Privacy Foundation: Put ID card 'on hold immediately'

The Australian Privacy Foundation (APF) has expressed concerns over the Federal Government’s plans for the introduction of a national ID ‘smart’ card.

The move follows a report in the Australian Financial Review which detailed the resignation of the head of the smart card task force, James Kelaher.

The AFR reported that Kelaher had warned Human Services Minister Joe Hockey “against financial management and privacy protection plans for the $1 billion dollar ID card project.”

Kelahar had also urged Hockey “not to base the project inside new Department of Human Services, and not to abandon a proposed external expert/stakeholder advisory board offering independent checks on privacy and security,” the AFR reported.

In response to the incident, the APF’s vice chair, David Vaile, said in an emailed statement that the “conscience resignation” of the new Australian ID card's architect confirmed its concerns about the project.

He said the ID card project was not ready for a multi-billion dollar budget commitment, lacked proper governance - particularly in relation to personal data security and privacy issues, and was proceeding without adequate safeguards protecting both persons and information about them stored in online databases.

"The Budget should not contain $1 billion for a project the details of which are so uncertain, and on which such doubt has already been cast by one of its architects as well as by external experts", Vaile said.

"The government's refusal so far to release any significant information about the details of the massive project, and their dismissive underestimation of cost, technical and security questions, suggests they may have something to hide - probably that they have not done their homework on these key issues."

Vaile said the APF was now calling for the immediate release of full technical, risk management, security, privacy, governance, cost/benefit, stakeholder input and operational details about the plan.

The project should also be immediately put on hold until the government has taken the population into its confidence and any unresolved problems had been identified and analysed with input from external stakeholders and security, privacy and IT risk management experts, he added.