Less 1:N facial recognition searches, data sharing proposed in Australia gov’t ID bills
The Identity Verification Services Bill 2023 and accompanying amendments bill have been introduced in Australia’s parliament as a cut-down version of the Identity-matching Services Bill of 2019. The new legislation would block most of the planned government uses of one-to-many facial recognition.
The bills will impact the use of current identity services including the document verification services and the biometric Facial Verification Service (FVS) as well as the National Driver Licence Facial Recognition Solution (NDLFRS).
If passed, they will also scale back the use of Home Affairs’ Face Identification Service, which currently allows law enforcement to create a gallery of up to 20 of the highest matching images for purposes such as detecting identity fraud and investigating serious crimes.
The bills would only authorize the one-to-many matching service “for the purpose of protecting the identity of persons with a legally assumed identity, such as undercover officers and protected witnesses,” prohibiting all other uses, according to a memo.
The memo also highlights what the government considers to be enhanced privacy protections. When a private organization makes a request of the FVS, the response will be either a “match” or “no match.”
States and territories that provide driver’s license data to the federal government will be subject to new privacy rules. The government hopes that taking a step to secure the privacy of driver’s license data will result in more citizens opting for “stronger” myGovID verification.
“Without the NDLFRS, only persons with an Australian passport…would be able to create a ‘strong’ MyGovID and access critical services,” according to the memo. Roughly 80 percent of Australians have a driver’s license, while only 50 percent have an Australian passport. The MyGovID is required to access government services like Centrelink and the Australian Tax Office.
The bills require that data is encrypted at rest and outlines rules surrounding how data breaches must be reported.
“Australians rightly expect greater protections, transparency and control over their personal information when they provide it to trusted organisations,” said Finance Minister Katy Gallagher and Attorney-General Mark Dreyfus in a joint statement. “The measures in these bills strike the right balance between achieving fast and convenient identity verification and maintaining strong standards of privacy and security.”
The previous government proposed services that would give state and territory authorities power to detect identity fraud through biometric deduplication, assess “the accuracy and quality” of facial recognition data, and allow for biometric data to be shared between federal, state, and territory agencies. These proposals do not appear in the new bill.