News

Privacy experts fear the Home Affairs minister will ignore a warning from parliament’s most powerful committee and push ahead with his plan for national surveillance. By Mike Seccombe.

Dutton’s plan for a surveillance state

Home Affairs Minister Peter Dutton in parliament on Thursday.
Credit: AAP Image / Mick Tsikas

We’ve all seen it in some American police drama: the line-up from which a victim of crime is asked to pick out the perpetrator among a range of suspects.

Now envision a situation where those suspects are selected by an algorithm capable of scanning the biometric data of almost every citizen of the country, held on a single central government database. Where we are all potential suspects, all the time, and, unlike those in an old-fashioned line-up, are completely unaware of it. Where any one of us – particularly if we are female or a person of colour – could be falsely identified on the basis of a picture taken as we go about our daily life, on the street or at the football. Where the state could go after dissenters, in the style of the crackdown on protesters in Hong Kong.

In summary, you have the basis of a regime of mass surveillance, enabled by artificial intelligence. And you have the future as envisioned by Peter Dutton’s Department of Home Affairs.

“The perpetual line-up” is how Emily Howie, legal director at the Human Rights Law Centre, describes the consequence of two pieces of legislation proposed by the government. It’s a phrase borrowed from academic researchers at Georgetown University in Washington, DC, who in 2016 compiled a paper on the threats posed to personal privacy and civil liberties by the widespread use of facial recognition technology.

They were alarmed to find that one in two Americans was in a law-enforcement facial recognition database. But what is proposed in the Identity-matching Services Bill 2019 and the Australian Passports Amendment (Identity-matching Services) Bill 2019 is even more wide-ranging. Here, the database would include anyone who has a passport, driver’s licence or other photographic identification held by federal, state or territory governments. That is to say, almost everyone.

Unsurprisingly, a long list of legal and technical experts and human rights organisations have expressed concern about the plan.

The Law Council of Australia not only raised red flags about the wide net of the database, but also expressed doubts about the accuracy of the system in identifying individuals; the adverse impacts of false matches on their privacy; the undermining of the notion of informed consent; the potential for targeting on the basis of race, ethnicity or religion; the prospect of using the technology in cases of trivial offences; the lack of safeguards; weak oversight; the prospect of misuse by not only the government but also the private sector; the lack of penalties for such unauthorised use; and the open possibility that the rules could be changed “to expand the scope and operation of identity-matching services” in future.

The government’s own Human Rights Commission submitted that “the Bill would impinge on a number of human rights in ways not demonstrated to be necessary and proportionate to achieving its objectives”.

“Rights that are particularly likely to be limited are the right to privacy, freedom of movement, the right to non-discrimination, and the right to a fair trial, though this is not an exhaustive list,” the commission summarised.

“The Commission reiterates its principal recommendation that the Bill not be passed.”

It is not uncommon for such organisations to offer criticism of proposed legislation, particularly in the case of national security legislation, which is often highly contentious. Sometimes amendments are made as a result.

But seldom have bills been so roundly criticised on so many grounds.

However, what is really extraordinary is what happened on Thursday morning when the parliamentary joint committee on intelligence and security (PJCIS) – long distinguished for its seriousness of intent, non-partisanship and unanimity – substantially agreed with those critics in their submissions and evidence.

It recommended the bills be dumped, redrafted in their entirety.

Almost two decades on from September 11, 2001, after the passage of 75 separate pieces of national security legislation – with negative impacts on civil liberties, government accountability and press and other freedoms – the PJCIS determined this was finally a bridge too far.

In tabling the report, the committee’s chair, Liberal MP Andrew Hastie, was circumspect in his language.

He noted that “the genesis of the bill came from the need to combat the growing incidence of identity crime” and that “many participants to this review expressed broad support for the underlying objectives and rationale of the bill”.

But, he said, the committee also shared the concerns raised by participants who said the legislation lacked “robust safeguards” and “appropriate oversight mechanisms”.

A redrafted bill, he said, must be “built around privacy, transparency and subject to robust safeguards … subject to parliamentary oversight, and reasonable proportionate and transparent functionality”. It must, he added, be referred again to the PJCIS for review.

The shadow attorney-general, Mark Dreyfus, QC, also a member of the committee, was more blunt in his assessment.

“The Identity-matching Services Bill purports to facilitate the exchange of identity information pursuant to the objectives of an intergovernmental agreement reached by COAG in October 2017, but it includes none of the limitations or safeguards anticipated by that agreement. The bill includes almost no limitations or safeguards at all,” he said.

Under the “face identification service” provided for in the bill, Dreyfus said, “a law-enforcement agency could submit a facial image for matching against a database of facial images contained in government identification documents, such as a database containing every driver licence photo in Australia. In return, the agency would receive a small number of matching or near-matching facial images from the database. The agency could then access biographical information associated with those images.”

Dreyfus noted that many submissions to the inquiry raised “the potential for such a service to be used for mass or blanket surveillance – such as CCTV being used to identify Australians going about their business in real time”.

He continued: “The Australian Human Rights Commissioner, for example, submitted that the bill ‘appears to contemplate intrusive surveillance of persons or, indeed, of the community at large before any crime has been committed and indeed, potentially, before there is any reason to believe that a particular crime will be committed’.

“… If there is no intention for the proposed identity-matching services to be used to engage in mass surveillance activities, the government should not object to amending the bill to ensure that those services cannot, as a matter of law, be used in that manner.”

The shadow attorney-general noted in particular that there was nothing in the bill to prohibit authorities from using the proposed face-matching services to identify people exercising their right to protest.

That would be concerning at “the best of times”, Dreyfus said, but was all the more pressing given what he described as “the authoritarian disposition” of the minister in charge: Peter Dutton.

“It was only this month that the minister for Home Affairs, the minister responsible for this very bill, called for mandatory prison sentences for people who engage in protest activity, called for the same people to have their welfare payments cancelled, and also called for them to be photographed and publicly shamed,” Dreyfus said.

It was a tough speech, but still, in the view of some, too charitable – for Dreyfus suggested the government did not intend mass surveillance and that Dutton and his department had not considered the implications of the proposed legislation.

But as Labor’s Anthony Byrne, the deputy chair of the PJCIS, points out, the government’s first attempt to establish an all-encompassing database was in 2014.

“It was as part of an omnibus bill, the counterterrorism and foreign fighters bill. They tried to sneak through a regime by which they could have anything, in terms of biometrics and facial recognition, just by regulation [i.e. without the need for further legislation],” says Byrne. “It was hidden away in the explanatory memorandum.”

The PJCIS rejected that attempt. It said that if the government wanted such collection of biometric information, it should bring legislation – setting out clearly what powers were sought – and proceed only after consulting on privacy concerns and referring the bill back to the committee.

In October 2017, the Coalition won agreement from the states for a regime of data sharing and identity matching. It was sold largely as a means to combat identity fraud, but the legislation subsequently produced was very broad and omitted agreed safeguards.

It was referred to the PJCIS, which took submissions and evidence from various groups, including those already mentioned, about the possible implications, described by Emily Howie as “Orwellian”.

The legislation lapsed with the calling of this year’s election, before the PJCIS could deliver its report. But the government couldn’t have been unaware of the serious concerns raised.

Yet a few months ago, the bills came back in identical form. The PJCIS is the most heavyweight and bipartisan of committees. Only on the rarest of occasions over decades have its recommendations not been adopted by government – until this government.

This suggests there was nothing unintended in the original legislation, and raises the prospect that this week’s rebuke by the PJCIS will not necessarily be the end of the matter.

In July, the government ignored a series of recommended changes to another piece of security legislation: the foreign fighters bill. And Dutton signalled his intention to continue to ignore PJCIS recommendations he did not consider to be in the interests of national security.

During debate on that bill, the Home Affairs minister launched an unprecedented attack on the committee, calling it “a management tool for the member of Isaacs” – Mark Dreyfus.

Through the committee, Dreyfus “waters every bill down”, Dutton claimed. He declared he would not allow security agencies to be “stymied” by the shadow attorney-general.

The tirade was widely seen as an insult not only to Dreyfus, but to the entire committee, on which the government has a majority. There are no soft lefties here. Hastie, the PJCIS chair, is a former SAS soldier and is generally considered a hardliner on security matters. Tasmanian hard-right senator Eric Abetz is also a member.

This is not to say the decision to reject the recent legislation was driven by the umbrage committee members felt, although some of them might have enjoyed slapping Dutton down.

It may have affected the timing of the report’s tabling, during an already difficult sitting week in which the government has been under attack for its undermining of democratic freedoms, particularly freedom of the press.

The committee was due to hear from witnesses last week, but the hearings were cancelled at short notice. They reportedly had already heard enough from opponents of the bills, and from Dutton.

Human rights advocates who were lobbying against the bills suggest world events may also have served to underline to committee members the inherent threats in the bills.

“I think the China factor is a real concern for some committee members. It might have concentrated some minds,” says Emily Howie, pointing to recent events in Hong Kong, where Carrie Lam sought to ban the wearing of face masks so dissidents could be identified by facial recognition technology, as one example.

“We have seen what can happen, at the dystopian end, in the control the Chinese government has over the Uygur people, or its social credit system,” says Howie.

She notes that Hastie, in particular, has been an outspoken critic of the Chinese government’s surveillance program.

“I’m not saying that we’re anything like China at the moment, but we need to stop and grapple with what kind of society we want,” says Howie.

“It is not insignificant that three cities in the United States, including San Francisco, the home of Silicon Valley, have actually decided to ban facial recognition.”

While Dutton’s proposal may not have led to omnipresent, real-time video monitoring of the citizenry, as is the case in China, Ed Santow, the human rights commissioner, explains to The Saturday Paper that it is worth understanding what it would enable.

“Assume a police officer has a photo of someone, perhaps taken in a crowded sports stadium. They suspect that person of having committed a crime, but they don’t know that person’s identity,” he says. “Essentially, they can put the photo of that person [into the system], and it will spit out a gallery of photos of people who might be that person.

“The police might narrow that down to a shortlist of say, half a dozen. Then the system will provide a whole swath of personal information – biographical and sensitive personal information – about the people on the shortlist.

“At least five of the six people in that hypothetical are not actually suspects, and quite possibly six of them, actually,” he says.

After all, artificial intelligence is still very prone to error, Santow explains.

He points to a trial run last year by the London Metropolitan Police. “They put a series of photographs of people who they were actively looking for through a very sophisticated facial recognition application. And they came up with 104 matches. The bad news was that 102 of those matches were incorrect – a false-positive rate of about 98 per cent.”

Other studies, notably the Gender Shades project by the Massachusetts Institute of Technology Media Lab, found facial recognition technology was particularly prone to mistakes when trying to identify women and people of colour. The darker the skin of the subjects scanned, the higher the error rate.

This uncertain technology would not only be available for use in what Santow describes as a “ticking time bomb” situation – time-sensitive cases where extreme measures may be warranted – but for “a very, very large range of purposes”.

“It can be used for what the government calls ‘crime prevention’, and when you look into what crime prevention means, it is incredibly broad,” he says.

“The bill is not limited to law enforcement in any way. So there are various other government bodies that can request identity-matching services, but also some companies, banks, those sorts of bodies would all be able to make requests.”

No one suggests there are no advantages to be won from data matching, properly safeguarded. But facial recognition technology is already in use in Australia with little oversight. Recently, the city of Darwin used federal money to buy 138 CCTV cameras, equipped with facial recognition technology – which it has promised not to enable, yet.

Earlier this year, Stadiums Queensland followed the lead of New South Wales and Victoria, quietly trialling CCTV with facial recognition at its venues. The stadiums displayed no warnings such technology was in use. The move set off privacy fears, particularly that spectators’ biometric data could be shared with state and federal police and other government agencies.

Legislation is urgently needed, say the lawyers and civil libertarians.

But not what is planned by Peter Dutton. Not the sort that puts us all in a digital line-up.

This article was first published in the print edition of The Saturday Paper on Oct 26, 2019 as "Dutton’s plan for a surveillance state". Subscribe here.

Mike Seccombe
is The Saturday Paper’s national correspondent.