Family Planning NSW Data Breach

Katina Michael with Ally Crew, "Family Planning NSW Data Breach Financially Motivated", ABC Radio National Australia. May 14, 2018.

https://www.fpnsw.org.au/ on May 14, 2018

https://www.fpnsw.org.au/ on May 14, 2018

Thanks to executive producer Eleni Psaltis.

The Capability on SBS Greek Radio

Your face is becoming the latest weapon in the world of digital surveillance, and the humble driver's licence looms as a game-changer in tracking individuals through both the real and virtual world.

In Mandarin:

据ABC报道,一旦驾照被引入到生物识别数据库中,政府和一些私人部门将可以获取人们的的照片、年龄和地址等详细信息。

专家警告说,政府和一些有组织的犯罪团伙都有可能出于需要而获取个性化的元数据,人们正面临着失去对自己生物识别特征控制权的风险。

业内观点:

科技和法律方面的专家卡蒂娜·迈克尔(Katina Michael)教授说,在全国可访问的数据库中,大约50%的人已经存储了视觉化的生物特征,而驾照的引入会将这个比例一下提升到80%。

她表示,收集生物识别数据的最大风险之一是生物识别技术方式的漏洞。

迈克尔教授说,“当警察在系统内通过照片来查询个人信息时,不是一对一的搜索匹配,你把一个人的脸放在哪里,可能会得到好几十个人选的搜索结果”。

她说,虽然一段时间后这些被搜索的个人名字可能会被清除,但他们的数据可能会保留在与刑事调查相关的数据库中,而真正的惯犯或恐怖分子却往往不办护照和驾照,来逃避这个系统的管理。

斯蒂芬·威尔逊(Stephen Wilson)经营着一家咨询公司,负责研究和跟踪企业与政府领域的生物识别技术趋势。

他说,目前即便是非常安全的生物识别系统也需要相当长的时间才能准确处理图像。

而当消费者热衷于便利性,例如能够通过面部或指纹的快速扫描来打开手机或访问银行账户,就会忽视安全性,而这就会诱发问题。

威尔逊说,“ 我们在电子数据库里曝光得越多,我们被以生物识别特征匹配的可能性就越大。另外,对试图犯罪的人来说,想要伪造一个驾照,可以从系统里找到一长串与他们长相相似的照片来选择”。

生物识别技术研究所(Industry Trend Tracker)的年度行业调查显示,面部识别将是未来几年最有可能增加的生物识别发展趋势。

受访者们认为,个人隐私和数据保护问题是这个市场上最大的制约因素。

Agencies may access IDs

Government agencies could get approved access to part of the Commonwealth's newly proposed facial recognition program.

The Facial Verification Service, part of the federal government's new "Capability" program, would be accessible by departments such as the Department of Human Services or the Australian Taxation Office.

The system would be used to provide a one-for-one match from a person's existing photo with any other government-issued identities they may hold, rather than returning multiple potential matches.

The Attorney-General's Department said government agencies and private businesses would have to complete a privacy impact statement before given access.

"Organisations using the service would need to demonstrate their lawful basis to do so under the Privacy Act, and could only use the FVS where they gain a person's consent to use their images," a spokesman said.

Surveillance expert Professor Katina Michael of the University of Wollongong said access should only be granted on a case-by-case basis, concerned that Capability could be linked to a person's metadata or even tax file number.

"What I can't understand is it's open at all times indefinitely," Professor Michael said. "That is not professional. It's warrantless searching."

She also raised concerns about the private sector having access to the system.

"It's going to be bidirectional. This is a lovely symbiosis between government and industry. This is the only way that government can crawl their way into the data sets of Facebook and Google."

When originally launched in November, the FVS used photos captured by the Australian Border Force from passports or citizenship photos, and was only available to the Department of Foreign Affairs and Trade or the Australian Federal Police.

Earlier this month, the federal government announced it would establish the national facial recognition system drawing on issued identification from all Australian jurisdictions allowing FVS users to access state or territory databases.

The Capability now comprises three parts, the Document Verification Service, the FVS and the Facial Identification Service.

The FIS allows law enforcement to scan photos of unknown persons and match them with multiple government records.

"For example, it can be used to identify a suspected paedophile from child exploitation material, or to identify an armed offender from a still image taken from CCTV footage," a spokesman said. There were no current plans to expand access to the FIS.

But Professor Michael was concerned the FIS would eventually be opened up to other agencies and the private sector.

Finbar O'Mallon, October 15, 2017, "Agencies may access IDs", Canberra Times, p. 8.

Facial recognition limited to serious offences but APF says disproportionate

Thank you to Naomi Woodley from the ABC for inviting comment from the Australian Privacy Foundation on the topic of invasive technology adoption by the government for the purposes of "national security". The press release from the APF, Digital Rights Watch, Electronic Frontiers Australia and a number of other non-government organisations can be found below.

keenan.png

The Federal Government says police will only be able to use a national facial recognition database when they are investigating serious crimes that carry a penalty of three years in jail or more.

But privacy advocates still don't believe the database is needed.

Professor Katina Michael from the Australian Privacy Foundation says, if it must go ahead, then its use should be overseen by a specific commissioner.

Duration: 2min 43sec
Broadcast: Fri 6 Oct 2017, 6:05am
Original source here: http://www.abc.net.au/radio/programs/am/facial-recognition-to-be-limited-to-serious-offences-keenan/9021468

Featured:
Michael Keenan, Justice Minister
Professor Katina Michael, School of Computing and Information Technology, University of Wollongong

Credits: Author- Naomi Woodley

Citation: Michael Keenan and Katina Michael with Naomi Woodley, "Facial recognition to be limited to serious offences: Keenan", ABC AM, Available at: http://www.abc.net.au/radio/programs/am/facial-recognition-to-be-limited-to-serious-offences-keenan/9021468.

 

APF Joint Press Release

Comprehensive national face database incompatible with a free society

Australia’s leading privacy and civil liberties organisations condemn the decision by the Council of Australian Governments (COAG) to provide all images from state and territory driver’s licence databases to the federal National Facial Biometric Matching Capability.

These organisations are the Australian Privacy Foundation, Digital Rights Watch, Queensland Council for Civil Liberties, NSW Council for Civil Liberties, Liberty Victoria, South Australian Council for Civil Liberties and Electronic Frontiers Australia.

The creation of such a comprehensive national facial database is an unnecessary and disproportionate invasion of the privacy rights of all Australians, is the foundation for suspicionless, warrantless mass surveillance and is fundamentally incompatible with a free and open society.

David Vaile, Chair of the Australian Privacy Foundation said, “This government has proven it is blind and deaf to privacy and personal information security threats. Make no mistake – this database will affect all Australians, even the most conscientious and law-abiding. It will likely generate massive ‘false positive’ lists that will flood our very effective police and security services with useless distractions. We’ve already seen calls for ‘scope creep’ to cover welfare enforcement, and there’s every reason to expect this capability will come to be used to identify people with unpaid fines and other minor issues that have nothing whatsoever to do with terrorism.”

Tim Singleton Norton, Chair of Digital Rights Watch said, “This is a gross overreach into the privacy of everyday Australian citizens, and will have huge impacts on the trust in government to manage this database.  What is urgently needed is proper consultation, evidence and debate - in parliament, with civil society and the public themselves. Whilst we of course must ensure that our law enforcement agencies have the tools necessary to undertake their important work, this should not come at the expense of citizen’s rights to privacy.”

Angus Murray, Vice-President of the Queensland Council for Civil Liberties said, “The protection of the Australian community is fundamentally important – however, this also includes the protection of Australians’ civil liberties and privacy. Today’s agreement, and this continued scope creep, clearly highlights the need for the introduction of a tort of serious invasions of privacy and enforceable Human Rights legislation. It is incumbent on the Parliament to ensure that today’s COAG agreement on the National Facial Biometric Matching Capability is demonstrably necessary, adequate and proportionate, and subject to proper public scrutiny.”

Stephen Blanks, President of the NSW Council for Civil Liberties said, "The community does not yet understand the real implications of facial recognition technology and how fundamentally the way people can access public spaces like airports, sporting facilities and shopping centres will change. When they understand the realities of this technology, people will be very concerned."

Jon Lawrence, Executive Officer of Electronic Frontiers Australia said, “This decision is nothing less than a complete betrayal of a fundamental civil liberty of all Australians.  If implemented, it will ensure that the presumption of innocence no longer has any effective meaning in this country. Such an untargeted, mass surveillance database is just the latest attempt by governments to categorise everyone as potential suspects, not citizens.”

These organisations therefore call on all Australians concerned about this initiative to contact both their state/territory and federal parliamentarians to help them understand that this initiative is an example of government overreach that is simply unacceptable.

Personal Information Entrusted to Government Leaked to the Public

Podcast available here 

Centrelink and Veterans Leak Sources:

Summary

https://theconversation.com/how-the-law-allows-governments-to-publish-your-private-information-74304

Robo-Debt

http://www.abc.net.au/news/2017-03-21/how-centrelink-can-win-back-trust-after-the-robo-debt-debacle/8372788

http://www.canberratimes.com.au/national/public-service/centrelink-robodebt-government-pledges-fairer-deal-after-backlash-20170214-gucz6t.html

http://www.smh.com.au/federal-politics/political-news/centrelinks-robodebt-creating-a-climate-of-fear-20170307-gut1z7.html

http://www.smh.com.au/federal-politics/political-news/not-good-enough-labor-slams-centrelink-robodebt-changes-20170215-guda4r.html

Centrelink Leak

http://www.abc.net.au/news/2017-02-28/watchdog-inquiries-after-centrelink-leaked-personal-information/8310034

http://www.abc.net.au/news/2017-03-03/centrelink-debt:-senate-concerned-about-impact-of-dhs-releases/8321478

http://www.abc.net.au/news/2017-03-01/centrelink-clients-advised-personal-information-no-longer-safe/8313924

http://www.abc.net.au/news/2017-01-17/labor-calls-for-suspension-of-centrelink-debt-recovery-program/8187934

https://www.businessinsider.com.au/centrelinks-crude-new-data-matching-system-falsely-claims-people-owe-large-amounts-of-money-2017-1

Veterans Leak

http://www.theaustralian.com.au/news/latest-news/labor-backs-law-on-veteran-information/news-story/3b639743bd77dc5cb83337e075e30fd8http://www.abc.net.au/news/2017-03-02/government-wants-new-power-to-release-veterans-personal-info/8320268

http://www.news.com.au/national/politics/personal-medical-and-financial-documents-leaked-by-vets-affairs/news-story/bcdd3410b497f4175bb02faa77f9616e

http://www.illawarramercury.com.au/story/4519232/veterans-anger-over-personal-information-laws-prompt-privacy-review/?cs=12

Laws

Privacy Act 1998 Overview https://www.oaic.gov.au/privacy-law/privacy-act/

Privacy Act 1998 Quick Ref. https://www.oaic.gov.au/agencies-and-organisations/guides/app-quick-reference-tool#toc

Social Security Act 1991 http://www.austlii.edu.au/au/legis/cth/consol_act/ssa1991186/

Veterans Affairs Legislation Amendment (Digital Readiness and Other Measures Bill 2017) http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5771

Data matching program: https://www.humanservices.gov.au/sites/default/files/documents/co050-200710-1105en.pdf

Australian Privacy Principles include:

APP 1 — Open and transparent management of personal information

APP 2 — Anonymity and pseudonymity

APP 3 — Collection of solicited personal information

APP 4 — Dealing with unsolicited personal information

APP 5 — Notification of the collection of personal information

APP 6 — Use or disclosure of personal information

APP 7 — Direct marketing

APP 8 — Cross-border disclosure of personal information

APP 9 — Adoption, use or disclosure of government related identifiers

APP 10 — Quality of personal information

APP 11 — Security of personal information

APP 12 — Access to personal information

APP 13 — Correction of personal information

 

Citation: Katina Michael speaks with Trevor Chappell "The release of personal files from Centrelink and Veterans Affairs to journalists recently and some of the ramifications of this", ABC Radio - Overnights http://www.abc.net.au/radio/programs/overnights/. Producer Michael Pavlich. 4.20am-5am, 22 March 2017.

Privacy Act Amendments: What do they mean for Australian Consumers?

Abstract

Source: Murfett Legal

Source: Murfett Legal

Changes have been announced to the Privacy Laws - will these changes affect you? Why have these changes been brought in; what needs to be done to comply with these laws and what are the penalties for non-compliance. Rod Quinn will discuss with Dr Katina Michael who is Vice-Chair Australian Privacy Foundation. Will these changes give more protection to your data stored on computers?

Keywords: privacy, act, law, Australia, credit reporting, direct marketing, cross border flow, sensitive information, tax file number, Australia Card, Access Card, centralisation, social media, new technologies, cloud storage, big data, disclosure

Citation: Katina Michael and Rod Quinn. March 28, 2014, "Privacy Act Amendments: What do they mean for Australian Consumers?" ABC Overnights (2014), Available at: http://works.bepress.com/kmichael/459/