Privacy group wants Australia to appoint a biometrics commissioner
The Australian Attorney General’s Department is planning to add up to 12 million passport photographs to its Face Verification Service this year, which has prompted recommendations from a privacy rights organization to appoint a biometric commissioner to protect the privacy of Australians, according to a report by Innovation Aus.
Unveiled last November, the Face Verification Service (FVS) initially held only the citizenship images of those individuals born overseas who are applying for Australian citizenship. The image is provided as part of the application process, and is managed by the Department of Immigration and Border Protection.
Now, an estimated 12 million images from Australians’ biometric passports are set to be made available to the FVS, a system that is designed to help combat identity theft by matching a photograph against a verified facial biometric.
The system is expected to play an integral role in the Digital Transformation Agency’s Govpass digital identity framework which is currently under development.
Angus Taylor, assistant minister for cities and digital transformation, said that participation in Govpass will be entirely voluntary.
However, the agency will continue to add biometric data to the FVS and Face Identification Service (FIS), regardless of whether a citizen has opted to be included or not. The agency is also in talks with states and territories to include access to millions of driver’s licence images, according to a spokesperson for the Attorney General’s department.
Queensland Privacy Commissioner Philip Green said that state/commonwealth politics and costs could result in significant challenges.
He said that while states were willing to share information for law enforcement purposes, he is concerned about the privacy risks relating to identity verification services, adding that a third-party organization ought to conduct individual state privacy impact assessments before any image sharing agreement is finalized.
Information Integrity Solutions did conduct a privacy impact assessment of the underlying platform for the FVS and FIS in 2015 but the assessment was focused on design and governance rather than the potential privacy impact of the plan itself.
However, a paper published in the current issue of the UNSW Law Journal assesses the privacy implications of face verification and identification.
Authored by Dr Monique Mann, lecturer at the Queensland University of Technology and a director of the Australian Privacy Foundation, and Marcus Smith, adjunct professor at the University of Canberra, the paper states that there is a “significant governance gap” regarding the Commonwealth’s planned use of biometric information.
The paper also reports that the federal government is already collecting data from a range of sources, including $1.6 million being awarded to the Australian Federal Police in 2016 to collect images from external data sources such as social networks.
The authors point out that while the government must gain either the knowledge or consent of an individual before collecting biometrics such as fingerprints or voiceprints, it does not need to follow the same protocol when retaining images from social media.
The paper also explains that the country’s lack of a Constitutional Bill of Rights, as well as the many exemptions in privacy legislation have ultimately led to a biometrics governance gap.
“If you look to overseas jurisdictions there have been a series of high profile cases indicating that the retention of biometric information can contravene fundamental privacy rights” and that at present Australians would have no obvious avenue for complaint,” Dr Mann said, adding that Australia should follow the UK’s lead and appoint a biometrics commissioner of its own to help address the governance gap.
The FVS allows agencies to verify an individual’s identity and will support Govpass, whereas the FIS will match a photo image of an unknown individual against multiple government records to help establish their identity.
According to a spokesperson from the Attorney General’s department, “the FIS will be used to detect people using multiple fraudulent identities and/or suspects of serious and organised crime. Access to the FIS will be limited to police and security agencies, or specialist fraud prevention areas within agencies that issue passports and immigration and citizenship documents.”