any fair consideration of this most important piece of public policy.  When considering this government’s track record on manipulating truth or dispensing with it altogether, and when thinking about the attempts to silence dissent on government policy and the attacks on the freedoms to protest against unethical or unscrupulous behaviour by both government and corporations, my gut feeling is to go looking for a rat in the bill.

The bill introduces and describes an integrated card to replace a number of health and social service cards and vouchers that entitle the holders of those cards to various concessions, services and payments from a number of government departments and agencies. The participating agencies include the Department of Veterans’ Affairs and the Department of Human Services and its agencies—that is, the Child Support Agency, the Commonwealth Rehabilitation Service, Centrelink, Medicare, Australian Hearing Services and Health Services Australia.

On reading the various discussion papers that have been made available so far and the first two reports of the Access Card Consumer and Privacy Taskforce, as well as KPMG’s business case and the various submissions put forward by individuals and groups, notwithstanding the AMA’s reservations about aspects of this, I do accept that there exists a case for the access card and that the bill makes it very clear that it is not to be an Australia Card, even though individuals may choose to use it as a photo identity card if they so wish. However, there are quite a number of matters not dealt with in this bill to be covered by way of legislation yet to be introduced. The process of introducing this legislation without the benefit of the task force’s third discussion paper or report about the registration system and prior to the outcomes—as I said—of that Senate inquiry into the project requires me to err on the side of caution.

It is for that reason that I cannot support the bill, at least until I can see the legislative framework that also particularly guarantees the effective oversight and governance of the access card system and the protection of the information and resolving of the individual’s private area of the microchip in the card. On the other hand, the claimed purpose of the card itself, despite those misgivings, would seem to make sense. The existing so-called benefit cards to be rolled into this one access card include the Medicare card; a PBS entitlement card and PBS safety net concession card; a pensioner concession card; a healthcare card, including a low-income healthcare card and foster child card; a reciprocal healthcare card; a Commonwealth seniors health card; a cleft lip and palate card; a war widow or widower transport card; and three DVA cards, gold, white and orange.

I understand the system will work something like this: each agency’s database—such as those of Medicare, DVA or Centrelink—with its files of personal information for each of its clients will remain with that agency as it currently does. All those existing databases will continue to be unlinked, with their own customer reference numbers. The introduction of the access card system will not alter that status quo. This means that the privacy safeguards and the legislative bases and processes for data matching or information sharing between the agencies that may currently exist remain the same. Future legislation to consolidate the different privacy and secrecy provisions under the one act will make it clearer and easier to refer to. Access by police or security services to any information held by a particular agency on its database remains subject to the same safeguards and warrant requirements as currently exist. The access card itself is supposed to authenticate identity for health and social service purposes. It is not to be used to prove identity for anything outside the stated purpose of accessing health and social services and benefits from the participating agencies I have mentioned.

With known Medicare and Centrelink losses from linkage or claiming of benefits and concessions by those who are not eligible to receive them totalling nearly $1.5 billion, the card will provide immediate validation to agencies dispensing those concessions that the cardholder is eligible to receive a particular benefit or concession. The card is to be used not to ensure or deny access to services but only to validate the holder’s eligibility to receive payments, benefits or concessions conferred by the current cards and vouchers of those participating agencies.

The legislation clearly sets in place substantial penalties for individuals or corporations that explicitly state or implicitly insinuate that the provision of their goods and services is dependent on presentation of the access card. With the commensurate cost of replacing some 1.3 million cards every year due to changing details such as addresses, or the fact that there are some 520 forms in Centrelink alone requiring an individual to provide information on their identity, it makes sense to use up-to-date technology to allow one simple change of details through the card and the register which then funnels through to the relevant agency’s own records. Prima facie, it all seems so logical. Every person who wishes to receive the benefits of any of the participating agencies will need to apply and be registered for a card. This includes people wishing to use Medicare—in short, most Australians. There does not seem to be much detail in the bill about how, when and under what circumstances 17 million people are going to have to line up for their mug shots. But the cardholder will own the actual card.

Generally, the card will have on its surface the cardholder’s preferred name, provided it complies with current laws about naming. It will have the access card number, the expiry date, a digitised representation of the cardholder’s signature and a photograph—and more about that in a moment. The surface of the card may also have the person’s date of birth if they request it; some people might choose to use the card as proof of age. It could also have various DVA information such as TPI, blind, POW, war widow or widower et cetera. No other information is permitted to be included on the surface of the card, with any proposed future additional information requiring an amendment to the legislation.

A number of categories of people may be exempt from having a card at all or from having various elements appearing on the surface of the card. These include those who are over the age of 90 and those who are in palliative care or under witness protection. The latter is one of the few concerns I have fielded on this matter in my electorate, and that concern seems to have been covered. Those who are in witness protection programs will receive the same level of identity protection as they are currently afforded. I understand that the Office of the Access Card has conferred very closely with the Australian Federal Police to ensure that this happens.

The card will contain two microchips to store and process information. The card owner’s microchip will allow the owner to include information that can be accessed by anyone with a card reader, including emergency services. That might include information chosen by the cardholder, such as organ donor status or allergy information. While this kind of accessible information could be lifesaving, it also raises issues such as those discussed in the task force’s second discussion paper on voluntary and medical emergency information on the access card. Issues like the medico-legal questions raised by the inclusion of such information have not yet been addressed. This is hardly surprising, given that the discussion paper was released six days ago.

The second microchip will hold information to be accessed by the relevant Commonwealth agencies and will not be accessible by any unsecured card reader. This microchip will include the person’s legal name, date of birth if requested, sex, residential address, access card number, expiry date, signature if not exempt from providing signature, PIN protected by encryption, benefits to which the person is entitled, Medicare number or reciprocal health care number, emergency payment number and registration status. It would also hold the DVA number and status. It will hold a biometric photograph: a photograph taken to allow specific facial measurements to forensically confirm identity when compared with other such photographs. This has caused a lot of concern, but such photographic information is now required on Australian passports, so the precedent is there. It will contain other technical information necessary to the system that does not expressly identify a person in any way; in fact it contains only such technical information as is reasonably necessary for the administration of the register. Again, those under witness protection programs or certain police or security officers will be exempted from having their legal name, residential address, photograph or signature in the Commonwealth chip area.

Essentially, this bill describes the card, the basic information to be held on it and the uses to which the card may be put by third parties. It also describes the significant penalties for abuse. But the matters and issues that the bill does not address are numerous and serious enough to warrant precaution. To pass the first piece of legislation without reference to following legislation is throwing caution to the wind and is unacceptable. A system such as that which is proposed must be based on the very best and informed advice—something that we as a parliament have not yet had. The opportunity to get it right from the outset should and must be taken. The linkage between the card and agencies’ individual databases—the secure customer registration service—is probably the most important part of this process, yet the task force’s discussion paper on the registration part of the program has not yet been released.

This register is effectively the gateway between the card and the agencies’ databases. It will keep a duplicate record of the information held on the card. The card, like all other cards it replaces, provides a ‘handshake’ with the relevant agency, through the register, which can only link the access card number to the records of the agency that swiped the card. It cannot link a person to their Centrelink records if the card is swiped at a Medicare office. It cannot reveal PBS records if it is swiped at a pharmacy for concessionary treatment of medicines—beyond advising of current eligibility to receive a concession. So there are issues yet to be resolved. While some may seem fairly benign and some may raise considerable alarm, the fact that we do not have the full details of the reports available to us must, I believe, make any legislator treat this piece of legislation with extreme caution.

I accept the argument, as did the privacy task force, that the inclusion of a photograph on both the surface of the card and in the mirror file is essential to immediate identification, but I ask why a biometric photograph is necessary to provide confirmation of the person’s identity—unless the government is not being entirely forthcoming about the possible future uses of the register. Surely if this is the case, the public deserve to be informed of and educated about the possible other uses of the photograph, such as perhaps national security. Certainly it would be naive indeed to not realise that such information is already sought under appropriate warrants.

And what of the security of the photo database itself? While the recommendation of the task force that the photograph be stored in a separate database within the register has been rejected on various grounds by the government, the same government responds that rigorous access controls will be put in place. But this bill does not deal with that. In fact, it does not deal with any of the safeguards promised to protect the accuracy and privacy of the information on the card and in the register.

With this in mind, I also support the recommendation of the task force that proof of identity documents not be scanned, copied or kept on file once those documents have been verified. I agree with Professor Fels that these documents, which are already held in paper files all over the country, should not be held electronically. The government’s response that it will explore the implementation of this recommendation is commendable, but I want to see these processes confirmed in legislation before supporting it. After all, the whole point of the access card is that it is not issued unless POI documents have been verified as true—and it is supposed to be about verification, not about the amassing of data.

This brings me to the issue of the national document verification service. The success of removing potential for fraud begins with the registration of each person, using their documents of identity, such as a birth certificate. However, if the system has no way of checking whether these POI documents are fraudulent to begin with, there exists the real possibility that the access card could be granted to people on the basis of fraudulent information from the outset. Would it not be prudent to allow enabling legislation to come into effect prior to the system going online? As is specified in the explanatory memorandum, there are many other details that are not covered in this bill—for example, details about the implementation phase, the replacement of lost and stolen cards, suspension and cancellation of registration and how dependants, carers and other linked persons are treated in the exercise of this system.

This is a major change. The access card’s national photo database is a first in this country, and it raises many concerns and issues about privacy and security. Without subscribing to some of the more hysterical or misleading claims made about the card, I certainly would prefer to wait—as I know my constituents would prefer to wait—until all the relevant details, processes and security processes are presented and the identified weaknesses addressed before supporting this legislation. I support the proposed amendments as the best this House can achieve at this point, pending the availability of the Senate report due on 15 March and the privacy task force discussion paper and the report on the registration system. How can any member be required to support such a legislative shambles?

See this speech in context