Tania Lawrence (Hasluck, Australian Labor Party) Share this | Hansard source

I rise to speak on the Digital ID Bill 2024. We need greater online security. We've seen over the last few years now just how many internet scams are being experienced across the country. Criminal and sometimes malevolent state sponsored actors, or even state actors, have found ways to subvert and steal personal documents and identities, and sometimes phone numbers and bank accounts.

The ACCC Scamwatch report shows that our seniors have been especially vulnerable, having not grown up with online cues that others perhaps are more accustomed to. They find themselves not only more susceptible to scams but also more targeted. The National Anti-Scam Centre reports that Australians lost $2.74 billion in scams in 2023 and $3.1 billion in 2022. That small decline is due to the strong action taken by the Albanese Labor government and the Minister for Cyber Security since coming to office, but it is still a huge amount of money and we cannot be complacent—especially with the advent of commercial AI and the danger that it carries. Obviously, we're not even counting there the cost of the personal toll and stress this takes on any single person subjected to these scams.

Yes, we've seen a serious number of data breaches in Australia across the corporate world. The Latitude Financial breach in 2023 saw 14 million customers affected across Australia and New Zealand, and Medibank had 9.7 million people affected by a breach in 2022, when a Russian based gang demanded a $10 million ransom. The Optus data breach in 2022 saw 9.8 million customers affected. These breaches don't just affect current customers but they also reach into the past. The Optus breach, for example, included personal information collected by Optus as far back as 2017. In 2018 the ANU suffered a breach which was not discovered until six months later. The information stolen included names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers, payroll information, bank account details and even student academic results.

Instead of having to provide identification documents again and again to all manner of private organisations, companies and departments—some of which, or their parent entities, reside offshore and are not always effectively or even directly subject to our laws—this legislation will enable us all to secure an ID and provide it once. We can then rely on that single government-ratified point of reference to satisfy ID requirements for all manner of purchases, memberships, contracts and registrations. It is a voluntary scheme, designed to allow all of us to more easily and securely protect ourselves in day-to-day dealings with government, business and other organisations which require proof of identification.

I have received correspondence about concerns around the introduction of the digital ID—unfortunately, inflamed by some of those opposite trying to link it to various conspiracy theories. Some of those opposing the ID do so because they don't actually understand its purpose or its benefits to security. To explain, I can say that, where adopted, the system will make people safer than they are at present, as they will be providing their personal data to one highly secured repository, rather than to many different ones, some of which have lax security and some of which, as we have said, have data being held offshore. But those concerns that centre around privacy and the voluntary nature of the scheme are, in fact, legitimate, and I thank my constituents for raising these matters of concern with me. Being a responsible government, we've ensured that privacy is built into the legislation. Express consent is required to create a digital ID, and that consent can be withdrawn at any time. Guardrails are there to prevent the collection of particular types of information. This will prevent data profiling, tracking or the use of data for marketing purposes.

I know we all use different platforms for different reasons, be they for shopping or banking. But even just to be able to book accommodation online you now have to offer up not just your drivers licence as proof of ID; you also have to take a photo of your face for facial ID recognition. This data is now being held by an overseas organisation and we've got no assurance as to where that data is being used or who it's being sold on to. We're interacting day to day with organisations that require us to produce personal identification in order to be able to access their services. It's these sorts of examples that go to the heart of this bill. It's intended to ensure that people can have a means of providing a single digital ID so that all that sensitive data that could potentially be misused or manipulated isn't held by people around the world.

Digital ID is being embraced as an answer to online criminal activity all over the world. Germany has one, Hungary is launching its digital ID, India has a digital ID, Sri Lanka has a digital ID—

Singapore has a digital ID, Malaysia has a digital ID, and many countries are developing one, including the UK, Ethiopia, Kenya and Bahrain. In Germany, in fact, for the member for Kennedy's information, reports indicate that 63 per cent of Germans are using it. They feel confident and comfortable with the fact that it's far better to have a single source of ID that's encrypted, rather than having to engage with every single business or entity and share their personal identity and information instead. They are voting with action by utilising their system.

In fact, the previous government started looking at this as long ago as 2016 but, for whatever reason, was unable to finish it, because in their work between 2016 and 2022—six years—nothing was done. But perhaps, like many other portfolio areas, this was yet another case where there was division in the party room. But, as Minister Husic commented in regard to this issue in 2018, they couldn't keep track of all the projects that were going off the rails. In yet another example, the member for Bradfield spoke in this debate on the amount of time and energy it can take for any person in this country to prove their identity to a bank. He used the words 'long, cumbersome and painful process'. I can only agree. It's yet another reason why this legislation should, in fact, have been enacted a long time ago, and it's why we're getting on with it now.

The member for Bradfield also described the proposed governance structure of the Digital ID Bill as 'fragmented' because different parts of that governance structure are responsible to different ministers. That is not a design fault; that is a design feature. Wholly reasonable concerns about privacy, probity and security need to be met by a structure that instils confidence, partly by ensuring that different parts of the governance structure are independent of each other. We cannot have public confidence if checks and balances are not built into the system. The member for Bradfield also had the gumption to speak of 'dither and delay'. The government of which he was part did little else on this and across so many areas. We are acting. We are catching up with the world. The bill is here and, given that the opposition were trying without success to put it together on their watch, they should be supporting it now and not pretending that they won't go out and register themselves for a digital ID as soon as they can, too.

How are we showing our commitment to this digital ID? We're certainly doing it with a lot of money—$288.1 million has been allocated for the national digital identity program. The 2024-25 funding will be used to run pilots with the private sector and to develop the infrastructure, the regulation and the security. Businesses will be able to participate in the scheme within two years of the passage of this bill. Most of this funding—$156 million—will be spent by the Australian Taxation Office to upgrade the myGov platforms to allow users to securely access government services on behalf of a business using a digital ID. Another $23.4 million will be spent to upgrade the encryption of the myGov and myGovID platforms because we rightly expect that the security for this system will be of the highest order.

In summary, the use of this digital ID will be voluntary. Organisations will need to provide alternatives for those who do not wish to use the system. It won't be difficult, as each organisation or government department already has a system for requiring and proving ID. This bill will reduce the need for people to share their personal and identification documentation and other information repeatedly with the many departments and businesses that now require it as standard practice. This bill will make people safer. It will make the holding of our personal identification more secure and convenient—and we'll ensure it's voluntary. I commend the bill to the House, and I thank the minister for her stewardship.

See this speech in context