The federal government is experimenting with a system that would allow Australians to use selfies to log onto Centrelink, Medicare and other Commonwealth services.
Prime Minister Malcolm Turnbull's digital re-invention agency is designing a system that would use "bio-metric" facial recognition technology to allow easy log-ins while protecting accounts from identity thieves.
The Digital Transformation Agency insists that no collection or data base of images would be built, the system would be voluntary and the strictest privacy safeguards would be in place.
But privacy activists are worried the idea is simply a high-tech version of the unpopular "Australia card" plan, resurrected more than 20 years after the national ID scheme was dumped.
The government is determined to improve to access to its services online, to save time and money, and to step-up the automation of many of its core activities, particularly in the expensive health and welfare sectors.
But security and privacy has been a huge issues, with many of the problems associated with the much-maligned myGov portal put down to the complex and glitch-prone log-in protocols.
Improvements have been made to myGov but now the Digital Transformation Agency is working on a next generation online entry point that would ultimately allow a user to access about 1500 government entities with a single log-in.
The new project, the "Trusted Digital Identity Framework", is a huge undertaking, according to an initial Privacy Impact Statement, produced by consultants Galexia.
"This is obviously a very significant decision at the Commonwealth level," the consultants noted.
"The TDIF is a complex program involving multiple Commonwealth stakeholders, possibly all States and Territories, plus the private sector."
A user of the proposed new system, after establishing their account, would log-in by scanning their traditional forms of ID and as a fail-safe against hacker and identity thieves, take a selfie and upload it from their mobile, tablet or computer.
Central the the architecture of the scheme would be an online "identity exchange", a portal that would confirm to a government agency, Centrelink for example, that a user's identity had been verified and cleared to use their account but would not supply the photo or any other data used to make the confirmation.
But talks with "stakeholders" including state and federal privacy authorities as well as online privacy campaigners, have begun to reveal the full complexity of the privacy problems facing the TDIF.
Many of those consulted were surprised they had not already heard of such a game-changing project and questioned the motivation for the decision.
"Stakeholders queried whether due consideration had been given to the failure of previous centralised models in the Commonwealth identity field, such as the Australia Card and the Access Card," Galexia reported.
There were worries that various parts of the system "would obtain, over time, a large and rich source of personal data that will be attractive to third parties for surveillance...or subject to external attack (e.g. hackers), and or subject to accidental breach."
"The consequences of surveillance or a breach were likely to be significant," Galexia noted.
""Some stakeholders predicted that, over time, each [agency] would collect biometric information (photographs) and contribute to the development of a national data set of photographs.
"Although there is no intention to retain photographs in the TDIF, and they are destroyed as soon as a verified match has been made, stakeholders believed that 'it was only a matter of time' before the system was changed and photographs were retained and shared."
A prototype of the TDIF system is expected to be ready for testing in mid-2017.