CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Commentary Tech Industry

The questions Australia should really ask about face recognition

When your face gets added to a massive, searchable database, there's much more than national security at stake. How ready are we for the era of biometrics?

Close-up of eye scan

Getty

Australia might be the lucky country, but it's also rapidly becoming a surveillance state.

In the '80s, Bob Hawke's proposal for a universally-identifying Australia Card was shouted down. Two years ago, mandatory data passed the parliament -- only after months of raging debate over privacy. But when it comes to creating a massive, searchable database on every Australian with a driver's licence, we went from an announcement from the Prime Minister to approval from state and territory leaders in just one day.

The government got the first phase of its Face Verification Service (FVS) up and running in November last year, but this week's expansion is significant. Now, anyone with a driver's licence will be able to have their face searched and matched in "real time" according to Prime Minister Malcolm Turnbull.

The arguments for and against such a step are the same as they have been for years, on both sides. This is either a necessary step to protect our freedoms, or a massive incursion on our civil liberties.

So it's time to ask some questions.

How does biometric face-matching work?

australia-smartgate-camera

Australia has already been using SmartGates at airports to do biometric face matching. 

Department of Immigration and Border Protection

Just like fingerprints, your face is unique. Biometric matching works by taking your facial features -- things like distance between eyes and nose, mouth and chin -- and turning them into a unique biometric map. The map created from your driver's licence photo will be stored in a database; photos from CCTV or surveillance footage can then be similarly mapped and then matched to this database.

Because it's based on your face structure, biometric matching doesn't change if you lose weight or dye your hair. It's also much more accurate than face-recognition by humans -- in one study from the University of New South Wales, human passport screeners failed to match one in seven faces.

We already have biometric screening in airports in the form of SmartGates. But this new scheme is much bigger, and much more broad.

Haven't states and territories already been providing this information?

Correct -- law enforcement agencies have already been asking to access licence photos and states have been providing it. But they've been passing on this information manually, there's the key point. Welcome to the era of Big Data. 

Searching through records can be arduous; there's a high barrier set simply by the effort required to conduct a search and match data sets. But when records are digitised, identities can be searched and faces matched in seconds. In fact, it becomes easy to automatically connect every single record that exists for a single person, without having to spend the time to ask whether we should.

But people don't care about privacy any more, right?

face-id-dystopia

Apple's new iPhone X will use biometric scanning to unlock your phone. 

Apple/Screenshot by CNET

We're already sharing more personal information than ever before on social networks. Facebook uses biometrics to offer tagging suggestions on the photos you upload, Samsung's new Galaxy Note 8 uses iris and face scanning and the new iPhone X has ditched the home button in favour of Face ID. But there's one important thing to remember here -- you're volunteering your personal data to use all these services. It's a very different case when the government mandates collection.

But, terrorism?

Australia has a poor record of bringing in legislation under the guise of national security, before expanding access for different crimes and for different agencies. We saw this kind of "scope creep" with data retention, when the Australian Border Force was granted access to metadata once laws were already in place. Already, Federal Justice Minister Michael Keenan has said the face-matching capability could be used for any crime "that would attract a penalty of at least three years." Once the data is on file, it becomes much easier to argue for it to be used in more situations. 

What about security?

A biometric database capturing every Australian with a driver's licence is likely to be a massive honeypot for hackers. Michael Keenan argues that "this data already exists," but when it is brought together in one place and opened up to more government agencies, there are many more opportunities for security to be compromised. Throw in access for private sector organisations that can argue they have "reasonable need" to access data, which the government has already put on the table [PDF], and suddenly our most personal of information might not be as locked down as we hope.

Why all the fuss? It's just a picture of your face...

We worry about where we store our passwords and we keep our credit card details secure, but in the future, these data points will be nowhere near as important as our biometric identifiers. Your fingerprint is already your password and you can already use your face to make payments. We've already had our first metadata breach -- if there's a major data breach involving biometric data, the stakes are much higher. In the past, you could cancel a credit card or change your password, but you can't change your face.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.

Technically Literate: Original works of short fiction with unique perspectives on tech, exclusively on CNET.