December 16, 2015 -
A preliminary privacy impact assessment of the federal government’s plan to establish a National Facial Biometric Matching Capability (NFBMC) signals that the system will maintain strong privacy safeguards when it comes into operation in mid-2016, according to a report by ZDNet.
All 16 recommendations made by Information Integrity Solutions were accepted in part or full.
Some of the recommendations included improving security measures by developing templates for interagency data sharing agreements, complying with Australian Privacy Principles, and limiting the amount of metadata that will be collected to include transaction number, requesting and receiving agency, and purpose and authorization.
As well, the privacy impact assessment (PIA) supported the “hub and spoke” design of the system, which will mean agencies will be able to share images from their existing databases without creating a new centralized database. The preliminary assessment is just the first of a series of PIAs that will be conducted through the design and implementation of the system.
The review also recommended the greater use of biometrics to address vulnerabilities in current name-based identity checking arrangements that can enable people to use multiple identities when dealing with government agencies.
Minister for Justice Michael Keenan explained that the purpose of the NFBMC will be to help government agencies combat identity crime, organised crime, and terrorism. “It enables law enforcement and selected government agencies to share and match photographs on identity documents such as passports to strengthen identity-checking processes, while maintaining strong privacy safeguards,” he said.
Privacy activists, such as Australian Privacy Foundation vice-chair David Vaile, are still concerned though.
“Biometrics, unlike any other form of identification, is tied to your biological existence, which has some benefits for its use as an identifier but it has the great downside that if something goes wrong, if it’s breached, if it’s hacked, it can’t be revoked,” Mr. Vaile said. “It’s not like cutting up a credit card or getting a new phone number or something. Basically if anybody manages to get this, they breach the security, potentially you’re compromised for life.”
The Australian government announced back in September that it would be spending AU$18.5 million to establish the National Facial Biometric Matching Capability.
The Department of Foreign Affairs, the Department of Immigration and Border Protection, the Australian Federal Police, the Australian Security Intelligence Organisation, Defence, and the Attorney-General’s Department will have first access to the system.