Biometrics: Govt plays down concerns over mass surveillance, private-sector access

Officials from the Department of Home Affairs have sought to assuage concerns that a proposed national facial recognition service could lay the basis for mass surveillance.

The government currently has two bills before parliament mdash; the Identity-matching Services Bill 2018 and the Australian Passports Amendment (Identity-matching Services) Bill 2018 mdash; which are part of creating the legal infrastructure for the new system.

The Commonwealth, state and territory governments have endorsed the idea of a national, federated system for facial identification and verification, which could draw on the driver’s licence data held in different Australian jurisdictions as well as other sources of face images including passport and citizenship data.

In October 2017, the Council of Australian Governments (COAG) signed the Intergovernmental Agreement on Identity Matching Services (IGA) that committed them to promoting “the sharing and matching of identity information to prevent identity crime, support law enforcement, uphold national security, promote road safety, enhance community safety and improve service delivery, while maintaining robust privacy and security safeguards”.

The Identity Matching Services mentioned in the agreement include the existing federal Document Verification Service and Face Verification Service, as well as an Identity Data Sharing Service and a number of additional facial recognition services: the Face Identification Service; the One Person One Licence Service; and the Facial Recognition Analysis Utility Service.

The services are “not intended for mass surveillance,” acting first assistant secretary, Identity and Biometrics Division at the Department of Home Affairs, Andrew Rice, today told a federal parliamentary inquiry into the two bills.

He said the operation of the system meant that it couldn’t, for example, be hooked up to a live feed to provide real-time facial recognition of people in a public place. The Face Identification Service, for example, will operate through returning a collection of possible matches that a FIS-trained user would then have to sort through, he said.

The IGA says the FIS will provide “a gallery of the highest matching facial images, as determined by the facial recognition system”. The description of the service in the legislation does not seem to explicitly impose such an approach, however.

Earlier this year the Victorian government, which signed the IGA, raised a number of concerns about the proposed federal legislation. The IGA envisages potential private-sector access to the Face Verification Service and Document Verification Service. The document states, however: “The private sector will not be given access to the other Face Matching Services or the Identity Data Sharing Service.”

There is no equivalent prohibition in the bills mdash; which was acknowledged by Home Affairs.

Rice told the inquiry that the government was “future proofing the bill” by not banning private-sector access

“We said to them [the Victorian government] that we drafted the bill on the question of private-sector access to allow for future use,” he said. “However we have recognise, as the IGA does, that there’s a separate policy process that state ministers would go through in order to agree to private-sector access.

“So we were future proofing the bill but knowing that we needed to get the agreement of state ministers and that’s what happened with the various stages of the Document Verification Service as well. So we were allowing for a future event.”

Also a question of “future proofing”, Rice said, was the bill’s provision that allows the minister to define new types of identity information that could be covered by the system.

The bill outlines a range of information that is considered identity information, such as name, date of birth, data contained in a passport or driver’s licence, and facial images. It also bars certain categories of information, such as racial or ethnic origin, political opinions, membership of political or religious organisations, sexual orientation, health information and genetic information.

However, the bill has the provision that identity information can include “any information that is prescribed by the rules and relates to the individual” mdash; leaving ministerial discretion to define new types of identity information as long as they aren’t part of the prohibited categories.

“We’ve allowed for that provision for future proofing,” Rice said.

Asked whether that meant identity information could potentially be expanded to include fingerprints, gait analysis, sweat, pore and body odour analysis, or retina scans, he said: “Yes it could allow for those things.”

However, he added: “Do we have any plans? No we don’t... this whole system has been conceived on the basis of using what’s already there. We don’t have iris holdings that are searchable and I think some of those other modalities ... are nascent modalities ... in a biometric sense.”


Copyright © 2018 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon