The Department of Home Affairs has gone to tender seeking an industry partner to help deliver a new, cost-efficient Identify Management Services (IDMS) system to help tackle rising rates of identity crime in Australia.
The IDMS, which currently operates as a three-pronged system, supports agencies in detecting and preventing identity fraud, providing law enforcement agencies with tools to help identify persons of interest in cases of false or stolen identity.
Home Affairs will contract a managed services provider to build and deploy components of the IDMS System, with the selected provider required to host and manage all elements of the system.
The IDMS comprises three core components: a Document Verification Service (DVS); Face Matching Services (FMS); and a National Driver Licence Facial Recognition Solution (NDLFRS).
The NDLFRS is used to verify a person’s identity using their facial image from drivers licences and photo identities issued by state and territory roads agencies.
With an embedded facial recognition analytics capability, the NDLFRS is used to detect and deter the creation of, and subsequent use of fraudulent identity cards “by ensuring that they are only issued to customers who have their identity confirmed”.
Among the key requirements of the tender is that the current NDLFRS, presently provided by an unnamed managed service provider, remain fully operational during the “transition-in” to a new platform.
The Department may also seek the potential amalgamation of the currently separate DVS and FMS platforms into a single Hub.
The DVS, implemented as part of the 2005 COAG National Identity Strategy, provides a secure, national, real-time, and online (and public-facing) service to confirm whether a particular evidence-of-identity document (such as a licence or birth certification) provided by an individual applying for a benefit or service is authentic, accurate and up-to-date. The service is currently also made available to Australian state and territory government agencies.
The DVS platform was first piloted back in 2005 and rolled out nationally the following year. In 2012-13, the service was extended to the private sector, enabling approved businesses, with client identification obligations, to check the accuracy of identifying documents.
The DVS Hub maintains connections to 14 State, Territory, Commonwealth and commercially operated data sources to which an information match request is made.
The Face-Matching Hub (FMH), also known as the National Facial Biometric Matching Capability (or simply ‘the Capability’) and perhaps the most technologically complex and controversial of the three IDMS systems, was first deployed in 2015 off the back of Federal counterterrorism legislation.
The Hub enables Commonwealth agencies and state law enforcement to match a photograph of an unknown person with photographs on government records, such as passports and driving licences, effectively putting “a name to the face of terror suspects, murderers and armed robbers” and other criminals, Michael Keenan, the then minister for justice and the minister assisting the prime minister on counter-terrorism said at the time of ‘the Capability’s’ release.
Tender documents state the FMS “[enhances] the ability of authorised participants to detect and prevent the creation and use of fraudulent identities by providing a mechanism for secure, automated and auditable sharing and matching of facial images” with authorised authorities.
“By improving the ability of government agencies to share and match facial images, the FMS provides a means of detecting the creation and use of fraudulent identities.”
An extension of the DVS, which only shares biographic information, the FMS can biometrically match biographic information with a photo held on record by document issuers, such as the Department’s Immigration and Citizenship records and the Australian Passport Office.
Among the critical requirements tabled in the tender are that each of the IDMS Hubs must have a web-based portal interface to submit information match requests. These are all to be hosted, managed and maintained by the contracted service provider.
The service provider must be able to host data up to a PROTECTED level, with data sovereignty and management to remain in Australia as per the Australian Cyber Security Centre’s requirements.
With identity theft among the most common crimes in Australia today, Home Affairs stressed its key role in strengthening the integrity and security of Australia’s identity infrastructure.
A survey by the Australian Institute of Criminology (AIC) found that 1 in 4 Australians have been victims of identity crime at some point in their lives.
The annual economic impact of identity crime exceeds $2 billion, according to the AIC.
Further details on the tender notice can be found here, with applications closing on 11 March.