Australian PM Malcolm Turnbull hints at surveillance expansion

Drivers' licenses pics shared with States? You ain't seen nothing yet: the private sector might get your mugshot, too


Australian prime minister Malcolm Turnbull has hinted that the expansion of the nation's facial recognition databases could include private sector access.

Turnbull's statement came almost as an aside, under questioning by Sabra Lane on the Australian Broadcasting Corporation's AM public affairs program. Lane quizzed the PM on his plan to ask states to integrate drivers' license photos into the national facial recognition system (which already captures passport images).

Lane asked Turnbull whether the facial recognition system might be used to monitor people in public places such as shopping malls, and he answered “it absolutely could be” – an application that would require either a huge expansion government-owned surveillance infrastructure, or the ability for private security companies to access the database.

The government's request for drivers license photos, which will come at a Council of Australian Governments meeting tomorrow, has long been on the agenda.

Monique Mann and Marcus Smith, writing for the University of New South Wales Law Journal, explain that national sharing was an objective of the National Facial Biometric Matching Capability first announced in 2015.

However, the expansion of the system – and a possible expansion of access to it – will inevitably raise questions of the government's ability to secure the data.

Turnbull gave Lane an assurance that the data will be secured, but seemed to prioritise building and using the database, saying “the alternative is to not use data at all”.

+Comment: As The Register has previously documented, such databases are at risk of unauthorised access by both insiders and outsiders, as Australian police services have had a procession of officers charged for misusing their access to data.

The number of people who would ultimately have access to the database the government proposes is also a problem.

The lessons of post-9/11 America still hold true, that a massive expansion of personnel with access to sensitive information expands the risk that the information will leak.

Yet, alongside automation, that is exactly the aim of the National Facial Biometric Matching Capability: to make the information shareable, and therefore to expand the government personnel who can access it.

When Australian Medicare numbers were offered for sale on a Tor marketplace in July, it was clear that getting those numbers is relatively easy because tens of thousands of people, mostly government workers, have legitimate access to the database.

The same, we believe, holds true for facial recognition systems: if access is expanded far enough, protection becomes impossible. ®

Broader topics

Narrower topics


Other stories you might like

  • Samsung fined $14 million for misleading smartphone water resistance claims
    Promoted phones as ready for a dunking – forgot to mention known problems with subsequent recharges

    Australia’s Competition and Consumer Commission has fined Samsung Electronics AU$14 million ($9.6 million) for making for misleading water resistance claims about 3.1 million smartphones.

    The Commission (ACCC) says that between 2016 and 2018 Samsung advertised its Galaxy S7, S7 Edge, A5, A7, S8, S8 Plus and Note 8 smartphones as capable of surviving short submersions in the sea or fresh water.

    As it happens The Register attended the Australian launch of the Note 8 and watched on in wonder as it survived a brief dunking and bubbles appeared to emerge from within the device. Your correspondent recalls Samsung claiming that the waterproofing reflected the aim of designing a phone that could handle Australia's outdoors lifestyle.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Police lab wants your happy childhood pictures to train AI to detect child abuse
    Like the Hotdog, Not Hotdog app but more Kidnapped, Not Kidnapped

    Updated Australia's federal police and Monash University are asking netizens to send in snaps of their younger selves to train a machine-learning algorithm to spot child abuse in photographs.

    Researchers are looking to collect images of people aged 17 and under in safe scenarios; they don't want any nudity, even if it's a relatively innocuous picture like a child taking a bath. The crowdsourcing campaign, dubbed My Pictures Matter, is open to those aged 18 and above, who can consent to having their photographs be used for research purposes.

    All the images will be amassed into a dataset managed by Monash academics in an attempt to train an AI model to tell the difference between a minor in a normal environment and an exploitative, unsafe situation. The software could, in theory, help law enforcement better automatically and rapidly pinpoint child sex abuse material (aka CSAM) in among thousands upon thousands of photographs under investigation, avoiding having human analysts inspect every single snap.

    Continue reading
  • Australian digital driving licenses can be defaced in minutes
    Brute force attack leaves the license wide open for undetectable alteration, but back end data remains unchanged

    An Australian digital driver's license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure.

    New South Wales, Australia's most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of the state's eight million people use the "Service NSW" app that displays the DDL and offers access to many other government services.

    Now, a security researcher at cybersecurity company Dvuln claims he was able to brute force his way into the app with nothing but a Python script and a consumer laptop. Once inside, he found numerous security flaws that made it simple to alter the DDL stored in the app. 

    Continue reading
  • China offering ten nations help to run their cyber-defenses and networks
    Sure, they’re small Pacific nations, but they’re in very strategic locations

    China has begun talking to ten nations in the South Pacific with an offer to help them improve their network infrastructure, cyber security, digital forensics and other capabilities – all with the help of Chinese tech vendors.

    Newswire Reuters broke the news of China’s ambitions after seeing a draft agreement that China’s foreign minister Wang Yi is reportedly tabling on a tour of Pacific nations this week and next.

    The draft agreement proposes assistance with data governance, training local police, and mapping the marine environment. Supply of customs management applications, possible funding of data links to island nations, and cyber-security assistance are also reportedly on the table.

    Continue reading
  • How ICE became a $2.8b domestic surveillance agency
    Your US tax dollars at work

    The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

    The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

    ICE did not respond to The Register's request for comment.

    Continue reading

Biting the hand that feeds IT © 1998–2022