The Federal Privacy Commissioner has described identity fraud as a "gross invasion of privacy" and supported government efforts to fight it, while warning strong protections must accompany any proposal from the start.

The Minister for Justice and Customs, Senator Chris Ellison announced this week a feasibility study into linking the databases of government agencies together to create a single large database accessible to each government body. A spokesperson for the Minister told ZDNet Australia   part of the feasibility study was to see whether it was appropriate to allow non-government organisations -- such as financial institutions -- to view the database.

"In combating fraud we need to ensure the privacy cure is not worse than the privacy disease," the Federal Privacy Commissioner, Malcolm Crompton, told ZDNet Australia  . "Any proposals that come out of this feasibility work must include strong legal and technological protections from the very start. This includes possibly much stronger protections than currently in the Privacy Act and other legislation."

Roger Clarke, ebusiness consultant and board member of the Australian Privacy Federation -- which is formulating a policy position on the matter -- was less reserved, claiming the issue was being blown out of proportion.

"We're in the midst of a huge beat-up by the US and Australian governments," Clarke told ZDNet Australia  . "Identity fraud is much as it's always been. It's there; it sometimes costs people money, inconvenience and embarrassment; and it's part of the economic system."

"The vast majority of what the two governments are talking about is once-off abuse of credit-card details to buy something on someone else's account. That's part of the design of Visa and MasterCard," said Clarke. To be fair, both Visa and Mastercard have recently attempted to combat misuse of the credit card system.

Clarke disagreed with Crompton that identity fraud was a 'gross' invasion of privacy, drawing a distinction between Identity Fraud, which encompasses several fraudulent credit card transactions over a short period of time, and Identity Theft, which is a long series of transactions over an extended period compromising a person's ability to continue using their identity. Clarke reserves the epithet for the second event.

However, Clarke said it was a reasonable idea to conduct a study of identity documents, so long as the study recognises the difference between authenticating a document and authenticating someone's identity.

Clarke listed the sorts of things that could be checked about documents:

• check that the document was actually issued by the appropriate organisation (e.g. a citizenship certificate by the Dept of Immigration) - to address the risk of forged documents used by a fraudster;
• check that the content of the document is the same as that recorded in the relevant organisation's database -- to address the risks of a genuine document being adapted, and of a document being created by a fraudster using a combination of legitimate and modified data;
• check whether the document has been previously used as evidence in support of an application (e.g. has this birth certificate been previously used as a basis for getting a passport?) - to address the risk of multiple people carrying documents derived from the same 'breeder' documents.

He warned care was needed in the process, citing the example of a criminal obtaining a passport using someone else's birth certificate, and the real person being treated like a criminal when they tried it.

"This all comes back to the critical point that, contrary to the Minister's assertion, birth certificates are not 'primary identification documents'," said Clarke. "There's absolutely nothing to tie a birth certificate to a person."

Clarke said that a Births Registrar did not have responsibility for an identification document. "Births Registrars simply record the facts of birth advised to them by an informant. They have a responsibility to provide copies of information in the Register to anyone who requests them unless they have grounds for suspicion," he said. "They are not part of Ellison's rampant national security apparatus."

Both Crompton and Clarke said there is not enough published detail about the feasibility study to determine whether it raises any privacy concerns in itself.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.