27 Sep 2015
Adjourned debate on second reading.
(Continued from 24 September 2015.)
The Hon. A.L. McLACHLAN ( 16:40 ): I rise to speak to the Summary Offences (Biometric Identification) Amendment Bill 2015 and indicate that I will be speaking on behalf of the Liberal members of this chamber. During my second reading, I will be raising a number of questions in relation to this bill which I would like the government to respond to in their summing up ahead of the committee stage in order to facilitate the further debate that will inevitably occur in the committee stage.
The bill amends the Summary Offences Act 1953 to permit the use of mobile fingerprint scanners by South Australia Police. We understand that South Australia Police currently operate 150 of these devices, but under current law they need to obtain the consent of the person being fingerprinted before they can be utilised. Currently, under section 74A(1) of the act, if a police officer has reasonable cause to suspect that a person is committing an offence or is about to commit an offence or that person may be able to assist in the investigation of an offence or suspected offence, the police can require that person to state all or any of their personal details. If that person refuses, they commit an offence under the Summary Offences Act. The penalty, I understand, is a fine of up to $1,250 or imprisonment up to three months.
Pursuant to the bill, a police officer will have the power to, in the same set of circumstances, require that person to submit to a biometric identification procedure using a mobile fingerprint device. Under the bill, a scan of the person’s fingerprint is taken on the spot by the police. The portable system will then send the scanned data to the National Automated Fingerprint Identification System and a hit or no-hit will be returned. If a hit is returned, the person’s identity and criminal history will appear on the screen. The same maximum penalty will apply for failure or refusal to submit to a biometric identification procedure as at in the current provisions for failing to state personal details.
The bill provides that biometric data must not be stored for longer than is reasonably required for the purposes of carrying out the identification procedure. The bill introduces a new offence prohibiting persons from retaining or storing biometric data derived from the identification procedure for longer than is required for the purposes of carrying out the procedure. The maximum penalty is equivalent to the penalty for unauthorised storage of a DNA profile under the Criminal Law (Forensic Procedures) Act 2007, being a fine of up to $10,000 or up to two years imprisonment.
There has been some opposition to the introduction of this bill, significantly from the Legal Services Commission, and some concerns expressed by the South Australian Bar Association. In a letter from the Legal Services Commission to the Attorney-General dated 13 April 2015, they advised as follows. The commission’s main concerns related to clause 74(1)(b) of the draft bill. The commission would prefer to see the use of this technology restricted to circumstances where the police have reasonable cause to suspect a person has committed, is committing or is about to commit an offence.
The commission considers that the circumstances described in clause 74(1)(b) of the draft bill, where the police officer has reasonable cause to suspect that a person may be able to assist in an investigation of an offence or suspected offence, are too broad and would allow police to engage in ‘fishing’ expeditions amongst a large number of persons for matters unrelated to the case under investigations and are simply too intrusive. The Bar Association expresses similar concerns in a letter to the Attorney-General dated 27 May 2015, and I will just read a couple of the more significant paragraphs, which state:
These powers with respect to a suspect are safeguarded by the need for the relevant officer to make an application to take fingerprints from a person suspected of a serious offence that is punishable by imprisonment. If necessary, this application may be made via telephone to an Inspector of Police or a higher ranked officer.
They are referring there to the current power to take fingerprints, which is found in sections 7 and 14 of the Criminal Law (Forensic Procedures) Act 2007. The letter continues:
We are concerned as to the proposed power to substantially expand the scope of police powers when they already have strong powers and investigative tools to acquire the necessary information for identity. The giving of a name and address has the ability to be quickly checked.
The letter goes on to say:
The concern of the expansion of powers is primarily for the situation of someone who may be able to as sist in the investigation of an of fence or suspected offence.
They share similar concerns to those of the Legal Services Commission. The essence of this submission is that there are sufficient powers that are extant in their operation. This bill potentially signals the Orwellian future that awaits us. I fear, although I hope it is unjustified, that this bill may originate from the desire of the police to ultimately have the ability to invade our privacy at will. I hope that is not the case but, with some of the legislation coming before this chamber, it appears that they have a continued desire and drive to adopt practices that suit them rather than the community that they are supposed to serve.
The nature of these amendments are such that there needs to be a proper explanation to this chamber—and I ask for it—as to what the police procedures will be when they are handling this device. This device is not like a breathalyser. It is not specifically prescribed under legislation and therefore there are regulations that allow for the expansion of the biometric identification procedure, but not of the device itself.
Therefore, some of my questions to the government relate to how we can have assurance that this device is operating accurately but also is not storing the data that is prohibited for longer than is reasonably required. In particular, is there any chance that, when the portable system is interfacing with the national automated fingerprint identification system, the fingerprints will be stored inadvertently?
We have all read and understand that there are many instances, both in the policing sphere and outside of it, of data being retained inadvertently. I would be seeking an assurance from the government that this has been properly investigated and that we have some assurance or even auditing practice so that fingerprints are not retained inadvertently or unintentionally.
I also raise the question: how do we know that the fingerprints are not being stored? I understand that the scanners that are currently being used destroy the image on the machine the next time you use the machine, but what practices are going to be put into place to ensure that, if a machine may be left on the shelf or is not used in an intervening period, it is cleansed of someone’s fingerprints? It seems to me that would be inconsistent with what is reasonably required.
Is there going to be an audit of these devices or some sort of audit of the practices on an ongoing basis to give the community assurance that they are not only being used correctly but they are fit for purpose, and continue to be fit for purpose, and that there is not even unintentional keeping of people’s personal data—in this case, fingerprints?
It seems to me that whilst there is an appropriate criminal sanction for unauthorised storage, there does not seem to be any compliance mechanism that is accompanying it, either in the body of the legislation or being stated to this chamber to give the members necessary assurance that the operation of this bill, when it comes into law, is appropriate and practicable. In essence, there seems to be the opportunity for the police to be policing themselves. How will we ever know unless there is an external body ensuring that the law is being complied with?
In relation to the new offence which is for prohibiting persons from obtaining or storing, I would like clarity around who would be charged in those circumstances. Is it the police officer? Is it those in the police force who are accountable for the operation and maintenance of the equipment? Is it senior officers such as the police commissioner who have issued directions in relation to using the equipment? We could have a situation where a police officer, following procedures, using the equipment, technically breaches the law or even knowingly breaches the law by facilitating the storage of the fingerprint for an unreasonable period of time.
We are advised by the government that the wider use of mobile fingerprint scanners by the police will improve identification rates and reduce the incidence of people avoiding being identified. I ask the government to advise on how many occasions have members of the community been asked to voluntarily provide their fingerprints using the biometric scanners, and how many times have they refused? The collection of this data, in my view, would be absolutely necessary to justify the statements being made by the government and the warranting of this amendment.
Also, on how many occasions have the police needed to have this system or some other system where they needed to provide identification in addition to the laws that are already in place such as driver’s licences or some other form of identification? I would have expected this data to be kept to warrant the need for these amendments, so they are of great interest to the Liberal opposition. In particular, how many occasions have individuals avoided being identified under existing laws, as I have indicated? Again, the number of incidences is really the driver for these laws and the consequence of possible invasion of people’s privacy.
I would ask the government to advise the chamber in its summing up, in essence, the practices and procedures that the South Australian police will be using to wrap around this bill if it is passed. In essence, as we are authorising the use of these sorts of testings, it is critical that we have assurances that not only will it be used reasonably but because it is of an electronic nature that the proper practices are in place to give assurance that the members of the public will not be inadvertently impacted. I ask the government the following questions:
•How many prosecutions have been made under the Criminal Law (Forensic Procedures) Act for offences of unauthorised storage of a DNA profile?
•How many apprehensions or arrests or warrants has South Australia Police made in the last five years due to an inability to confirm identification?
•What will police officers be required to explain to suspects before they can exercise the power; for example, will they be required to explain the reasons for the prints being taken and the power under which they are to be taken and that their fingerprints may be subject to a speculative search against other fingerprints?
•Are police officers going to be required to delete the image once the procedure has been conducted, or do they wait until they conduct the next identification procedure and wipe out the older one?
•How instantaneous is the response from the national database?
•When the fingerprint image is deleted from the mobile unit, does the device retain the deleted data in a back-up drive—and I use the example of photocopiers, which often retain images for long periods of time?
•What happens when a new device is being used by the police? How will parliament know that this new device has the comfort of sufficient operation that fingerprints will not be retained inadvertently into the future? We have received some assurances in the other place, but this is in relation to existing equipment that is being used.
•As I have indicated earlier, will audit procedures be in place to ensure that the data is not being stored on the prescribed time frame?
We have seen in the federal sphere difficulties with the retention of personal data. What comes to mind for me is the incident in 2014 regarding the Department of Immigration, which is a classic, where data was released more broadly and not retained in the manner that it should have been. In my view, we are in desperate need in this state for an adequate privacy regime, with an adequate enforcement arm, which will give comfort to our community, because with this legislation and these sorts of regimes or amendments maintaining the trust of individuals is paramount.
If individuals believe that data about them is going to be held securely or deleted, where appropriate, and only collected for stated purposes, they may be more comfortable relying on the organisations to inform them and to seek their consent for the use of personal data, or to hand it over. This, across a range of government instrumentalities, is the issue of the day.
Much of my questioning to the government is based around giving the Liberal opposition the assurance that the government will maintain the trust of the community and not overtly or inadvertently retain data that it should not otherwise retain.
I indicate the Liberal opposition’s support for the second reading, but I look forward to the government’s responses in the summing up ahead of the committee stage. We potentially flag that, depending on the government’s responses, we may have further questions at the committee stage.View source