National Document Verification Service Project (DVS)

Is this the biggest privacy threat this year? If so, nominate it for a Big Brother Award!

Current Status

The Australian Government's national identity security strategy has various projects hanging off it, one of which is the Document Verification Service (DVS).

[See also the related National ID Card project, also known as the 'Human Services Access card' or national 'smartcard', which is intended to use the DVS as part of its registration process.]

The DVS has been described as an online service "to check the validity of proof of identity documents against the issuing agency". The DVS project is therefore about rooting out the problem of fake foundation documents, such as the fake driver's licence or birth certificate, which are then used to apply for a passport or for social security benefits.

The DVS was initially funded as a pilot project during 2005-06. However in the May 2006 federal budget, a further $28.3 million was allocated to the DVS, to roll it out on a national basis. Very little information about the DVS is available publicly, and no independent Privacy Impact Assessment has been done. Any internal privacy impact assessment, or evaluation of the pilot (if either has even been done), has not been published.

From what we understand to date about the DVS, its strength could be in its support for a dispersed identity model (rather than following a centralised population register model - i.e. the national ID card model), and secondly because it is apparently intended to work in a way to minimise privacy intrusions.

We think the DVS system itself is supposed to be 'blind' and to hold no data; the agency being asked to verify its document does not know the identity of the organisation asking the question; and the questioning agency is only given a minimal yes/no response.

But that's only how we think the DVS will work - we don't actually know the details. Nor, it would seem, did the government officials who appeared before a Senate Committee last year to explain the project. In a perfect example of poor policy decision-making, it was stated that "the details will be worked out as we build (the DVS)".

We're not exactly sure which agencies are involved either.

In May 2005 the Australian Attorney General's Department claimed before the Senate that the prototype / pilot project would involve only DIMIA, DFAT, Austroads, and the NSW, Victorian and ACT registries of Births, Deaths & Marriages.

But the NSW Privacy Commissioner's website suggests otherwise - in December 2005 he gave an exemption from the NSW privacy legislation to the NSW Roads and Traffic Authority to participate in a DVS pilot between 30 November 2005 and 30 June 2006. That exemption was extended in July 2006 for a further 12 months, to 30 June 2007.

The other projects under way under the auspices of the national identity security strategy, according to the government, include:

Some of the questions we ask of DVS and its sister national identity security strategy projects are:

[See also the related National ID Card project, also known as the 'Human Services Access card' or national 'smartcard', which is intended to use the DVS as part of its registration process.]

Unfortunately not everyone seems on board the national identity security strategy yet. The message about tackling identity fraud through dispersed identity rather than centralised identity is not getting through – and as a result we risk making the problem worse.


Media Releases