AUSTRALIAN government plans to increase the use of facial recognition in its counterterrorism strategy raise concerns about privacy and how the technology will be used in everyday policing.
Details of the $AU18.5 million National Facial Biometric Matching Capability were announced last week by Michael Keenan, the minister for justice and the minister assisting the prime minister on counterterrorism.
Keenan said the scheme — known as “the capability” — will allow Commonwealth agencies and state law enforcement to try to match a photograph of an unknown person with photographs on government records, such as passports and driving licences. The aim is to help put “a name to the face of terror suspects, murderers and armed robbers” and other criminals.
This comes on the heels of government amendments to the Migration Amendment (Strengthening Biometrics Integrity) Bill 2015 in late August. These laws introduced a broad discretionary power for several Australian agencies to collect biometric data on both Australian citizens and non-citizens at the border and within Australia.
These amendments are expected to add even more records to the more than 100 million facial images already held by agencies that feed into the capability.
A closer examination of the capability reveals a number of concerns about its expected effectiveness and its impact on privacy.
If your passport, credit card, PIN or tax file number are compromised due to a security breach, they can be replaced fairly easily. Not so with your facial features. If a biometric database is hacked, the information can potentially be abused by criminals over your entire life.
The government insists the capability entails “strong privacy safeguards” but does not provide much detail beyond noting that facial recognition records will not be stored in a centralised database.
Instead, the records will be held by participating agencies, which will be able to reach in to one another’s records. But will it be effective? And what are the risks for privacy and human rights?
Current research shows that the latest facial technology is still plagued with error rates and inaccuracies.
Images collected through CCTV or social media platforms are hampered by poor lighting or indirect angles of faces, so it is often difficult to find an accurate match. For example, even with the volume of footage of the Boston Marathon bombing suspects, facial recognition wasn’t enough to identify the assailants.
It is also unclear how much the use of facial recognition is actually helping police make arrests.
There is also the question of accuracy. The FBI reportedly has a 20% error rate for its Next Generation Identification program.
In Australia there is no clear indication what authorities are willing to accept as an error rate when using facial recognition technology.
Like the data retention amendments, regulation of the collection and sharing of biometric identifiers in Australia is subject to executive ministerial discretion. Any other regulation of the capability is left to weak privacy legislation (which many of the agencies involved in the capability are exempt from) in the absence of a formal bill of rights.