By Richard Griggs*
Recently Tasmanians learnt that our state drivers licence photos are being sent to Canberra for storage on a national facial recognition database.
UPDATE: on 4 December 2019 the Minister responsible, Michael Ferguson, advised the Government Business Scrutiny Committee of the Tasmanian Parliament that 410,000 Tasmanian licence photos had been transferred to the national facial recognition scheme. (See full quote at end of article).
This has come as a rude shock to many.
For some, the concern is the simple fact they were not informed where their photographs were being sent. It is a matter of common courtesy.
For others, it is the lack of clarity about what the facial recognition database will be used for, leading to fears it is a step towards constant surveillance by the state.
Others again worry the national database will be a honey pot for hackers and criminals who are attracted to the large store of valuable personal information.
Finally, many are furious that the transfer of sensitive personal information by the Tasmanian Government occurred in the absence of any legislative or parliamentary approval at either a State or Commonwealth level.
These are valid concerns and the State Government has some serious explaining to do.
The government’s response, to date, is that the regulations authorising the transfer were appropriately scrutinised by the Subordinate Legislation Committee of State Parliament.
This sounds comforting but isn’t.
No public input, no public report. What it means, in effect, is that government wrote a regulation handing itself the power to transfer our photos to the database and then had a six-person parliamentary committee assess that regulation.
Importantly, the issue was not debated by parliament as a whole, only the small committee which met in private.
This committee was established in 1969 to examine all regulations written by government. It serves a very important purpose in scrutinising these technical documents. The committee is not however structured or empowered to be making privacy assessments on behalf of all Tasmanians.
The deficiencies in this process are:
No public input. The committee generally does not call for public submissions. Public consultation occurs only in a minority of cases and did not occur for the facial recognition regulations.
No parliamentary debate. Discussions of the committee are not recorded and the public cannot attend and observe.
No public report. The committee is required to examine whether the regulation interferes with personal rights and liberties. However, this report is not publicly available and we are unaware of their views and conclusions.
This year November 17th marks fifteen years since our privacy laws were introduced. The laws came with the promise of delivering “full transparency” in how government uses the personal information of citizens. The time has now arrived for transparency improvements to be made.
Fifteen years ago Facebook was not available to Australians and Google had only just been launched on the stock exchange.
The world is now a dramatically different place with vast amounts of personal data in circulation and identity theft a growing criminal problem.
Times have changed and our privacy laws need to keep up.
If government makes poor decisions about how our private information is stored, it is the community who pay the price of lost anonymity and increased risk of identity theft.
Part of the remedy to this problem is relatively simple and centres on increased public participation in the democratic process and increased accountability for decision-makers.
Amendment should be made to the Personal Information Protection Act to require full parliamentary debate and a vote to approve entry into national schemes like the facial recognition one.
By subjecting the issue to scrutiny and debate, we can ensure a transparent and modern approach to privacy. If the government’s proposal does not stand up to standard parliamentary scrutiny, it risks being voted against and sent back to the drawing board for improvement.
Fifteen years on it is more important than ever that the “full transparency” pledge of our privacy laws is lived up to.
Full quote from Minister Ferguson (see UPDATE, above):
I was asked where the Tasmanian data is stored for the facilitation of facial recognition. I am advised that the data is stored at secure data centres in Canberra. There are multiple centres, one being the production environment and the other for disaster recovery. I take the opportunity to re-emphasise my earlier points around other agencies’ access. I was asked how many Tasmanian driver licences are held in the database. Images of approximately 410 000 Tasmanian licence holders are part of Tasmania’s partition within the National Driver Licence Facial Recognition Solution.”
- Richard Griggs is Tasmanian Director of Civil Liberties Australia. This article appeared first in The Mercury Hobart