Biometrics and Regulation

The Tenth Workshop on the Social Implications of National Security (SINS17)

Human Factors Series - Research Network for a Secure Australia (RNSA)

Venue: Sydney Business School, University of Wollongong, Level 18, Seminar Rooms 7 & 8

Gateway Building, Level 8 & 9, 1 Macquarie Place, Circular Quay, NSW 2000

Date: 9 August 2017


About the RNSA Human Factors Workshop Series

The Social Implications of National Security workshop series began in 2006 funded by the Australian Research Council, Research Network for a Secure Australia. The RNSA funded the workshop until 2012, and spear-headed the “Human Factor Series” for the lifetime of the research network. Its proceedings have been deposited in a variety of key stakeholders, including the National Library, the Department of Prime Minister & Cabinet, the Commissioner for Law Enforcement Data Security in Victoria and the NSW Police Academy libraries of Australia. The workshops have been hosted in Wollongong, Canberra, Sydney, Melbourne and Toronto. There have been representatives from government, industry, defense, emergency services organisations, academia, and society at large at each of the workshops. The "Social Implications of National Security Workshops" were created and convened by Drs Katina Michael and MG Michael since their inception. More here

A note from the conveners...

There are 4 conveners of this year's workshop on biometrics at the border. Professor Katina Michael is joined by Dr Rob Nicholls, Dr Monique Mann, and Mr Peter Leonard. Katina completed her PhD on the automatic identification trajectory in 2003, Rob is an expert in emerging technology regulation, Monique is writing a book on biometrics, and Peter has for many years consulted in data, technology and the law.

The Social Implications of National Security Workshop is now in its 10th year. This year's workshop is on the theme of Biometrics and Regulation. SINS was originally funded by the ARC Research Network for a Secure Australia. Representative voices from government, industry, and academe. This year's keynote John Kendall from Unisys, Rustom Kanga from iOmniscient, Philip Green QLD Privacy Commissioner, and Elizabeth Tydd NSW Information Commissioner and Open Data Advocate. Come along to this free workshop to be hosted at UOW's Sydney Business School on the 9th August 2017.

Program Schedule

August 9, 2017

9.00 a.m. Katina Michael, Welcome and Introductory Comments

9.10 a.m. Keynote: Privacy and Surveillance-based Biometrics, John S. Kendall, Director, Border and National Security Program, Global Public Sector, Unisys

10.00 a.m. Session 1: Intelligent Systems and Behavioural Biometrics and Standards

The Current State for Intelligent Systems, Rustom Kanga, CEO, iOmniscient

Current Biometric Standards - Large and Small, Steve Wilson, Lockstep

11.00 a.m. Morning tea (downstairs)

11.30 a.m. Session 2: Biometrics and Applied Data Ethics

Emerging Concerns for Responsible Data Analytics: Trust, Fairness, Transparency and Discrimination, Peter Leonard, Principal, Data Synergies

Elizabeth Tydd, NSW Information Commissioner and Open Data Advocate

Lyria Bennett Moses, UNSW Law School and Data to Decisions CRC

Neil Soderlund, CEO, Quantium Health Outcomes

12.30 p.m. LUNCH

1.30 p.m. Session 3: Biometrics, Crime and Security

Developments in DNA (i.e. phenotyping), Marcus Smith, Centre for Law and Justice, Charles Sturt University, 20 min

Emerging Areas in Behavioural Biometrics and Issues of Regulation, Monique Mann, School of Justice, Queensland University of Technology, 20 min

The Deployment and Emerging Use of Biometrics in the State of Queensland, Philip Green, QLD Privacy Commissioner, 10 min


2.30 p.m. Session 4: Biometrics, Regulation and the Law

Biometrics as 'RegTech', Roger Clarke, Xamax Consultancy

3.00 p.m. Session 5: New Technologies, New Problems, New Solutions

Skeeves Stevens and Shanti Korporaal, Welcome to the Future, The Future Faqtory (30 minutes)

Open Discussion chaired by Philip J. Chmielewski, Seaver College of Science and Engineering, Loyola Marymount University (25 minutes)

3.55 p.m. Wrap Up: Katina Michael

4.00 p.m. Close

Welcome and Introductory Comments

Co-Convener: Professor Katina Michael, Faculty of Engineering and Information Sciences, University of Wollongong

On behalf of MG Michael and myself, thank you to all the conveners and chairs, the organisations, individuals, presenters, participants and UOW for funding the 10th Workshop on the Social Implications of National Security. It has gone from strength to strength and proven itself a fine venue for dialogue. Dialogue can only happen when we are together in a room, face one another, and openly discuss the issues we are facing as a society of stakeholders- industry, government agencies, consumers, government agencies, NGOs, academics. Today we have the following participants present- Biometrics Institute, iOmniscient, Lockstep Consulting, Xamax Consulting, Unisys, ChipMyLife, NEC, Informa, VR the World, ChipMyLife, FutureFaqtory, FutureSumo, Qld Privacy Commissioner, NSW Information Commissioner, Data Synergies, UOW, ANU, Charles Sturt University, QUT, Loyola University U.S., UNSW, NII Japan, US National Science Foundation, Quantium Health Outcomes, IIMG Ireland, IEEE. This is testament to the importance of the topic. May it be a fruitful day with real outcomes and future links forged towards continued discussion and learning.

I will do the thank yous upfront. This workshop could not have been possible without three people who stepped up to help me convene this year's proceedings. Thank you to Rob Nicholls, Monique Mann, and Peter Leonard. You have been instrumental in putting this amazing program together.

What can we learn from the deployment of multimodal biometrics in India?

What can we learn from the deployment of multimodal biometrics in India?

Katina Michael delivered this presentation as a keynote on 8 October 2015, at the Women in Policing Conference at SVP National Police Academy, Hyderabad, India. 

Katina was fortunate to publish a long commentary by Usha Ramanathan in IEEE Technology and Society Magazine on Aadhaar. Her paper worth reading in full is here: "Considering Social Implications of Biometric Registration: A Database Intended for Every Citizen in India" (March 2015).

Keynote: Privacy and Surveillance-based Biometrics

Keynote: Mr John S. Kendall, Director Border and National Security Program, Global Public Sector, Unisys

Title: Privacy and Surveillance-based Biometrics

Abstract: Surveillance systems are ubiquitous today. But more concerning is the emergence of biometric identification technologies that can employ surveillance devices – with or without the subject being aware. Where is this technology heading and what are the implications for privacy?

Full presentation available here.

Mr John S. Kendall, Unisys

Mr John S. Kendall, Unisys

Biography: John Kendall is the Global Director of the Unisys Border and National Security Program. Currently based in Australia, John has overall responsibility for Unisys border and national security initiatives around the globe.  With a thirty-five year career at Unisys, the last ten of those in Australia, John has worked with public sector clients in the USA, Europe, Africa, Asia, Latin America and the South Pacific. His particular area of focus has been the national security sector, helping public sector organisations leverage innovative technologies such as biometrics and real time analytics to provide secure and cost effective services to their citizens and business communities. This includes having personally worked on large scale biometric projects in Australia, Malaysia, Philippines, South Africa and elsewhere. As a Subject Matter Expert in the application of identification and biometrics, John has developed deep first hand insight into how organisations can leverage these technologies to achieve both improved efficiency and greater security in the area of border and national security. John is regularly quoted in the media providing commentary on border security, national security, and cyber security issues as well consumer attitudes toward various security measures. Read his blog posts here: He holds a Bachelor of Science in Information and Computer Science from the Georgia Institute of Technology and a MBA in Management Science from Virginia Tech.  He is an IEEE Certified Biometrics Professional and a member of the Biometrics Institute Privacy Committee.

The Current State for Intelligent Systems

Session 1: Dr Rustom Kanga, CEO, iOmniscient

Title: The Current State for Intelligent Systems

Dr Rustom Kanga, iOmniscient

Dr Rustom Kanga, iOmniscient

Abstract: Organizations have installed large numbers of cameras. Unfortunately these have proved useless as they have not been able to thwart terrorist incidents. The talk will focus on how adding intelligence to the system can make them useful for improving security, safety and productivity. It willdiscuss how such systems canbe used tomake entire cities safer and smarter. As part of the talk the audience will get a better understanding on theuse of Artificial Intelligence systems in behaviour analytics and biometrics systems and how they have been deployed in real life.

Biography: In the early 1980s, Dr. Rustom Kanga led the team that built the world’s first commercial Artificial Intelligence based system at Digital Equipment Corporation. Twenty years later he co-founded iOmniscient to bring Artificial Intelligence to the Security Industry. Dr Kanga has had over 35 years of experience in various aspects of the computing and telecommunications industries as Vice President of DEC and then Compaq. In those companies he developed a reputation for starting up and growing several new businesses each of which had phenomenal success. Today he leads iOmniscient which is recognized as the technology leader in Smart City technologies involving Video, Sound and Smell Analytics for creating Safer and more efficient cities.

Current Biometric Standards - Large and Small

Session 1: Mr Steve Wilson, Lockstep Consulting

Mr Steven Wilson, Lockstep Consulting

Mr Steven Wilson, Lockstep Consulting

Abstract: The regulation of any technology requires standards and the ability to measure compliance. The standardisation of biometrics is still in its infancy, with few agreed methods to even measure accuracy, or resistance to concerted attack.  On the other hand, best practices are now clear for biometric architectures and template protection, and some notable global industry efforts to foster adoption.  

- Accuracy and precision in biometrics processing 

- The state of biometrics standards 

- Imposter resistance 

- The Face Verification Service

- The FIDO Alliance 

- The Biometrics Institute Trust Mark. 

Biography: Stephen Wilson is an independent researcher, analyst and adviser in digital identity and privacy.  He has been retained for biometrics advice by health insurer Aetna, the Attorney Generals' Department, DFAT, the Biometrics Institute, and Australia Post. 

Biometrics and Applied Data Ethics

Session 2: Emerging Concerns for Responsible Data Analytics: Trust, Fairness, Transparency and Discrimination

Abstract: The privacy assessment framework governing uses of information about individuals is now mature, understood and applied by responsible data custodians. However, this framework is incomplete. The framework focusses assessment of data analytics projects upon responsible management of personal information about individuals. But while a key concern, privacy this is not the only important concern. A narrow focus upon privacy is diverting attention away from addressing emerging concerns as to maintenance of consumer trust, as to fairness of outcomes and avoiding adverse impacts of uses of insights derived from data analytics. Building torrents of papers canvass concerns as to social equity, corporate social responsibility, lack of of ‘transparency’, ‘unaccountable algorithms’, unethical practices and weighting of benefits for the many against detriments for a few. Often these concerns are grouped together by academic commentators under a rubric of ‘data ethics’. This commentary is often coupled with a call to action, exhorting responsible data custodians to apply ethical principles to identify and address ‘unethical’ outcomes of data analytics projects. But this discussion does not provide a practical process to assess and address these concerns. Not do these calls take into account project methodologies of complex data analytics projects. Some expert commentators, notably including Marty Abrams and Peter Cullen at the Information Accountability Foundation, have suggested a framework integrating ethical evaluation within now commonly accepted procedures for privacy impact assessments (PIAs). This paper suggests that although coordinated assessment of fairness, ethics and privacy is appropriate and often practical, integration into a single assessment is not practicable and in fact often will be sub-optimal. This paper also suggests that it will often be appropriate to ensure that responsible assessment is conducted as to uses and applications of outputs (such as algorithms or insights) of data analytics projects in circumstances where these outputs do not themselves constitute uses or disclosures of personal information that are (or should be) subject to privacy assessment. Algorithms may go into productive use in circumstances where limitations as to underlying data used to generate such algorithms are not understood and their reliability is affected by exogenous factors, where the algorithms is inherently biased, or where a particular application of the algorithm has unfair discriminatory effect. The objective of this paper is to promote development of a framework for phased assessment of data analytics projects that encompasses ethical and fairness considerations, while not creating a dead weight of multiple detailed assessments. The framework must be targeted, agile and capable of application by responsible teams that are not ethicists. These teams should be empowered to ask and seek answers to sensible questions framed in plain language. The framework should draw upon learnings from use of Human Research Ethics Committees (HRECs) in reviewing medical research projects, without inappropriately expanding the administrative, cost and time imposts of processes of full HREC review. This paper explores a middle course, suggesting how well thought through and structured questions exploring ethics and fairness of outputs and outcomes are asked and retested at appropriate points through the phases of a complex data analytics project.

Full paper here

Mr Peter Leonard, Data Synergies

Mr Peter Leonard, Data Synergies

Biography: Peter Leonard is a data and technology business consultant and lawyer and principal of Data Synergies, a new data commercialisation consultancy. Peter was a founding partner of Gilbert + Tobin. Following his retirement as a partner in 2017 he continues to assist Gilbert + Tobin as a consultant. Peter also chairs the Australian IoT (Internet of Things) Alliance’s Data Access, Use and Privacy work stream and the Law Society of New South Wales Privacy and Communications Committee. The IoT Alliance is Australia’s peak body bringing together industry and governments to address issues affecting IoT adoption and implementation. He also participates in the Australian Computer Society’s Data Taskforce as chaired by Dr Ian Oppermann, NSW Chief Data Scientist. Peter wishes to acknowledge the contribution of all Taskforce members, with Ian Oppermann’s energetic leadership, through taxing discussions within the Taskforce that explored many of the concepts explored in this paper.

Developments in DNA

Panelist: Dr Marcus Smith, Centre for Law and Justice, Charles Sturt University

Title: Biometrics, Security and Crime: New forms of DNA identification

Dr Marcus Smith

Dr Marcus Smith

Abstract: DNA evidence is a method of biometric identification that has made a significant contribution to criminal investigations in Australia and around the world through the direct matching of DNA profiles obtained from crime scenes, suspects and databases. There have been some significant developments in the science and technology behind DNA evidence over the past 10 years that have important implications for law enforcement and the legal system. New forms of DNA identification continue to be developed and applied to enhance criminal investigations. These extend beyond the traditional technique of matching DNA profiles. The new forms of DNA identification that will be discussed include familial searching, DNA phenotyping and mtDNA profiling. These are discussed through a review of relevant legal cases relating to DNA evidence in criminal trials where they have been applied. Implications for policy and practice are discussed, focusing on the balance between individual rights and the importance of applying new technology to investigate and prosecute serious crimes.

Biography: Dr Marcus Smith is Senior Lecturer in Law at the Centre for Law and Justice, Charles Sturt University, and Adjunct Professor of Law at the University of Canberra. He holds a PhD in law from the Australian National University. 

The Deployment and Emerging Use of Biometrics in the State of Queensland

Chair/ Panelist: Dr Monique Mann, School of Justice, Queensland University of Technology

Title: Biometrics, Crime and Security: Facial recognition, behavioral profiling and deception detection at the border

Abstract: Each and every person confronted with international travel will face the prospect of his or her biometric information being collected either via CCTV, an e-Smart Gate or a fingerprint scanner. The International Civil Aviation Organisation (ICAO) has selected facial recognition as the global standard for interoperable biometric passports and there have been moves in Australia towards passport free travel requiring travellers to present only their face at border control. Instead of comparing a face with a facial template stored in an ePassport, the face would be compared against a facial template stored within the Australian Passport Office’s database.

Looking internationally there has been a steady expansion of the use of face recognition technology for border control. In the UK British Airways uses facial recognition scanning at security screening enabling travellers to board planes without the requirement of showing identification documentation. US Customs and Border Protection have been using facial recognition since 2015, with trials expanding initially from Washington to New York airports. More recently there have been proposals for US Customs and Border Protection agents to use drones equipped with facial recognition technology to monitor the border with Mexico. There have been suggestions that US Customs and Border Protection will commence a program known as ‘Biometric Exit’ that scans the faces of individuals departing the US to verify who has left the US, and therefore be able to identify those who overstay their visas.

New technologies are being developed that combine facial recognition with emotion recognition and other second-generation biometrics to identify threats and detect deception. Police have historically used the polygraph for lie detection, however a modern alternative is evolving in the form of the Automated Virtual Agent for Truth Assessments in Real-Time (AVATAR), currently being developed by the University of Arizona and US Customs and Border Protection. Further, the US Department of Homeland Security is developing Future Attribute Screening Technology (FAST) where an automated robotic interviewer asks questions while assessing biometric information such as facial expressions, voice intonation and inflection to detect deception. A combination of this technology with predictive questioning and access to large and ever expanding databases enables robot-enhanced interrogation at the border.

These automated systems of identification and deception detection have the potential to remove humans from decision-making processes associated with border control. There are a number of concerns about the implementation these technologies, particularly in light of the significant expansion in the collection and storage of personal data coupled with diminishing opportunities for individuals to opt out, and little, if any, limits on data collection and use by border control agents. There are further concerns about an individual’s right to silence, privilege not to self-incriminate and the parameters of legitimate search. This paper foreshadows emerging developments that concern the use of biometrics at the border and in doing so considers associated regulatory prospects and protections.

Monique Mann and Marcus Smith, "Automated Facial Recognition Technology: Recent Developments and Approaches to Oversight", Vol. 40, No. 1, UNSW Law Journal, pp. 121-145. Full paper here. Presentation PDF available here.

Biography: Dr Monique Mann is a lecturer at the School of Justice, Faculty of Law, at the Queensland University of Technology in Brisbane, Australia. She is also a member of the Crime and Justice Research Centre and the Intellectual Property and Innovation Law Research Group at QUT Law. Monique is currently advancing a program of socio-legal research on the intersecting topics of police technology, transnational online policing and surveillance. She is on the Board of Directors of the Australian Privacy Foundation and the Advisory Council of Digital Rights Watch Australia

Emerging Areas in Behavioural Biometrics and Issues of Regulation

Panelist: Philip Green, Queensland Privacy Commissioner

Title: The Deployment and Emerging Use of Biometrics in the State of Queensland

Mr Philip Green, Queensland Privacy Commissioner

Mr Philip Green, Queensland Privacy Commissioner

Abstract: Queensland Privacy Commissioner, Phil Green will discuss deployment and emerging use of biometrics in Queensland State and Local Government as well as at the National Level given his involvement in the proposed intergovernmental agreement on identity matching.  Automated facial recognition and verification systems have been trialled in the Gold Coast and Toowoomba regions, ID scanning has commenced in liquor licensing precincts and Drivers Licence facial recognition has been trialled in Northern Territory and Tasmania. A mooted trail of facial recognition and AI targeting shoplifting is proposed for Brisbane is about to kick off using NZ developed technology called Auror (   Some of the challenges include transparency of decision making processes, judicial review, data storage and security, error rates, discriminatory impacts, scope and functional creep. He will canvas matters such as legislative barriers as well as outline the challenges his office faces in encouraging proportionate responses in face ofthe law and order political auction. 

Full presentation available here.

Biography: Appointed as the Queensland Privacy Commissioner in December 2015, Philip Green has an extensive career in the private and public sectors. Mr Green’s legal career at Allens included commercial banking and finance/insolvency.  He has extensive central agency experience in criminal justice, legal and economic policy at the Department of the Premier and Cabinet in Queensland.  He most recently headed up the Small Business division for the Queensland Government. He has a keen interest in innovation and technology law and was instrumental in establishing Queensland’s first administrative privacy regime. He holds degrees in Arts and Law from the University of Queensland and a Masters in Law from QUT. Philip’s current term of appointment is to December 2018.

Biometrics, Regulation and the Law

Abstract: The term 'RegTech' emerged in 2016 as a means of adding sex-appeal to the application of technology to compliance responsibilities, in particular those of corporations in the financial services sector. This presentation adopts a broader vision of technology applied to regulation, arguing that RegTech is needed in all sectors, and that it's essential to consider the perspectives not only of the regulatees, but also of the regulators, and of the intended beneficiaries of the regulatory activity.

The question addressed in the session is to what extent can biometrics play a role in RegTech. It's necessary to take a realistic view of the nature of biometric technologies, of the categories of application that they can be put to, and of the array of real-world challenges that confront those applications. There may be scope for biometric applications in RegTech, but far less than enthusiasts would like to believe.

Biography: Roger Clarke is an independent consultant in the strategic and policy implications of advanced information technologies, with a particular focus on eBusiness, information infrastructure, and dataveillance and privacy. He is a Visiting Professor in Computer Science at the ANU, and a Visiting Professor in Law at UNSW.  He has also held Visiting Professorships at the University of Hong Kong (2002-07), the University of Bern, and the University of Linz.  He holds Honours and Masters degrees in Commerce (IS) from UNSW, and a PhD from the ANU.  He was made a Fellow of the Australian Computer Society (FACS) in 1986, and of the international Association for Information Systems (FAIS) in 2012.  In 2009, he was awarded only the second Australian Privacy Medal, after Justice Michael Kirby. He has spent many years on the Board of the Australian Privacy Foundation (APF), including as Chair 2006-14, and on the Advisory Board of Privacy International (PI).  He has also served variously as a Director, Secretary and Chair of several companies, of Electronic Frontiers Australia (EFA), and of the Internet Society of Australia (ISOC-AU), including as Secretary 2012-15.

Full paper here

New Technologies, New Problems, New Solutions

Open Discussion Chair: Professor Philip J. Chmielewski

Professor Philip Chmielewski

Professor Philip Chmielewski

Biography: As the Sir Thomas More Chair of engineering ethics at the Seaver College of Science and Engineering of Loyola Marymount University (Los Angeles), Chmielewski offers instruction in the ethics of design and production, research ethics, and the ethical assessment of contemporary technologies.  He focuses on developing elements of a framework for international engineering ethics. He is a member of IEEE and of the Association of Asian Studies.  Further, he is an affiliate member of the Hong Kong Institution of Engineers. Currently he is on sabbatical at the Centre for China Studies of the Chinese University of Hong Kong. He has lectured frequently in mainland China.

Thanks to...

* A special thank you to Professor L. Jean Camp, School of Informatics & Computing, Indiana University, USA for agreeing to be our original keynote but who could not make it for personal reasons. We look forward to having her keynote at a future workshop.

Professor L. Jean Camp

Professor L. Jean Camp

Biography: Professor L. Jean Camp is a founder of the interdiscipline of economics of security. Her core contributions are in area of the social and economic implications of technologies of security and privacy. She is a leader in the investigation of the insider threat in the networked realm. Prof. Camp began her graduate studies in electrical engineering in North Carolina before moving to the Department of Engineering and Public Policy at Carnegie Mellon to complete her PhD in Engineering and Public Policy. Upon graduation she became a Senior Member of the Technical Staff at Sandia National Laboratories. She left Sandia National Laboratories for eight years as a professor at Harvard's Kennedy School, departing to lead the security group in the newly-formed School of Informatics at Indiana University. Professor Camp is the author of “Trust and Risk in Internet Commerce” (MIT Press), “Economics of Identity Theft” (Springer) and the editor of “Economics of Information Security” (Kluwer Academic). She has authored over one additional hundred works, including ninety peer-reviewed works and two dozen book chapters. She has made scores of invited presentations on five continents. Her patents are in the area of privacy-enhancing technologies. Her professional service has included terms on the Board of Directors of Computer Professionals for Social Responsibility, the Board of Governors of the IEEE Society on Social Implications of Technology, Alumni Board for Carnegie Mellon, Senior Member of the IEEE, and longstanding member of the USACM. See for more detailed information.