Responsibility for biometrics and identity policy in the federal government, as well as the controversial national facial recognition database that remains non-operational, will move under Attorney General Mark Dreyfus to be closer to the lead cybercrime agency.
On Thursday, Prime Minister Anthony Albanese signed off on an Administrative Arrangements Order that will see identity and biometrics policy transfer from the Department of Home Affairs to the Attorney-General’s Department.
Home Affairs will, in turn, take ownership of protective security policy, which requires federal government agencies to implement the Essential Eight cybersecurity strategies and was employed to ban TikTok on government-issued devices in April.
A spokesperson for the Attorney General Mark Dreyfus said that “identity and biometrics policy, strategy and delivery and identity matching services will transfer” as part of the Machinery of Government changes to “better align” with privacy and cybercrime priorities at the department.
Cybercrime formally became part of Mr Dreyfus’ purview in October last year, several months after the Australian Federal Police – which is tasked with fighting cybercrime – moved over from Home Affairs.
Identity crime costs Australia more than $3.1 billion each year, according to the recently released National Strategy for Identity Resilience, and is “a key enabler of terrorism and of serious and organised crime”.
The spokesperson also said that housing protective security policy under Home Affairs would support the critical infrastructure, cybersecurity, and resilience priorities being led by Home Affairs minister Clare O’Neil.
“The Attorney General and the Minister for Home Affairs and Cyber Security and their respective departments are working closely together to ensure the transition in implemented seamlessly,” the spokesperson said.
The transfer of biometrics and identity policy to AGD’s comes as the Albanese government prepares to introduce legislation to expand its Australian Government Digital Identity System (AGDIS) across the broader economy.
Draft legislation is expected to be released for consultation in the coming weeks and be introduced to federal Parliament before the end of the year. Finance minister Katy Gallagher last month said legislation for the AGDIS could be in place as soon as mid-next year.
Facial recognition laws that were rejected by Parliament’s intelligence and security committee in 2019 could also arrive in parallel, with the government considering new legislation that would “enable facial biometric verification using state government data sources”.
Th National Strategy for Identity Resilience, which was signed off by federal, state and territory minister in June, said biometrically anchored digital identity credentials that work across state boundaries could become the norm in Australia.
The laws will also likely expand Identity Matching Services (IDMS) to include a range of new services to identify, recognise or verify a facial image, including the Face Verification Service (FVS) and Face Identification Service (FIS).
The FVS, which allows a person’s photo to be matched against the image on their identity documents with consent, already exists for government agencies, and will expand to government and private sector in the future, in part to prevent the copies of credentials from being stored.
But FIS will be limited to use by national security and law enforcement agencies for one-to-many matching of photos against other photos held in government records to help with identification or detect fake identities.
The services would be supported by the National Driver Licence Facial Recognition Solution, which was agreed to be state and territory ministers in 2017 but is not yet in operation due to the failed Identity-Matching Services Bill in 2019.
In January, Home Affairs awarded Fujitsu a $37 million to Fujitsu Australia to provide managed services for the IDMS scheme, including the Document Verification Service (DVS) and Face Matching Service.
