A new system that will allow Australian law-enforcement agencies to share facial images amongst themselves is expected to be in place next year.
Responding to questions on notice from Senate Estimates, the Attorney-General's Department said the system will support a one-to-one matching functionality to confirm identities of known individuals before phasing in additional functionality to match unknown individuals.
"The technical architecture of the capability will adopt a hub-and-spoke model to facilitate 'query and response' matching requests between participating agencies," the department said. "The capability will allow agencies with a lawful authority to collect and share existing holdings of facial images (via the Hub) to check the validity of images presented to them with facial image holdings of other agencies."
"There are currently over 100 million facial images held by agencies that issue identity documents."
An initial list of agencies that will have access include the Department of Foreign Affairs, the Department of Immigration and Border Protection, the Australian Federal Police, the Australian Security Intelligence Organisation, Defence, and the Attorney-General's Department under the auspices of AusCheck.
The Attorney-General's Department said it is working with Austroads, the association of Australasian road transport and traffic agencies, to develop a business case for adding drivers' licences into the system, and will attempt to reach agreement on a "preferred national approach" by the end of the year.
The department said the system is designed to share still images, and ruled out the addition of directly feeding licence plate cameras or closed-circuit TV into the system. However, stills from such cameras could be used.
"The capability is designed to replace existing manual, ad hoc facial image sharing arrangements between agencies, providing an efficient, secure, and accountable mechanism through which images can be shared and matched," the department said.
Rather than creating a new centralised database, the department said the system will function in a hub-and-spoke topology to avoid "considerable privacy and data security concerns".
"The design and operation of the hub will be informed by independent privacy impact assessments, conducted in consultation with federal and state privacy commissioners," it said.
The ABC reported earlier this week that the federal government had failed to conduct privacy impact assessments on nearly 90 percent of national security measures introduced in the past 14 years.
One of the agencies with access from the start, Australian Customs and Border Protection Service, said earlier this year that it would increase its surveillance of Australians' telecommunications once mandatory data-retention legislation had taken effect. The passage of those laws in March was jointly ensured by the Australian government and the Labor opposition, when both voted for the collection of telecommunications data of all Australians to be be retained for two years for warrantless access by law-enforcement agencies.
In March this year, the personal details of the world's G20 leaders, including passport numbers, visa details, and dates of birth, were accidentally emailed to the organisers of the Asian Cup by a staff member of the Department of Immigration and Border Protection (DIBP), which chose to avoid notifying the leaders.
This incident is far from the first time that the DIBP has found itself in hot water for sharing personal details. In February last year, the DIBP published the details of approximately 9,250 asylum seekers.
A report from the Office of the Australian Information Commissioner found the DIBP to be in violation of the Privacy Act.