Identity flagged as government security focus

Australian government agencies’ efforts to expand use of facial recognition biometric technology have gained new momentum as a damning assessment of current identity and access management (IAM) technologies adds further weight to the push to bolster everyday security processes.

Most recently, federal Minister for Justice Michael Keenan announced a significant investment in face-matching technology that will see government agencies and law-enforcement bodies actively sharing driver’s licence photos, passport photos and other identity documents to positively identify photographs of unknown persons of interest.

The $18.5m National Facial Biometric Matching Capability (NFBMC) builds on new legislation designed to help government bodies collect more biometric information and use that information in a range of ways.

The process has angered critics like Greens senator Scott Ludlam, who warned, “If this material were to fall into the wrong hands, it could lead to one very obvious scenario: identity theft. If you have this information on an individual, you can assume their identity in almost trivial ways and wreck people’s lives.”

Despite concerns that mass harvesting and matching of citizens’ photographs — from passports, driver’s licences and other sources — is an overreaching violation of privacy, clear steps have already been taken to address both security issues and technical interoperability issues for stakeholder departments.

An AGD-sponsored National Biometric Interoperability Framework (NBIF) has already been established to coordinate the secure interoperability of biometric systems between government agencies. This will dovetail with the establishment of cross-agency Biometric Centres of Expertise (CoE) including a DFAT-led Facial Biometrics CoE and a Department of Immigration and Border Protection (DIBP)-led Fingerprint Biometrics CoE.

Concerns about identity have been echoed at the state level, with the Victorian Auditor-General’s Office (VAGO) recently warning in an audit report that inadequate IAM processes within state government agencies saw them overrepresented in audit findings around user access management, authentication controls and other areas.

Broader use of biometric technologies would address this as well as delivering new sources of investigative information — reflecting a worldwide trend in which governments are embracing recent biometrics advancements to tighten overall security, said Steve Lennon, Oceania region principal advisor for technology and innovation with biometrics stalwart Fujitsu.

Although Lennon declined to comment on the specifics of the NFBMC project, he told GTR that increased use of biometrics “is something citizens are going to have to get comfortable with if we don’t want identity crime to continue having an escalating impact on both corporate and personal sectors in our economy”.

Fujitsu — which this year redoubled its efforts in Australia’s biometrics market by pushing its PalmSecure hand-vein scanner to private and public clients including the Gold Coast City Council and a major bank — is one of numerous providers competing for a share of a fast-growing market.

Much of this growth will be driven by both government and non-government providers looking for more secure alternatives to existing authentication methods. Research and Markets figures suggest facial recognition biometric systems will dominate the Australian market through 2025, with fingerprint scanning systems growing at 6.7% annually during that time.

Just how the systems will be implemented will become clear over time. Keenan’s statement said the system “would not be a centralised biometric database”, would comply with the strict protections of the Privacy Act 1988 and would not “retain or store any images that are shared between agencies”.

Facial biometrics “present some of the most promising opportunities for enhancing interoperability at the national level”, the AGD has claimed, but the system “may be expanded over time to include other biometric types”.

Such flexibility is becoming important as government organisations, in particular, move to embrace facial recognition, data matching and real-time video analytics as less-intrusive forms of citizen identification. Biometrics capabilities were fast becoming integrated into far-reaching device management networks that link large numbers of Internet of Things (IoT) devices with a centralised management platform that delivers biometric identification as a service.

“We’re getting ready to be able to provide support for the IoT, and that network of sensors, on an as-a-service basis,” Lennon explained, noting that the industry is “recognising that cloud computing, the IoT, data analytics and big data are not separate pieces of an enterprise compute capability, but in the future will need to be part of an integrated platform”.

Video feeds coming from CCTV and other cameras will be married up with building management information systems and the RFID cards that people are carrying, even to the information we may have from smart ticketing cards being used as the mode of travel that people took to the building.

Such capabilities would boost government agencies’ investigative capabilities significantly, and recent contracts confirm increased biometrics usage is well and truly on the cards. Earlier this year, the Attorney-General’s Department (AGD) contracted ACT-based consultancy ArisTech for the services of a facial biometric expert to work in its National Security Resilience Policy division. CrimTrac went to market in June for a national fingerprint and facial recognition capability that can support other modes in the future and is expected to go live in June next year. For its part, the DIBP expanded a contract with Daon Australia for provision of mobile biometrics collection equipment.

Image courtesy NIST