Friday, March 16, 2007

Saturday Forum: How on earth did the Medicare card nearly morph into a universal national ID card?

Tensions are raw within the Government over its stalled plans to turn the Medicare card into an Access Card.

A scheme that the government said was essential for Australia, on which it has already spent millions of dollars and encouraged the private sector to spend millions more, has been blocked by four of the government's own senators
.


In a unanimous recommendation on Thursday the Senate’s Finance and Public Administration Committee asked the government to withdraw the Access Card legislation already passed through the House of Representatives and start again.

It is a sign of how seriously the Minister Chris Ellison takes the Committee’s report that within an hour he had agreed...

As the Opposition Access Card spokeswoman Tanya Plibersek put it on Friday: “Seldom do Coalition senators make recommendations that are critical of a government program, let alone multiple critical recommendations... but the Access Card is so bad they have swallowed their fears and spoken out.”

Right now the Liberals on the Committee are lying low, not wanting to inflame passions further.

As it happens, the Chair of the Committee, Queensland Liberal senator Brett Mason, is an expert on privacy law. A barrister and an academic before joining the Senate he wrote his PhD thesis on privacy, and last year published a book entitled Privacy Without Principle: The Use and Abuse of Privacy in Australian Law and Public Policy.

Launching the book in Parliament House in March Mason’s friend and Canberra flat mate Peter Costello said the Senator knew “more about privacy than practically anybody else in this building.”

Also active in the inquiry was the ACT’s Labor Senator Kate Lundy along with three other Labor senators, three other Liberals, and Senator Andrew Murray of the Australian Democrats.

All supported the recommendation that the legislation go back to the drawing board and throughout the inquiry all worked as a team trying to come to grips with what the government was doing in a very tight time frame.

The government didn’t make it easy for them. The literature it presented to the Committee implied that a new-generation Access Card would cut welfare fraud by between $1.6 billion and $3 billion, but these figures were over 10 years and they were not net of the very substantial costs of setting up and running the card system. The Australian Privacy Foundation told the committee the government could get a better return by putting the access card expenditure in the bank.

And the committee found it impossible to work out how the $1.6 billion dollar figure had been arrived at. It was told only that the accounting firm KPMG had arrived at the number and that the details could not be disclosed.

When it asked a representative of one of the companies bidding to build the scheme to tell it how many new cards it could add to the scheme in a day the representative replied: “You can ask, but we can’t answer”. He had signed a deed of confidentiality with the government that prevented him from providing those details to the Senate.

Two tenders to build different parts of the Access Card system were underway at the same time as the the Committee was conducting its investigation and before the legislation had been approved by the Senate. In understated language the Committee reported that the government’s action “could be seen as undermining the authority of the Committee by creating the impression that passage of this legislation is preordained, rendering Senate oversight superfluous”.

The reason why the scheme was so urgent had never been made clear. As one Committee member exclaimed in frustration: “Where’s the fire?”

At the heart of the scheme proposed by the government was an unresolved conundrum. On one hand the government insisted that new card was to be used only for the purpose of replacing the existing Medicare and Commonwealth benefits cards. Under no circumstances was it to become a national identification card. The Minister introducing the Bill even described the bill as an “anti-ID card Bill”.

On the other hand every detail about the design of the card appeared to facilitate it becoming a national ID card.

In its unanimous report the Committee mocked the “well-intentioned” clause in the legislation that specified a five-year jail term for anyone who demanded the card as proof of ID. It said the penalty attempted to criminalise behaviour that was “an almost inevitable consequence” of the card’s design.

“It is logically questionable for the government to create a document that can serve perfectly as a high quality identity document, and then to penalise those in the private sector who would want to use it for precisely that purpose,” the Committee reported.

“It will be entirely logical for persons whose job entails requiring proof of identity to prefer the most authoritative and high quality document possible. So from nightclub bouncer to airline check-in clerk, the temptation to ask for the access card as a form of ID will only be exceeded by the willingness of individual Australian citizens to produce that same document in the face of such a request.”

The Committee said it was easy to envisage a scenario whereby after almost universal registration for the card, the penalty for private use was demonstrated to be both ineffective and excessively punitive.

“There will be widespread pressure on the government from a business community that is highly dependent upon reliable identification documents to repeal the dead letter, draconian prohibition against requiring the access card for that purpose,” it predicted.

In fact, the Committee noted that the Australian Bankers Association had already asked it to delete the five-year jail term during its hearing in Melbourne.

Individually, the Committee members were not necessarily against the idea of a universal national identification card, particularly in an era of heightened security concerns. Mason’s own book makes the point that no-one has an absolute “right” to privacy in modern times.

But the government’s problem and the Committee’s problem was that the government deliberately decided not to make the case for a national identification card. It kept saying that the card was designed only to replace the Medicare and Commonwealth benefit cards.

Every time a representative of ASIO or the Federal Police told the Committee of the ways in which the card could be used for surveillance the Chair had to remind them that the government had explicitly said that the card was not intended for that purpose.

The Committee reported that while access to a single database covering the great majority of the Australian population complete with biometric facial recognition data “would no doubt greatly facilitate the work of the law enforcement and security agencies” it seemed to exceed what was required to achieve the stated objective of the bill.

In fact the stated objective of the bill and the design of the Access Card were poles apart.

The Committee found that in order to replace the Medicare and benefits cards all that was needed was a new generation high security card with the cardholder’s name on the front. No printed photo, no printed signature, no printed ID number. It would then be impossible for bouncers at hotels or call-centre staff at phone or gas utilities to ask for a number or ask to see the card. The piece of plastic would tell them nothing. Photographic and all sorts of other information including a representation of the cardholder’s signature could be embedded in the chip, but it would only be readable by the people authorized to read it.

That is actually a description of the card design recommended to the government by an advisory committee headed by the former head of the Competition Commission Professor Allan Fels. It rejected the recommendation.

The Committee also heard that for the Access Card to replace the existing 17 different cards used by different agencies there was no need for a new unique identification number. Each agency already had a number that could be stored in the ample space on the card’s chip and each agency was to store its information separately in its own data “silo”.

Using one unique number to identify each Australian for every government purpose would create the risk that “the ease of matching those records may in the future increase the temptation to change existing restrictions on information sharing between agencies and create the framework for large-scale data matching.”

The Committee heard as well that there was no need for the central database that administered the system to keep digital photographs of the original birth certificates and other documents that most Australian adults would submit in order to get the card. Keeping them on file, after a card had been granted would turn the central database into a “honey pot” for identity thieves and unauthorized access.

The Department of Human Services responded that it had a high degree of confidence in the security measures designed to protect the central database. The Committee noted that even if the database was completely secure when set up future technological advances were likely to present it with threats.

It was concerned as well that the bill before it appeared to allow the rules governing the storage of data to be changed administratively without further reference to parliament.

Imprecise wording in the bill also appeared to open the possibility of state government agencies gaining the right to use the access card without further parliamentary approval. All that was needed was for a Commonwealth agency to be “involved”.

The Committee surmised that the Commonwealth’s role in such things as deciding concession status for veterans might allow public transport providers such as the NSW railways to require veterans to show it their cards when getting on trains.

This “would further enhance the ubiquity of access card usage, and would
materially contribute to its emergence as the dominant identity document in day to day use through out Australia”.

At nearly every turn the Access Card architects appeared to insist on the retention and display of more rather than less information, on more rather than less latitude for the bureaucrats storing it, and on the creation of a unique national identification number for each Australian adult.

They also insisted that the creation of the card was urgent. So urgent that the process couldn’t wait for parliamentary approval. Or even for the drafting of the rest of the legislation.

The Human Services (Enhanced Service Delivery) Bill that would allow creation of the Access Card was only one of two planned pieces of legislation. The Senate had been asked to pass it before seeing the second bill which was to “deal with the review and appeal processes for administrative decisions, further elements of information protection and legislative issues relating to the use of the card, including in relation to dependents”.

The Committee concluded that it was being asked to approve the Access Card on “blind faith without full knowledge of the details or implications of the program”.

This was “inimical to good law-making and unlikely to encourage public confidence in the access card proposal, particularly as the missing measures are essential for providing the checks and balances needed to address serious concerns about the bill.”

The biggest mystery for the Committee members is how the whole thing happened.

Why did a government that insisted it was determined not to introduce a universal ID card fast-track legislation that was only half drafted and issue contracts ahead of parliamentary approval for a system that had all the makings of a universal ID card?

The best guess is that the Access Card began with good intentions. The magnetic striped Medicare card that lives in most of our wallets is now ancient. It is easy to read, easy to forge and in need of a technological update. From this worthwhile aim came a proposal that grew, and then continued to grow without effective ministerial oversight.

It didn’t help that the portfolio went through three ministers while the bill was being prepared for and shepherded through parliament.

The first, Joe Hockey was genuine technological enthusiast, which may not have helped when it came to rigorous skeptical oversight.

He was anxious to promote a personal data storage zone on the card’s chip that he described variously as being like an ipod, a car, and somewhere to store a shopping list.

There is no doubt that the use of an electronic chip on the Access Card opened up these possibilities, but they are uses that would have encouraged rather than discouraged its evolution into an all-purpose identification card.

There was also talk about the use of the personal area of the chip to store medical data even medial histories, but these plans were undeveloped at the time the legislation was presented to the Senate. They were downplayed by Joe Hockey’s successors.

Ian Campbell took on the portfolio after Joe Hockey was promoted, oversaw the introduction of the legislation to the House, and then resigned after admitting that he had met the Western Australian lobbyist Brian Burke.

His replacement Senator Chris Ellison barely had time to get up to speed before the Senate inquiry began.

The proposal was without continuing and effective Ministerial oversight during its most critical phase. It was pushed by the Office of Access Card in the Department of Human Services and developed a life of its own. If an agency such as Veterans Affairs or the Australian Federal Police insisted that a feature be added, it was. If the Office wanted to issue tenders ahead of parliamentary approval, it got its way.

The Access Card became a multi-humped, continuingly evolving and self-sustaining camel. If a government Minister of any strength had taken a hard look at what was evolving and measured it against the government’s stated objectives the Senate committee would never needed to have produced this week’s humiliating report.

As an exercise in public administration, ministerial oversight and parliamentary accountability the evolution of the Access Card is not a process the government can be proud of.

And yet what was being proposed – a database of biometric and other information on 16.5 million Australians – had the potential to become the Howard government’s most-remembered achievement.

By killing the Access Card bill this week the government members of the Finance and Public Administration Committee probably did the Howard government a favour (although it would be fair to say they are not being thanked for it at the moment).

The new Minister for Human Services Senator Ellison says he will examine the legislation afresh and then reintroduce a revised package in one part rather two later this year.

He may be dismayed at what he finds. Senator Ellison was an opponent of the less-intrusive Australia Card proposal put forward by the Hawke government in the mid-1980’s.

His office says he hopes to have the new bill ready by June. But even if he does, it is unlikely to pass into law before the election. Labor has promised not to proceed with the card. For the moment it is dead.

The private sector contractors who have spent millions of dollars preparing tenders to run the system at the encouragement of the Office of Access Card may well be angry. They shouldn’t be. Dealing with a government is always a risk, especially if it is acting ahead of an authorisation from its own parliament.
When after the last election the Coalition gained a majority in the Senate there were many who said it would mean an end to effective Senate oversight of what the government was doing. This week they were wrong, and four government Senators can take a lot of the credit.

2 comments:

Anonymous said...

Great post. An excellent and informed summary of the situation.

"As an exercise in public administration, ministerial oversight and parliamentary accountability the evolution of the Access Card is not a process the government can be proud of."

That statement should, perhaps, be brought to the attention of the Office of the Access Card within DHS. Not to mention PM&C, who, befitting their role as a central agency, may also have some share of any apportioned blame.

Colin Campbell said...

I am not clear where the problem is. Surely the driving license contains most of the contentious information that is so taboo for the new card. I feel that if the information is encrypted in the same way that information on a credit card, then there is only limited potential for problems.

Post a Comment

COMMENTS ARE CLOSED