Committee asks for more transparency over Australia’s face-matching system
The Department of Home Affairs is currently responsible for the operation of a central hub of a facial recognition system that will link up identity-matching systems between government agencies in Australia.
The Australia-wide initiative will allow state and territory law enforcement agencies to have access to the country’s new face matching services to access passport, visa, citizenship, and driver licence images from other jurisdictions.
The initiative comprises two parts: The Face Verification Service (FVS) is a one-to-one image-based verification service that will match a person’s photo against an image on one of their government records, while the Face Identification Service (FIS) is a one-to-many, image-based identification service that can match a photo of an unknown person against multiple government records to help establish their identity.
With Home Affairs claiming immunity on disclosing the contracted vendor responsible for the facial recognition algorithm, a Parliamentary Joint Committee on Law Enforcement has asked the government be more transparent.
In a report [PDF] into the impact of new and emerging information and communication technology on law enforcement activities, the committee asked the government take into account its recommendations when developing any future strategies for biometric data and facial recognition systems.
It has called for the development of an appropriate regime to detect, audit, report on, respond to, and guard against events that may breach biometric data security. It also asked for the development of methods for assessing the implications of any security breach, as well as how it will communicate the breach to both the general public and the technical, privacy, and security communities.
Following calls from human rights advocates, privacy champions, and industry, the committee has also asked the government “publicly release additional technical information about the nature of the facial matching scheme, and the process for ensuring that there are not false matches, in order to inform the public about its operation and to allow informed debate about its use and future database links”.
While the government has moved to have the Telecommunications and Other Legislation Amendment (Assistance and Access) Act in place post-haste, the committee raised concerns from the law enforcement community that the powers contained within Australia’s encryption-busting laws should be extended.
“The committee recommends that the Australian government considers reviewing the Telecommunications (Interception and Access) Act 1979 and Surveillance Devices Act 2004 and amending them as necessary to ensure that they are technology neutral and an effective legal mechanism for meeting the telecommunications interception needs of law enforcement agencies,” it wrote, highlighting that during its inquiry, Home Affairs, the Attorney-General’s Department, and Australian Border Force all noted that telecommunications interception under both vital tools for agencies in their investigations of a range of criminal offences, both online and offline.
Additionally, the committee said it is supportive of public-private partnerships as a means of fostering and developing IT expertise and novel approaches to tackling cybercrime, and therefore recommended the government explores opportunities for “greater engagement and partnerships with the private sector to facilitate the exchange of expertise and collaboration in addressing cybercrime”.
Making 15 recommendations in total, the committee has asked the government to consider standing up a taskforce comprising IT, legal, law enforcement, and security folk to probe the impact of new and emerging IT on Australian law enforcement; identify ability-limiting issues in current legislative and regulatory frameworks; and make recommendation on any changes that may be necessary to ensure that law enforcement agencies are keeping pace with and capable of tackling new cyber challenges as they arise.
The committee also recommends the government considers implementing the INdata Cooperative Research Centre to address the common big data and information data sharing needs of law enforcement agencies, with the aim of improving information and intelligence-sharing between law enforcement agencies in all jurisdictions
Upping the digital literacy of the law enforcement workforce to successfully implement the proposed tech-related initiatives is also on the agenda of the committee, asking for programs such as cadetships and “the recruitment of talented university students”. It also wants education materials produced that provide guidance to law enforcement agencies and personnel on “new and emerging technologies” that offenders may use to facilitate family and domestic abuse.
Further, the committee has called for the development and implementation of an Internet of Things (IoT) public awareness campaign that raises awareness about the potential vulnerabilities and guides consumers on how to protect their privacy.
On improving IT capabilities and resources, the committee recommends Canberra stand up a dedicated agency fund to enable law enforcement agencies to respond to the escalating challenges of cybercrime, as well as improve the IT procurement models potentially stifling law enforcement.
It also called for the government to consider the use of “hybrid storage strategies, artificial intelligence, and other advanced techniques for sorting, filtering and analysing large volumes of data”.
Additionally, the committee recommends that the Australian government explores opportunities for greater engagement and partnerships with the private sector to facilitate the exchange of information and communications technology expertise and the development of novel approaches to tackling cybercrime.
Current consumer protection laws and regulations in relation to internet-enabled devices should also be on the government’s agenda, the committee has said, asking for the identification of changes required to provide “adequate and timely consumer protection in relation to the risks they pose”, recommending that the government review legal mechanisms intended to protect victims, such as Apprehended Violence Orders, to ensure that they offer adequate protection to victims of crime facilitated by internet-enabled devices.
With a spotlight on underground activity, the committee has called for a review of how existing law enforcement strategies to tackle activities facilitated by the dark web, such as that used to close Silk Road, can be enhanced for wider application.
The same recommendation also asked the National Cybercrime Working Group look into a national statutory framework for Delayed Notification Search Warrants for serious crime and corruption offences; a framework for an indicators and warning system that identifies changes in global illicit supply chains; and an independent entity to review current case categorisation and prioritisation within the Home Affairs portfolio as part of its work developing a new National Plan to Combat Cybercrime.
On the National Plan, the committee wants a key priority area to be centred on ways to better coordinate intelligence gathering, data analytics, data management, and investigative support services across Australian jurisdictions and agencies “in order to ensure that law enforcement in Australia is able to keep pace with the rapid pace of technological change in digital communications”.
Similarly, the committee wants the Mutual Legal Assistance Treaty to be probed from the lens of having it better suit the investigation of cybercrimes and tech-related challenges facing law enforcement.