Australian police agencies are reportedly using a private, unaccountable facial recognition service that combines machine learning and wide-ranging data-gathering practices to identify members of the public from online photographs.

The service, Clearview AI, is like a reverse image search for faces. You upload an image of someone’s face and Clearview searches its database to find other images that contain the same face. It also tells you where the image was found, which might help you determine the name and other information about the person in the picture.

Clearview AI built this system by collecting several billion publicly available images from the web, including from social media sites such as Facebook and YouTube. Then they used machine learning to make a biometric template for each face and match those templates to the online sources of the images.

It was revealed in January that hundreds of US law enforcement agencies are using Clearview AI, starting a storm of discussion about the system’s privacy implications and the legality of the web-scraping used to build the database.

Australian police agencies initially denied they were using the service. The denial held until a list of Clearview AI’s customers was stolen and disseminated, revealing users from the Australian Federal Police as well as the state police in Queensland, Victoria and South Australia.

Lack of accountability

This development is particularly concerning as the Department of Home Affairs, which oversees the federal police, is seeking to increase the use of facial recognition and other biometric identity systems. (An attempt to introduce new legislation was knocked back last year for not being adequately transparent or privacy-protecting.)

Gaining trust in the proper use of biometric surveillance technology ought to be important for Home Affairs. And being deceptive about the use of these tools is a bad look.

But the lack of accountability may go beyond poor decisions at the top. It may be that management at law enforcement agencies did not know their employees were using Clearview AI. The company offers free trials to “active law enforcement personnel”, but it’s unclear how they verify this beyond requiring a government email address.

Why aren’t law enforcement agencies enforcing rules about which surveillance tools officers can use? Why aren’t their internal accountability mechanisms working?

There are also very real concerns around security when using Clearview AI. It monitors and logs every search, and we know it has already had one data breach. If police are going to use powerful surveillance technologies, there must be systems in place for ensuring those technological tools do what they say they do, and in a secure and accountable way.

Is it even accurate?

Relatively little is known about how the Clearview AI system actually works. To be accountable, a technology used by law enforcement should be tested by a standards body to ensure it is fit for purpose.

Clearview AI, on the other hand, has had its own testing done – and as a result its developers claim it is 100% accurate.

That report does not represent the type of testing that an entity seeking to produce an accountable system would undertake. In the US at least, there are agencies like the National Institute for Standards and Technology that do precisely that kind of accuracy testing. There are also many qualified researchers in universities and labs that could properly evaluate the system.

Instead, Clearview AI gave the task to a trio composed of a retired judge turned private attorney, an urban policy analyst who wrote some open source software in the 1990s, and a former computer science professor who is now a Silicon Valley entrepreneur. There is no discussion of why those individuals were chosen.

The method used to test the system also leaves a lot to be desired. Clearview AI based their testing on a test by the American Civil Liberties Union of Amazon’s Rekognition image analysis tool.

However, the ACLU test was a media stunt. The ACLU ran headshots of 28 members of congress against a mugshot database. None of the politicians were in the database, meaning any match returned would be an error. However, the test only required the system to be 80% certain of its results, making it quite likely to return a match.

The Clearview AI test also used headshots of politicians taken from the web (front-on, nicely framed, well-lit images), but ran them across their database of several billion images, which did include those politicians.

The hits returned by the system were then confirmed visually by the three report authors as 100% accurate. But what does 100% mean here?

The report stipulates that the first two hits provided by the system were accurate. But we don’t know how many other hits there were, or at what point they stopped being accurate. Politicians have lots of smiling headshots online, so finding two images should not be complex.

What’s more, law enforcement agencies are unlikely to be working with nice clean headshots. Poor-quality images taken from strange angles – the kind you get from surveillance or CCTV cameras – would be more like what law enforcement agencies are actually using.

Despite these and other criticisms, Clearview AI CEO Hoan Ton-That stands by the testing, telling Buzzfeed News he believes it is diligent and thorough.

More understanding and accountability are needed

The Clearview AI case shows there is not enough understanding or accountability around how this and other software tools work in law enforcement. Nor do we know enough about the company selling it and their security measures, nor about who in law enforcement is using it or under what conditions.

Beyond the ethical arguments around facial recognition, Clearview AI reveals Australian law enforcement agencies have such limited technical and organisational accountability that we should be questioning their competency even to evaluate, let alone use, this kind of technology.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

A Bill to set up the federal government’s biometric identity system is currently going through Parliament. But there are concerns over just how much information the system would be allowed to gather, and how that might be used to establish more than just the identity of a person.

Strongly based on the FBI model in the United States, the Identity Matching Services Bill and its Explanatory Memoranda prescribe what data can be collected, shared and processed, by who and for what purposes.

The Bill is based on the Council of Australian Governments (COAG) agreement, signed in October 2017.

The public purpose of the system is to provide identity-matching services to government agencies and some private entities (such as banks and telcos). But the Bill will also establish the Department of Home Affairs as an incredibly data-rich law-enforcement and security agency, with a wide remit for data collection and use.

Accessing the ‘hub’

The first layer of the identity matching system is what’s called the “interoperability hub”. This is the interface for those government and private entities seeking access to identity services.

These identity services effectively answer the questions: “is this person who they say they are?” and “who is this person?”.

The hub works on a query and response model. This means that users of the system do not have access to any of the underlying data powering the biometric processing. They won’t be able to browse the databases; they will only have their identity verification questions answered.

The second layer of the system, underneath the hub, is the databases that drive the biometric identity matching. These include passport and citizenship information as well as the new National Drivers License Facial Recognition Solution database, which will be housed in the Department of Home Affairs.

Along with images, these databases include an extraordinary amount of personal information. Roads agencies, like VicRoads in Victoria, hold rich databases of biographical information including names and addresses, age and gender. Those records are also linked to information about vehicle ownership and registration.

Commonwealth criminal intelligence agencies have been seeking access to state-held driver’s licence images and associated personal information for years. The 2017 COAG agreement is what will finally enable a Commonwealth agency to have custodianship over this data on behalf of states.

You ask, it collects

But the use of the hub for identity-matching services means that the amount of data in these database will grow. Each time a user makes a request for identity-matching services, the hub will supply more data to the Department.

The Department can collect and process all information included in an identity document that has a photograph. It can also collect all of the information associated with that document held by the authority that created it.

When an entity (like law enforcement) seeks identity verification, it will likely supply images from its own camera or CCTV systems (or supplied by other parties), along with whatever data associated with those images that might help identify the person.

That could include where and when the images were taken or supplied, and potentially what a person was doing at the time the image was taken or supplied. All of those data are provided to the Department of Home Affairs when an identity verification is done.

Similarly, when banks and telecommunications companies use the hub, that potentially links those records to the Department databases – or at least facilitates those linkages down the track.

This creates the possibility of aggregated criminal and civil histories in a single identity record, like what has occurred with the FBI’s biometric system in the US.

This is all without access to the largest, most sophisticated facial recognition database in existence: Facebook. If sources such as public CCTV and social media are eventually linked into the system, its significance changes again, radically.

Joining the dots

So what is all this data for? On one hand, it provides identity services to hub users. But on the other hand, it generates insights on behalf of the Department of Home Affairs for the sake of policing. Data at a large scale, and especially when used in the context of security and intelligence, means insights and predictions.

The purposes for which the Department can use the information it gathers are very broad. They include preventing and detecting identity fraud, law enforcement, national security, protective security (protection of government assets, persons or facilities), community safety (for instance where a person is acting suspiciously in a crowded public place), and road safety.

Those categories include criminal intelligence gathering and profiling, policing of public spaces and public events, and policing of activist communities and protests.

Many of these policing exercises are highly data-driven, using new predictive techniques to identify criminal suspects and political agitators before any activity has even occurred.

Identity technologies have historically been used by governments to answer two questions:

1) What person is that? 2) What kind of person is that?

Identity is more than merely biographical information. It is a narrative that we tell about ourselves and that others tell about us. That narrative is what is at stake in this type of security surveillance.

Beyond facial recognition, we have already seen machine vision systems designed to predict sexuality on the basis of a person’s image. It’s research that has already generated plenty of controversy.

If the data sets can be construed, and the results are to be accepted, there is no reason why machine vision systems cannot be targeted to answer questions about criminal propensity, IQ, suitability for certain tasks, political leanings, or anything else.

We need to understand what these new database arrangements will enable in terms of high-level or political policing by the Department of Home Affairs, and what this new technical and bureaucratic architecture means for Australia’s broader surveillance arrangements.

This article was originally published on The Conversation. Read the original article.

Contacts:

This decision will severely impair the Privacy Commissioner in regulating privacy on line.

In what may be the most important Australian privacy decision to date, the Federal Court has effectively gutted the Privacy Act.

The judgment means that a person’s internet browsing history (URL addresses visited), assigned IP addresses, and geo-location (cell tower) data is not personal information because it did not identify that person’s name or telephone number.  The reality however is that those pieces of information taken together do identify a person.

The judgment effectively introduces a new hurdle in determining whether personal information is  protected by requiring a person to be the subject matter of each piece of information. This
very narrow reading ignores how data matching and data linking works, permitting a person to be identified from pieces of information each of which does not necessarily specifically refer to
him or her.

“The approach taken by the Federal Court ignores the effect of significant technological developments in data matching and linking.  It is an analog decision for a digital age.  The decision leaves Australia with one of the weakest and least effective privacy protections in the Western World” said Jake Goldenfein, board member of the Australian Privacy Foundation. Dr Goldenfein said that the approach taken by the Court ignores overseas court decisions which have identified and recognised the reality of linking different items of digital information which has the effect of identify
ing a person.

Dr Goldenfein said today’s judgement was a bad day for privacy protection in Australia. This data is very valuable to security and law enforcement but there are now no protections for
ordinary citizens as to the use of such data.

“This judgment has rendered Australia an outlier in the protection of privacy on line” said Mr Goldenfein. “It reduces the protections ordinary Australians should expect and have. It is a
boon for organisations to collect vast amounts of information about individuals but not be accountable to the regulator for it.”

The Australian Privacy Foundation called on the Commonwealth Government to amend the Privacy Act to fix the damage the Federal Court judgement may cause without delay.

Background
This case began when in 2013 Ben Grubb, then a reporter with the Fairfax press, sought metadata information regarding his mobile phone held by Telstra Corporation. Telstra refused to provide it to him claiming it was not personal information.  He complained to the Privacy Commissioner who held that the metadata was personal information.  Telstra successfully appealed that decision in the Administrative Appeals Tribunal in 2015. In 2016 the Privacy Commissioner appealed that decision to the Full Bench of the Federal Court.

The Australian Privacy Foundation, together with the New South Wales Council for Civil Liberties, applied to be heard as an amicus curiae, a friend of the court.

The details are as follows:

Date: 19 January 2017.
Venue: Court 8C (Level 8) Commonwealth Law Courts, 305 William Street, Melbourne, 3000
Time: 9 am

The judgment is important, determining what constitutes “personal information” for the purpose of the Privacy Act 1988. It will decide whether the metadata we create is part of our personal information.  It is likely to be the most significant privacy decision by an Australian Court to date. This case began when in 2013 Ben Grubb, then a reporter with the Fairfax press, sought metadata information regarding his mobile phone held by Telstra Corporation. Telstra refused to provide it to him claiming it was not personal information.  He complained to the Privacy Commissioner who held that the metadata was personal information.  Telstra successfully appealed that decision in the Administrative Appeals Tribunal in 2015. In 2016, the Privacy Commissioner appealed that decision to the Full Bench of the Federal Court.

The Australian Privacy Foundation, together with the New South Wales Council for Civil Liberties, applied to be heard as an amicus curiae, a friend of the court.

The judgment is also notable in that it is one of the last decisions of Justice Edelman in the Federal Court before he is sworn in as a justice of the High Court later this month.