Alex Antic (SA, Liberal Party) Share this | Link to this | Hansard source

I move:

That this bill be now read a second time.

I seek leave to table an explanatory memorandum relating to the bill.

Leave granted.

I table an explanatory memorandum and I seek leave to have the second reading speech incorporated in Hansard.

Leave granted.

The speech read as follows—

Earlier this year, the parliament passed the Digital ID Bill 2024 and the Digital ID (Transitional and Consequential Provisions) Bill 2024 without allowing for debate in this chamber.

This Bill will repeal the Digital ID Act 2024 and Digital ID (Transitional and Consequential Provisions) Act 2024 and reverse the consequential changes made by the latter.

The fact that Bills as important as these were simply passed without allowing members of the parliament the opportunity to scrutinise and debate the details and practical operations of them indicates that the government does not welcome scrutiny.

Labor's explanation for the supposed need for a Digital ID system, and the circumstances in which Australians will be required to create one, could probably not withstand it, hence they rushed the Bill through without debate.

The point of having parliamentary debate is that elected representatives bring not only their own concerns but the concerns of their constituents to the chamber in the hope that informed discussion would create laws that help the Australian community to flourish.

Sadly, Labor simply hopes that Australians will not notice their clunky, haphazard, and potentially draconian Bills being ushered through. Is it any wonder, then, that more and more Australians, and indeed people throughout the western world, are becoming disillusioned with the democratic process and our longstanding institutions?

Labor have dismissed any concerns with the potential for their Digital ID Act to be misused and have repeatedly assured us that the Digital ID system will be voluntary and will make Australian cybersecurity more secure and our transactions more convenient.

However, the Digital ID system as passed has the potential to make it difficult to access certain key services without a Digital ID. Having a government issued Digital ID may not be "mandatory" in the sense that Australians will be forced to use it, but if it becomes very difficult to do, say, online banking, without a Digital ID, then it might as well be mandatory.

It may not be mandatory in the strictest sense, but you will have to "choose" to create one if you want to work in certain professions and access certain basic services. Section 74 of the Act reads:

(1) A participating relying party must not, as a condition of providing a service or access to a service, require an individual to create or use a digital ID.

Note: The effect of this subsection is that a participating relying party that provides a service, or access to a service, must provide another means of accessing that service that does not involve the creation or use of a digital ID through the Australian Government Digital ID System.

(1A) A participating relying party is taken to contravene subsection (1) if:

(a) the participating relying party provides the service, or access to the service, by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and

(b) either of the following apply:

(i) the other means is not reasonably accessible;

(ii) using the other means results in the service being provided on substantially less favourable terms.

Essentially, a relying party requiring the use of the Digital ID system must provide their service(s) in another way that does not require a Digital ID and is "reasonably accessible" and not "being provided on substantially less favourable terms." At first glance, subsection 74(1A) appears to provide some level of protection from a mandatory Digital ID, especially when compared to the original version of the Digital ID Bill when first introduced in the Senate.

However, you do not need to dig far past the surface to discover that in practical terms subsection 74(1A) does not do much to prevent a Digital ID being required in almost all aspects of your domestic, personal and professional life.

What exactly does "reasonably accessible" and "substantially less favourable" mean? These are details that could have been ironed out had Labor allowed us to debate the Digital ID Bill at the time.

Is a bank "reasonably accessible" if you must drive to your local branch in order to transact using a bank that requires a Digital ID to access online banking?

What about a farmer who must drive two hours to the local branch? Is that bank making their service "reasonably accessible" in those circumstances?

Section 74 of the Act continues:

(2) Subsection (1) does not apply to a service of a participating relying party if:

(a) the service provides access to another service; and

(b) the individual can access the other service by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and

(c) the other means is reasonably accessible; and

(d) using the other means does not result in the other service being provided on substantially less favourable terms.

This section is essentially clarifying subsection 74(1A). To illustrate that point, the Digital ID Act provides the following example (unchanged from the original version of the Bill as introduced in the Senate):

To open a bank account, ABC Bank requires new customers to verify their identity. ABC Bank allows customers to do this in person at each branch of ABC Bank or alternatively by using the bank's online application service, which requires the use of a digital ID. Jacob wants to open a bank account with ABC Bank but he does not wish to use his digital ID to do so. Because Jacob can verify his identity by going to his nearest branch instead, ABC Bank does not contravene subsection (1).

A bank may require customers to use the government's Digital ID service to use its online banking services. There's no reason to presume the exemption applies only to opening new accounts. The example provided could be a deliberately innocuous example used to mislead Australians into believing that "voluntary" really does mean "voluntary" when even the slightest interrogation of the Act and the example contained in it reveals a much less voluntary system than advertised.

In the example provided, Jacob is welcome to go to the bank and do his banking in person if he does not want to create a Digital ID, but if Jacob currently does most of his banking online then Jacob needs to start regularly travelling to his nearest branch.

Given this example, we have an answer to the question about whether travelling to a local branch is "reasonably accessible." The Act's own example says that it is. There are more exemptions in section 74. Paragraph 74(3)(a) provides that a Digital ID may be mandatory where "the participating relying party is providing a service, or access to a service, to an individual who is acting on behalf of another entity in a professional or business capacity…"

This exemption to voluntariness ensures that anyone representing a corporate or business entity will have to create a Digital ID of their own so that their personal identity can be verified. This is a potentially subversive avenue through which many Australians might be required to create a Digital ID, even if they don't want one for themselves, as it becomes a condition of their employment.

Subsection (4) of section 74 states:

Subject to subsection (6), the Digital ID Regulator may, on application by a participating relying party, grant an exemption under this subsection to the participating relying party if the Digital ID regulator is satisfied that it is appropriate to do so."

That's hardly a comforting statement. The regulator being "satisfied that it is appropriate to do so" is ambiguous, and the reference to subsection (6) doesn't change much, as what that reads is:

"the Digital ID Regulator must not grant an exemption under subsection (4) to a participating relying party that is:

(a) a Commonwealth entity, or a Commonwealth company, within the meaning of the Public Governance, Performance and Accountability Act 2013; or

(b) a person or body that is an agency within the meaning of the Freedom of Information Act 1982; or

(c) a body specified, or the person holding an office specified, in Part I of Schedule 2 to the Freedom of Information Act 1982.

Subsection 74(4A) was inserted as an amendment to clarify this section before the Digital ID Act was passed:

(4A) In deciding whether to grant an exemption under subsection (4), the Digital ID Regulator must have regard to whether granting the exemption in relation to the participating relying party's service would unduly undermine access to services of that kind.

This subsection is seemingly designed to reassure us about the voluntariness of the system but is still susceptible to the same ambiguity as the other exemptions. The fact that the regulator "must have regard to whether granting the exemption… would unduly undermine access to services of that kind" does not necessarily mean that they will not grant an exemption anyway, only that they must have "regard" to this in some nebulous fashion.

Commonwealth entities and agencies essentially mean government and parliamentary departments, meaning the Digital ID Act is saying that government departments will not be able to require Australians to use the Digital ID to access their services. However, there remains broad scope in the Digital ID Act for minimising peoples' ability to engage in online transactions, including when it comes to banking. In my view, the protections against an unreasonable and dangerous degree of government control are not nearly robust enough here.

Continuing through section 74, subsection (5) states:

Without limiting subsection (4), the Digital ID Regulator maybe satisfied that it is appropriate to grant an exemption [from not being able to make the ID mandatory for accessing services] if:

(a) the participating relying party is a small business (within the meaning of the Privacy Act 1988); or

(b) the participating relying party provides services, or access to services, solely online; or

(c) the participating relying party is providing services, or access to services, in exceptional circumstances.

The phrase, "Without limiting subsection (4)" is important. Subsection 74(5) is not saying that these are the only examples of when an exemption may be granted, it is merely listing a few examples. We don't know the full scope of the criteria for exemptions.

Small businesses receive permission to require people to use a Digital ID, as does any relying party that provides services solely online. This has serious implications. The large proportions of shops and services Australians use every day are small businesses and online shopping is now ubiquitous. With these exemptions in place, it will suddenly become very difficult for those who do not wish to subscribe to the Digital ID system.

Furthermore, the phrase "exceptional circumstances" raises questions. The Explanatory Memorandum tells us that "this may apply during an emergency situation such as flood or fire," but I think it's fair to say that "exceptional circumstances" is a broad term that leaves open many possibilities.

Finally, we keep on hearing about how convenient and secure this Digital ID system would be. Our data, we are told, will be safer in one centralised digital location than it is when it's spread all over the digital realm. However, The Adelaide Advertiser recently reported that "The Albanese government has admitted sensitive information was lost after a cyber-attack. The hack was allegedly carried out by a Russia-linked hacker. The Prime Minister's office, the Reserve Bank of Australia and Australia Post have been confirmed as victims of the hack. Around 62 offices have been confirmed to be included in the breach. The government confirming information lost in the breach includes data relating to national security and law enforcement, legal advice and medical information."

At the risk of pointing out the obvious, if Labor can't protect their own data, which relates to national security, then it seems unlikely that they're sufficiently competent to protect yours.

With the Digital ID Act in place, we continue to tip-toe into a future in which the government exercises more control over what you can and cannot do based on your compliance with their agenda. In my view, subscribing to a Digital ID service, where your personal information and data is stored, should not be a prerequisite for online banking or shopping. The government may arbitrarily determine that the nearby (or faraway) bank is "reasonably accessible."

I am introducing this Bill in the hope that the parliament will contemplate the dystopian direction it has the potential to lead our country down.

We ought not to allow Australia to carelessly wander in this direction. We should repeal the Digital ID Act 2024.

I seek leave to continue my remarks later.

Leave granted; debate adjourned.