Biometric data from driver's licences added to government database

your face used to track you by government.jpg

Your face is becoming the latest weapon in the world of digital surveillance, and the humble driver's licence looms as a game-changer in tracking individuals through both the real and virtual world.

Experts warn your biometric data may already be vulnerable to misuse by criminals and terrorists, as the proliferation of mobile cameras combined with social media and ubiquitous CCTV feeds mean we're caught on screen more than ever before.

Key points

  • Biometric data builds an online profile using your photo, age and address
  • This can then be matched against photos gathered from the internet or CCTV
  • The data can be used by government agencies, along with companies and criminals

Driver's licences will be added to the Commonwealth Government's already vast biometric databases after it struck an agreement with the states and territories, handing authorities access to an unprecedented level of information about citizens.

A system known as "the interoperability Hub" is already in place in Australia, allowing agencies to take an image from CCTV and other media and run it against a national database of passport pictures of Australian citizens — a process known as "The Capability".

But soon driver's licences will be added to the system, allowing both government and private entities to access your photo, age and address.

It is a $21 million system being sold as a way to tackle terrorism and make commercial services more secure.

But experts warn people now risk losing control of their biometric identity entirely as commercial interests, governments and organised crime gangs all move to capture more personal metadata for their own gain.

Driver's licences change the biometric game

Technology and legal expert Professor Katina Michael said about 50 per cent of the population already had some kind of visual biometric stored in a nationally-accessible database, but the inclusion of drivers licenses would see the proportion of Australians scooped up in the net swell to about 80 per cent.

She said one of the biggest risks of the collection of biometric data was not deliberate misuse by the AFP, ASIO or another government agency, but rather vulnerabilities in the way biometrics work.

Who can access your biometric data?

Document Verification Service (DVS) - government and private sector

  • Companies and government can run an identity document through a database to see if it matches information held on file, and that the document has not been revoked
  • Individual must consent before DVS used

Face Verification Service (FVS) - government and private sector

  • Enables a facial image of an individual to be compared against government records of that same individual, such as passports and drivers licences
  • Individual must consent or a legislative basis must be established to collect the information, and use must comply with the Privacy Act

Face Identification Service (FIS) - only law enforcement agencies can use

  • A facial image can be compared against multiple facial images held on a government database, including Australian citizens' passport photos and now driver's licences.
  • Multiple records of people who have a close match to the image are usually returned
  • An agency must have a legislative basis or authority to collect and use the information
  • Access is restricted to law enforcement agencies or those with national security related functions

"It's not like a one-on-one match, where you put (in) an individual's face and say: 'they're a suspect'," Professor Michael said.

"But rather what you get returned is a number of possibilities … you might get back 15, or 20, or 30, or 50 matches.

So you might have 50 innocent people being suspects, rather than the person that you're trying to catch

Professor Michael said this meant that while over time a person's name might be cleared, their data could remain in a database linked to a criminal investigation.

"And then I'm thinking, what happens to their level of innocence as time goes on, because they accidentally look like a minority group?" she said.

She said real criminals and terrorists would opt out of the system, choosing not to have passports and driver's licenses in a bid to escape the net.

"Of course, if you've done nothing wrong, the old adage says you're fine. But increasingly, we don't know if we're fine," she said.

The rise of 'uberveillance'

Professor Michael said modern surveillance methods employed by law enforcement were not just limited to CCTV — they now incorporated vast amounts of metadata and social media, leading to a concept known as "uberveillance" in which people were constantly monitored.

"What we have now are digital footprints that we all leave behind," she said.

"Phone call records, internet searches, credit cards and even the data on your electronic train or bus ticket can be used to track your movements and activity.

"It brings together all these various touchpoints, telecommunications records, travel data via tokens, facial recognition on federal databases, your tax file number … that's accessible depending on the level of crime and social media.

"You've got this very rich almost cradle-to-grave kind of data set that's following you."

We asked if you were concerned about driver's licenses being added to a biometric database.


Organised criminals want your identity

Stephen Wilson runs Lockstep Consulting, a Sydney-based firm which researches and tracks trends in biometrics in the corporate and government spheres, and advises clients on best-practice.

He said at the moment very secure biometric systems took quite a long time to process images accurately.

Problems arose when consumer convenience, such as being able to unlock a phone or access a bank account with a quick face or fingerprint scan, trumped security.

"No police force, no public service, no business is ever perfect, there is always going to be corrupt people," Mr Wilson said.

"The more exposure we have to electronic databases, the more exposure we have to biometric matching, it's only a matter of time before these bad actors succumb to temptation or they succumb to corruption and they wind up using these systems inappropriately."

Your biometric twin is out there

VIDEO: Professor says nothing to fear from federal driver's license database (ABC News)

Mr Wilson said biometrics were creeping into consumer services like bank accounts and online betting facilities, with customers asked to send a picture of their licence and a "selfie" that will be run through an identity matching service.

"The real risk is that bad actors will take people's photos, ask for a match, and get back a series of matches of people that are kind of like your biometric twin," he said.

"We've all got doppelgangers, we've all got people in public that look just like us.

"If you're trying to perpetrate a crime, if you're organised crime, and you're trying for example to produce a fake driver's licence, it's absolute gold for you to be able to come up with a list of photos that look like 'Steve Wilson'."

Technology companies like Apple and Samsung have championed the use of biometrics such as fingerprints, and this has taken a step further with facial recognition becoming more common thanks to the release of the iPhone X.

PHOTO: Apple's iPhone X has championed facial recognition technology. (Twitter: AppleEventos)

However Mr Wilson said a key difference was that information stayed on the phone, while banking and other commercial interests trying to use your biometrics to confirm your identity could be storing it on a server anywhere.

"Do you really want your photo, which is a pretty precious resource, sent off to a company perhaps on the other side of the world just so you can get a quick bank account or quick betting service set up?" he asked.

What will happen next?

An annual industry survey conducted by the Biometrics Institute, known as the Industry Trend Tracker, has nominated facial recognition as the biometric trend most likely to increase over the next few years.

Respondents believed privacy and data protection concerns were the biggest constraint on the market, followed by poor knowledge of decision makers, misinformation about biometrics and opposition from privacy advocates.

The Australian law reform commission says biometric systems increasingly are being used or contemplated by organisations, including in methadone programs, taxi booking services, ATMs and online banking, and access to buildings

Dr Michael said governments needed to be very cautious about how they applied this rich new source of data in the future.

She said governments were building these agreements between themselves and corporations in a bid to stamp out fraud, but that goal was not always achieved and the potential for mistakes was vast.

"What we have is this matching against datasets, trying to find the needle in the haystack," she said.

"Often what happens is we don't find the needle."

A statement from the Department of Home Affairs said the Australian Government was exploring making the Face Verification Service available to the private sector, but nothing had started at this point.

It said arrangements for private sector access would be informed by an independent privacy impact assessment and those using it would need to demonstrate their lawful basis to do so under the privacy act and where they had gained consent to use a person's image.


Source: Rebecca Trigger, January 15, 2018, "Experts sound alarm as biometric data from driver's licences added to government database", ABC News,

Reprinted in The New Daily here:

Furthermore, an interview with Professor Brian Lovell from the University of Queensland on the ABC further demystifies facial biometrics and the government's use of The Capability:


Kekhawatiran Semakin Terbukanya Data Pribadi di Era Digital

Kekhawatiran Semakin Terbukanya Data Pribadi di Era Digital

Senin, 15 Januari 2018 11:05 WIB

Wajah kita menjadi alat terbaru dalam dunia pengawasan digital. Dan di Australia kartu izin mengemudi mulai digunakan untuk melacak orang-orang, baik di dunia nyata maupun dalam dunia maya.

Data Biometrik

  • Sistem biometrik adalah mengenali seseorang berdasarkan ciri-ciri fisik, karakter, dan perilakunya
  • Data biometrik menggunakan data pribadi online lewat foto, usia, dan alamat tinggal
  • Data pribadi ini kemudian dicocokan dengan gambar yang terekam CCTV atau foto di internet
  • Data bisa digunakan oleh agen pemerintah, termasuk perusahaan, bahkan kelompok kejahatan

Para ahli memperingatkan data biometrik milik kita mungkin sudah rentan disalahgunakan oleh komplotan penjahat dan teroris, karena maraknya gabungan penggunaan telepon dan jejaring sosial serta adanya kamera CCTV dimana-mana, sehingga kita lebih sering tertangkap kamera.

Kartu izin mengemudi akan ditambahkan ke database biometrik di Australia, setelah adanya kesepakatan dengan negara-negara bagian dan wilayah khusus, sehingga pihak berwenang dapat mengakses informasi soal warga mereka dengan cara yang belum pernah ada sebelumnya.

Sebuah sistem yang dikenal dengan sebutan 'The Interoperability Hub' sudah ada di Australia, yang memungkinkan pihak-pihak berwenang untuk mengambil foto dari CCTV atau media lainnya yang kemudian dicocokkan dengan database foto-foto dari paspor. Proses ini dikenal dengan sebutan 'The Capability.'

Tetapi, setelah kartu izin mengemudi masuk ke sistem database baru, maka pemerintah dan sejumlah pihak swasta dapat mengakses foto, usia, dan alamat Anda.

Sistem ini sudah menghabiskan $21 juta, senilai Rp 210 miliar, sebagai cara untuk mengatasi terorisme dan membuat layanan komersial lebih aman.

Namun para ahli memperingatkan kini warga beresiko kehilangan biometrik mereka sama sekali, karena pihak komersial, pemerintah dan kelompok kejahatan terorganisir berupaya untuk mendapatkan lebih banyak data pribadi demi keuntungan mereka sendiri.

Kartu izin mengemudi jadi sumber data baru

Kartu izin mengemudi di Australia sudah ditambahkan sebagai sumber data biometrik

Pakar teknologi dan hukum, Profesor Katina Michael mengatakan sekitar 50 persen populasi Australia telah memiliki semacam biometrik visual tersimpan dalam database yang dapat diakses secara nasional. Namun dengan digunakannya kartu izin pengemudi akan menyebabkan lebih banyak data pribadi warga yang tersimpan dan membuat jumlahnya naik 80 persen.

Profesor Michael mengatakan salah satu risiko terbesar dari pengumpulan data biometrik adalah bukan penyalahgunaan yang tidak disengaja oleh kepolisian federal Australia (AFP), agen intelijen Australia (ASIO), atau agen pemerintah lainnya, melainkan kerentanan cara kerja biometrik yang rentan.

"Ini bukan seperti Anda memasukan wajah seseorang kemudian mengatakan, 'mereka adalah tersangka'," kata Profesor Michael.

"Tapi yang kita dapatkan adalah sejumlah kemungkinan... mungkin ada 15, 20, 30, atau bahkan 50 kemiripan."

Jadi, yang akan didapatkan bukan satu orang yang akan ditangkap, melainkan 50 orang yang tak bersalah menjadi tersangka.

Profesor Michael menjelaskan ini berarti bahwa meski nama seseorang bisa dipulihkan seiring waktu jika terbukti tidak bersalah, tapi masih ada dalam database yang terkait penyelidikan kriminal.

Orang diawasi secara terus menerus

Teknologi baru bisa memantau dan mengenali wajah orang di kerumunan.

Profesor Michael mengatakan metode pengawasan modern yang digunakan penegak hukum tidak hanya terbatas pada CCTV. Mereka juga sekarang bisa memasukkan sejumlah besar metadata dan jejaring sosial, yang mengarah ke konsep dengan sebutan "uberveillance" di mana orang-orang dipantau secara terus menerus.

"Sekarang kita memiliki 'jejak digital' yang ditinggalkan semua orang," katanya.

"Catatan panggilan telepon, apa yang dicari di internet, kartu kredit, bahkan data pada kartu elektronik kereta atau bus dapat digunakan untuk melacak pergerakan dan aktivitas Anda."

Apa selanjutnya?

Survei industri tahunan yang dilakukan oleh Biometrics Institute, yang dikenal sebagai 'Industry Trend Tracker', telah menyatakan teknologi pengenalan wajah kemungkinan akan menjadi tren biometrik yang meningkat dalam beberapa tahun ke depan.

Para responden survei merasa masalah privasi dan perlindungan data sebagai kendala terbesar, diikuti dengan pengetahuan yang buruk para pengambil keputusan, kesalahan informasi soal biometrik, serta penolakan dari pendukung privasi.

Komisi reformasi hukum Australia mengatakan sistem biometrik semakin banyak digunakan atau dipertimbangkan oleh banyak organisasi, termasuk program rehabilitisi narkoba, layanan pemesanan taksi, ATM dan perbankan online, serta akses masuk ke gedung.

Profesor Michael mengatakan pemerintah harus sangat berhati-hati dalam menerapkan sumber data baru yang melimpah ini di masa depan.

Menurutnya pemerintah sedang membangun kesepakatan antara pihaknya dengan sejumlah perusahaan untuk berupaya menghindari kecurangan, namun seringkali tidak tercapai dan potensi menyalahgunakan sangatlah luas.

"Apa yang kita lakukan dalam mencocokan dengan kumpulan data adalah seperti menemukan jarum di tumpukan jerami," katanya.

Dalam pernyataan Departemen Dalam Negeri disebutkan Pemerintah Australia sedang menjajaki pembuatan layanan verifikasi lewat pengenalan wajah untuk sektor swasta, namun upaya ini belum dimulai.

Disadur dari laporan aslinya dalam bahasa Inggris yang bisa dibaca disini.

Lihat Artikelnya di Australia Plus

Facial recognition: Feature creep may impose government's software in our lives, expert warns

It's known as 'The Capability' — government facial recognition software to match CCTV footage to passport photos. But new measures to give it access to drivers' licences have surveillance experts worried about what might come next.

Instant facial recognition software used for counter-terrorism could be used on the general public one day if the rules around the use of the software keep changing, a surveillance expert warns.

The ACT Government had this same concern with — though it has still signed on to the changes.

The territory's Attorney-General, Gordon Ramsay, said the ACT Government would continue negotiations on the biometric capability of the facial recognition software, known as The Capability, which matches faces from CCTV footage to passports — and with them, all of a person's associated data.

COAG has agreed to add drivers' licences to that system, and to speed up the week-long process, making The Capability instant.

But the ACT has asked for assurances that data will only be used outside of counter-terrorism when the Capability returns a perfect match.

It was the only jurisdiction that raised privacy concerns .

"One of the things that we would always be looking to is the access and the way that information can be used, they will be part of the ongoing negotiations," Mr Ramsay said.

'Before we know it…': worries over feature creep

But surveillance expert Professor Katina Michael pointed to an established trend of technology creeping up in scope and said The Capability would be no exception.

She expected the system to slide down a slippery slope of privacy erosion, eventually being used for petty crime, civil cases and a whole range of purposes unrelated to terrorism.

"It's a farce," she said.

"Before we know it'll be used for breath tests and speeding, it will be used to open a bank account … licences are our primary ID — so does that mean everywhere we've been using them for identity, all the clubs and pubs, will have access to it?

"Even car insurance — [people will think] 'we are using it for drivers' licences, maybe we should also use it for third-party compulsory insurance. And then we need it for health insurance'."

Your face 'may end up on some third-party selling list'

Ms Michael was equally concerned about systematic errors causing potential mistaken identities and leading to people being wrongly accused or suspected of crime.

"It's not going to take long for these systems to be hacked, no matter what security you have in place and once it's hacked, that's it — everyone's facial images will end up on some third-party selling list and possibly on the internet for accessibility."

"Yeah, people put photos on Facebook, but not in that kind of systematic, calculated way.

"Some Australian citizens are going to be completely freaked out."

Fergus Hanson, head of cyber policy at the Australian Strategic Policy Institute, said Australians needed to think about where the "guard rails" around privacy should be.

"I think we can all agree that it's useful to use systems like this to track down terrorists or to track down murderers, [but] what happens when we start having more minor crimes being prosecuted and people arrested using this same technology?" Mr Hanson said.

"Would we be OK for example with the Government using that technology to track down someone who hadn't paid a parking fine?

"DNA testing, originally that was a very niche capability that developed, and now it's run of the mill technology that you would run for lots of different crime types."

Mr Hanson said the public needs to consider who ought to own personal data, and how it might be used in the future.

"You don't have to go very far back in history to appreciate why privacy is important, and the constraints that need to be there around states in terms of how they exercise their authority," he said.At the COAG National Security Summit, .

ACT Chief Minister Andrew Barr said "it is more perhaps in sorrow than in anger" that the heightened terrorism threats facing Australia had sparked the need for harsher measures.

"Nonetheless, all jurisdictions have signed up today and it reflects the need for a joined up and collective response to difficult issues," Mr Barr said.

"But to do so within the framework of a Human Rights Act that we have in the ACT has required us to work closely with the Commonwealth to achieve the outcome.

"And I want to acknowledge that that has been achieved, and that's an important thing for residents in the ACT."

Citation: Jake Evans and Clare Sibthorpe, October 5, 2017, "Facial recognition: Feature creep may impose government's software in our lives, expert warns", Australian Broadcasting Corporation News.

Agencies may access IDs

Government agencies could get approved access to part of the Commonwealth's newly proposed facial recognition program.

The Facial Verification Service, part of the federal government's new "Capability" program, would be accessible by departments such as the Department of Human Services or the Australian Taxation Office.

The system would be used to provide a one-for-one match from a person's existing photo with any other government-issued identities they may hold, rather than returning multiple potential matches.

The Attorney-General's Department said government agencies and private businesses would have to complete a privacy impact statement before given access.

"Organisations using the service would need to demonstrate their lawful basis to do so under the Privacy Act, and could only use the FVS where they gain a person's consent to use their images," a spokesman said.

Surveillance expert Professor Katina Michael of the University of Wollongong said access should only be granted on a case-by-case basis, concerned that Capability could be linked to a person's metadata or even tax file number.

"What I can't understand is it's open at all times indefinitely," Professor Michael said. "That is not professional. It's warrantless searching."

She also raised concerns about the private sector having access to the system.

"It's going to be bidirectional. This is a lovely symbiosis between government and industry. This is the only way that government can crawl their way into the data sets of Facebook and Google."

When originally launched in November, the FVS used photos captured by the Australian Border Force from passports or citizenship photos, and was only available to the Department of Foreign Affairs and Trade or the Australian Federal Police.

Earlier this month, the federal government announced it would establish the national facial recognition system drawing on issued identification from all Australian jurisdictions allowing FVS users to access state or territory databases.

The Capability now comprises three parts, the Document Verification Service, the FVS and the Facial Identification Service.

The FIS allows law enforcement to scan photos of unknown persons and match them with multiple government records.

"For example, it can be used to identify a suspected paedophile from child exploitation material, or to identify an armed offender from a still image taken from CCTV footage," a spokesman said. There were no current plans to expand access to the FIS.

But Professor Michael was concerned the FIS would eventually be opened up to other agencies and the private sector.

Finbar O'Mallon, October 15, 2017, "Agencies may access IDs", Canberra Times, p. 8.