Report urges facial ID transparency
Facial recognition: Committee calls for transparency in the tools used to deliver this security capability.
The federal government should be more transparent about its use of facial recognition technology and work more closely with the private sector in development ICT tools for law enforcement, a Parliamentary Committee has said.
The Parliamentary Joint Committee on Law Enforcement also recommended that the government create a new taskforce comprised of public and private sector members to monitor the development of new and emerging tech gaps in Australian law enforcement.
The committee’s report on the impact of new and emerging ICT was tabled last week after a year and a half inquiry. The report focuses on a wide range of law enforcement-related tech issues, including biometrics, encryption and Internet of Things.
It recommended that the government be more transparent about how the federal government is using facial recognition technologies in law enforcement.
In October 2017 former Prime Minister Malcolm Turnbull announced a big expansion of the government’s facial recognition capability, with a new near-$20 million National Facial Biometric Matching Capability.
This will involve one-to-one image-based verification matching, where a photo is matched with an image stored on government records, along with one-to-many matching, where a photo of an unknown person can be matched with the records of state, territory and federal governments to establish their identity.
Legislation underpinning the new system is currently before Parliament and the subject of a number of reviews. The Department of Home Affairs has also refused to reveal of the provider of its Face Identification Service algorithm, claiming immunity from Commonwealth procurement rules.
The government-led Parliamentary Committee said the government should be more transparent about these issues.
"Publicly releasing additional technical information about the nature of the facial matching scheme, and the process for ensuring that there are not false matches, in order to inform the public about its operation and to allow informed debate about its use and future database links," the report said.
The committee also called on the government to take into the Law Council of Australia’s recommendations, which included the development of a regime to detect, audit, report on, respond to and guard against events that may breach biometric data security, communicate breaches to the general public and publicly release additional technical information.
The report addressed the government’s highly controversial Assistance and Access Bill, which was passed by Parliament on the last sitting day of 2018 and will remain unamended before the May election.
The committee said there needs to be better engagement with stakeholders on both sides to ensure the right balance is found.
"The committee acknowledges there is an inherent tension between these and those engaged in this debate have, at times, strongly held and opposing views. It is for this reason that where the appropriate balance lies between law enforcement needs and civil rights and liberties must be resolved by the Australian government together with the Australian public, and not just by one or the other," it said.
"The Committee accepts that there are cogent arguments put by government and law enforcement agencies for legislative reform to occur expeditiously. However, that need for swift enactment of law enforcement powers should not come at the expense of public engagement and debate on these issues."
The committee has "urged" the government to ensure that public consultation is undertaken when "investigatory powers to tackle cybercrime are similarly amended or introduced in this country".
There is also a need to establish a new taskforce featuring members from ICT, legal, law enforcement and security industries to "monitor the development and examine and advise on the impact of new and emerging ICTs on Australian law enforcement".
This taskforce would identify specific gaps and vulnerabilities in the current legislative and regulatory frameworks limiting the ability of law enforcement to "investigate, disrupt or otherwise deal with cybercrime" and consult and advise on the balance between investigatory powers to tackle cybercrime and their impact on civil rights and liberties.
The inquiry also looked at the risks associated with Internet of Things devices, and recommended that a public awareness campaign be conducted on the potential vulnerabilities associated with these technologies and to provide guidance to consumers on how to best protect their privacy when using them.