Colin Boyce (Flynn, Liberal National Party) Share this | Hansard source

I rise to express my strong opposition to the Digital ID Bill 2024. I've been contacted by many constituents regarding this legislation, and they've expressed their fears as to what it means for them, their family and their business. I believe the Labor government's Digital ID Bill is seriously flawed and a massive overreach. This is classic 'Trust me; I'm from the government' and simply doesn't pass the pub test.

Labor are ramming this bill through parliament. For instance, they guillotined debate on this legislation in the Senate. How can Australians trust the Labor government to manage digital ID when Labor won't even allow parliamentary scrutiny? What has the government got to hide? In the Senate, the government had an opportunity to address the concerns raised by stakeholders and the many constituents who made submissions to the Senate, in addition to those individuals who wrote to all members about these bills. The coalition's sensible amendments, which were developed in close consultation with industry stakeholders, would have enhanced the privacy protections of the bill.

The coalition's amendments sought to establish a stronger guarantee that having a digital identity would be voluntary—that no Australian would be required to have one—and that someone would not face a lower quality of service should they wish to use traditional, paper based identity documents. In addition, we moved an amendment that sought to impose a clear requirement that changes to the Privacy Act be made before these bills came into force. The opposition and other senators were unable to scrutinise these bills clause by clause, and we were denied the opportunity to speak to the amendments. More problematically, the guillotine prevented senators from scrutinising the government 's supplementary explanatory memorandum, their five pages of amendments and the four pages of Greens amendments the government allowed to be tacked onto the bill. Greens senator Penny Allman-Payne, who is based in Gladstone, needs to look her constituents around Central Queensland in the eye and explain why she voted for the Digital ID Bill. Maybe if she focused on the issues of the residents of Central Queensland and spoke to them about their concerns with regard to the Digital ID Bill, rather than engaging in culture wars, she might learn a thing or two. It's not good enough for bills which engage our most basic of human rights to be steamrolled through the parliament in this fashion.

I have serious concerns about the Digital ID Bill and the threat of cyber breaches and hacking. Companies Canva, Latitude, Optus and Medibank all have had their data breached over the last couple of years. The Optus data breach was one of the biggest security breaches in Australian history. As Optus is the second largest telecommunications company in Australia, this security incident brought up questions about Australian data security policies and how companies handle them. It affected almost 10 million customers. Personal data in the compromised dataset included names, birth dates, addresses, phone numbers, passport information, drivers licence numbers, government ID numbers, medical records and Medicare ID numbers. How can the government ensure that the data of anyone who signs up for a digital ID will be secure?

According to the ASD cyber threat report 2022-2023, the average cost of cybercrime per report was up 14 per cent in 2023. The Australian Signals Directorate, ASD, found that it had cost small business an average $46,000 in total losses per reported cybercrime. Accordingly, it is unfortunate that the government's rushed handling of these bills has materially weakened the quality of important provisions in the Digital ID Bill as they relate to cybersecurity incidents and fraud detection and prevention. As industry experts have raised in their submissions, the Digital ID Bill's definition of a cybersecurity incident, in clause 9, is inconsistent with commonly accepted definitions officially established by the government elsewhere—for example, the definition contained in the Australian Cyber Security Centre's Information Security Manual. As the definition of cybersecurity incidents includes 'attempts' and each attempt must be reported to the Digital ID Regulator, there is a concern that this definition, as currently drafted, will have the capacity to simply overwhelm relying parties and the regulator. As multiple industry stakeholders have pointed out in their submissions, large organisations, such as banks, shopping chains and telecommunication companies, are often subject to hundreds, if not thousands, of cyber security attempts every day.

What this legislation fails to address or to consider is the lack of telecommunications in rural and regional Australia. From Gladstone to the gemfields, Moore Park Beach to Monto, Baffle Creek to Biloela, Alton Downs to Agnes Waters, or Woorabinda to Wondai, regional telecommunications would have to be one of the biggest single issues in the Flynn electorate, no matter where you come from. Many constituents have told me that banks and government departments have gone solely digital, and this legislation is another step towards this. Problems that arise are when customers try to complete transactions or documents online, as two-factor authentication is required. They are not able to complete these requests in regional Australia as often the two-factor messages do not come through.

There is a further issue with the Labor government winding down the use of cheques across the banking system, with federal departments to use other payment methods by 2028. A goal has been to set the end of the use of cheques completely by 2030. What support is the Labor government going to provide to rural and regional Australia if the Digital ID Bill passes? The silence is deafening. What support is the Labor government providing or going to provide to older Australians if this legislation passes? According to the aged-care guide, older Australians are struggling to keep up with the growing digital divide, with more than 80 per cent of people aged 65 and older struggling to adapt to the changes in technology or learn digital literacy. One in four Australians are also classified as digitally excluded, whether that's due to a lack of digital skills or an inaccessibility to digital services like smartphones and computers. I've had countless constituents visit my electorate offices as they have had issues dealing with government departments and their mad rush to the digital age. This mad rush is leaving older Australians behind.

The cornerstones of any trusted, secure and inclusive digital ID system are that there be strong, robust and voluntary safeguards. In the context of these bills, 'voluntary' refers to the legislated capacity for individuals to choose to use and create or not to use and create a digital identity when interacting with the entities within the AGDIS. These bills do not satisfy the opposition that the AGDIS will operate on a genuinely voluntary basis. As noted in the opposition's dissenting report, we're concerned that the AGDIS will fail to operate without causing detriment to those individuals who choose not to create a digital identity. The opposition is also concerned that the digital ID systems of the state and territory governments, which will form an integral part an expanded AGDIS, will not operate with the same voluntarist and inclusivity of safeguards required of Commonwealth entities.

Let me be clear: the opposition is strongly of the view that any government, be it federal, state or territory, must be offering an alternative non-digital means to access government services. This condition must be satisfied and established in the legislation accordingly of any state and territory government which wishes to join and expand AGDIS. Failure to extend the exemption to state and territory government entities will have the effect of significantly undermining trust, choice, inclusivity in the AGDIS, and the opposition will not allow that.

I wish to also quote Senator Canavan and Senator Rennick's additional comments regarding the Digital ID Bill:

1.2 The Government claims that the use of a Digital ID would remain voluntary under its scheme. However, section 74(4) of the Bill provides the Regulator with the power to allow businesses to require the use of a Digital ID if it is "appropriate to do so". While the Bill seeks to provide some examples of where a Digital ID may be required to be mandatory, there is no limitation on the Regulator's powers but the vague and open-ended requirement for a mandatory requirement to be "appropriate to do so."

1.3 In effect, the Government's Bill provides no protection against the creeping expansion of Digital ID requirements under the Regulator's powers. If the Government is serious about claiming that its Digital ID scheme is "voluntary" it is not clear why it cannot limit exceptions to its voluntary standard to a narrow, prescribed list of circumstances.

1.4 In addition, even for those businesses that do not receive an exemption, the Bill provides no requirement for an organisation to provide non-digital ID services on a similar basis. For example, a bank could very easily make it very difficult for someone that wants to use traditional identification documents to open account by making people wait weeks for an appointment, or through a variety of other methods. There are no protections in the Bill that would stop a business just making life hard for its customers that choose a non-Digital ID option.

Many stakeholders have given evidence that the government's phasing model of the Australian government ID system expansion is misguided. The Australian Banking Association said of the lack of timeline for expansion required:

publication of timelines against each phase as soon as possible to enable industry alignment with delivery timelines.

These concerns were echoed by the Tech Council of Australia, who recommended the government:

Provide greater clarity on the proposed timing of the phased expansion of the Australian Government Digital ID System and ensure swift integration of private providers

The National Australia Bank provided this statement:

With multiple private sector Digital ID offerings either in-market or preparing to enter in 2024, slowing the ability for the private sector to fully participate risks inhibiting innovation and uptake of Digital ID …

Australian Payments Plus, who were accredited under the existing, trusted digital ID framework by the former coalition government to operate ConnectID said:

AP+ does not however support the proposed phased approach to the sequential expansion of the AGDIS—

the Australian government Digital Identity System. For the lack of clarity regarding the government's phasing approach, the Business Council of Australia recommended:

The Government prioritise and clearly outline a timeline for private sector access to and use of the legislated digital identity system.

The Commonwealth Bank, in their submission, urged the government to rethink the phasing, arguing the following:

CBA does not support the proposed phased approach of the AGDIS rollout. In keeping with the design principle of citizen choice, consumers should have the ability to choose their preferred trusted Identify Provider …

In conclusion, Labor's bill does not adequately ensure it is truly voluntary. Every Australian deserves the same quality of service, regardless of how they're accessing it, be it through digital ID or face-to-face. The government should not proceed with this bill until such time as they've reformed the Privacy Act. There should be simultaneous private sector participation in the AGDIS, ensuring that ID is a truly national whole-of-economy solution. The coalition has worked hard and in good faith to address the flaws in these bills by moving amendments in the Senate. Our amendments would have enhanced the privacy protections for Australians who choose to use digital ID. These amendments were not supported and, accordingly, I oppose the Digital ID Bill 2024 as I feel it will cause more harm than good, and this is nothing more than over reach by the current Labor government.

See this speech in context