Margarita Vladimirova, PhD in Privacy Law and Facial Recognition Technology, Deakin University

The morning started with a message from a friend: “I used your photos to train my local version of Midjourney. I hope you don’t mind”, followed up with generated pictures of me wearing a flirty steampunk costume.

I did in fact mind. I felt violated. Wouldn’t you? I bet Taylor Swift did when deepfakes of her hit the internet. But is the legal status of my face different from the face of a celebrity?

Your facial information is a unique form of personal sensitive information. It can identify you. Intense profiling and mass government surveillance receives much attention. But businesses and individuals are also using tools that collect, store and modify facial information, and we’re facing an unexpected wave of photos and videos generated with artificial intelligence (AI) tools.

The development of legal regulation for these uses is lagging. At what levels and in what ways should our facial information be protected?

Is implied consent enough?

The Australian Privacy Act considers biometric information (which would include your face) to be a part of our personal sensitive information. However, the act doesn’t define biometric information.

Despite its drawbacks, the act is currently the main legislation in Australia aimed at facial information protection. It states biometric information cannot be collected without a person’s consent.

But the law doesn’t specify whether it should be express or implied consent. Express consent is given explicitly, either orally or in writing. Implied consent means consent may reasonably be inferred from the individual’s actions in a given context. For example, if you walk into a store that has a sign “facial recognition camera on the premises”, your consent is implied.

But using implied consent opens our facial data up to potential exploitation. Bunnings, Kmart and Woolworths have all used easy-to-miss signage that facial recognition or camera technology is used in their stores.

Valuable and unprotected

Our facial information has become so valuable, data companies such as Clearview AI and PimEye are mercilessly hunting it down on the internet without our consent.

These companies put together databases for sale, used not only by the police in various countries, including Australia, but also by private companies.

Even if you deleted all your facial data from the internet, you could easily be captured in public and appear in some database anyway. Being in someone’s TikTok video without your consent is a prime example – in Australia this is legal.

Furthermore, we’re also now contending with generative AI programs such as Midjourney, DALL-E 3, Stable Diffusion and others. Not only the collection, but the modification of our facial information can be easily performed by anyone.

Our faces are unique to us, they’re part of what we perceive as ourselves. But they don’t have special legal status or special legal protection.

The only action you can take to protect your facial information from aggressive collection by a store or private entity is to complain to the office of the Australian Information Commissioner, which may or may not result in an investigation.

The same applies to deepfakes. The Australian Competition and Consumer Commission will consider only activity that applies to trade and commerce, for example if a deepfake is used for false advertising.

And the Privacy Act doesn’t protect us from other people’s actions. I didn’t consent to have someone train an AI with my facial information and produce made-up images. But there is no oversight on such use of generative AI tools, either.

There are currently no laws that prevent other people from collecting or modifying your facial information.

Catching up the law

We need a range of regulations on the collection and modification of facial information. We also need a stricter status of facial information itself. Thankfully, some developments in this area are looking promising.

Experts at the University of Technology Sydney have proposed a comprehensive legal framework for regulating the use of facial recognition technology under Australian law.

It contains proposals for regulating the first stage of non-consensual activity: the collection of personal information. That may help in the development of new laws.

Regarding photo modification using AI, we’ll have to wait for announcements from the newly established government AI expert group working to develop “safe and responsible AI practices”.

There are no specific discussions about a higher level of protection for our facial information in general. However, the government’s recent response to the Attorney-General’s Privacy Act review has some promising provisions.

The government has agreed further consideration should be given to enhanced risk assessment requirements in the context of facial recognition technology and other uses of biometric information. This work should be coordinated with the government’s ongoing work on Digital ID and the National Strategy for Identity Resilience.

As for consent, the government has agreed in principle that the definition of consent required for biometric information collection should be amended to specify it must be voluntary, informed, current, specific and unambiguous.

As facial information is increasingly exploited, we’re all waiting to see whether these discussions do become law – hopefully sooner rather than later.

Correction: we have amended a sentence to clarify Woolworths use camera technology but not necessarily facial recognition technology.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Ausma Bernot, PhD Candidate, School of Criminology and Criminal Justice, Griffith University

A group of researchers studied 15 months of human mobility movement data taken from 1.5 million people and concluded that just four points in space and time were sufficient to identify 95% of them, even when the data weren’t of excellent quality.

That was back in 2013.

Nearly ten years on, surveillance technologies permeate all aspects of our lives. They collect swathes of data from us in various forms, and often without us knowing.

I’m a surveillance researcher with a focus on technology governance. Here’s my round-up of widespread surveillance systems I think everyone should know about.

CCTV and open-access cameras

Although China has more than 50% of all surveillance cameras installed in the world (about 34 cameras per 1,000 people), Australian cities are catching up. In 2021, Sydney had 4.67 cameras per 1,000 people and Melbourne had 2.13.

While CCTV cameras can be used for legitimate purposes, such as promoting safety in cities and assisting police with criminal investigations, their use also poses serious concerns.

In 2021, New South Wales police were suspected of having used CCTV footage paired with facial recognition to find people attending anti-lockdown protests. When questioned, they didn’t confirm or deny if they had (or if they would in the future).

In August 2022, the United Nations confirmed CCTV is being used to carry out “serious human rights violations” against Uyghur and other predominantly Muslim ethnic minorities in the Xinjiang region of Northwest China.

The CCTV cameras in China don’t just record real-time footage. Many are equipped with facial recognition to keep tabs on the movements of minorities. And some have reportedly been trialled to detect emotions.

The US also has a long history of using CCTV cameras to support racist policing practices. In 2021, Amnesty International reported areas with a higher proportion of non-white residents had more CCTV cameras.

Another issue with CCTV is security. Many of these cameras are open-access, which means they don’t have password protection and can often be easily accessed online. So I could spend all day watching a livestream of someone’s porch, as long as there was an open camera nearby.

Surveillance artist Dries Depoorter’s recent project The Follower aptly showcases the vulnerabilities of open cameras. By coupling open camera footage with AI and Instagram photos, Depoorter was able to match people’s photos with the footage of where and when they were taken.

There was pushback, with one of the identified people saying:

It’s a crime to use the image of a person without permission.

Whether or not it is illegal will depend on the specific circumstances and where you live. Either way, the issue here is that Depoorter was able to do this in the first place.

IoT devices

An IoT (“Internet of Things”) device is any device that connects to a wireless network to function – so think smart home devices such as Amazon Echo or Google Dot, a baby monitor, or even smart traffic lights.

It’s estimated global spending on IoT devices will have reached US$1.2 trillion by some point this year. Around 18 billion connected devices form the IoT network. Like unsecured CCTV cameras, IoT devices are easy to hack into if they use default passwords or passwords that have been leaked.

In some examples, hackers have hijacked baby monitor cameras to stalk breastfeeding mums, threaten parents that their baby was being kidnapped, and say creepy things like “I love you” to children.

Beyond hacking, businesses can also use data collected through IoT devices to further target customers with products and services.

Privacy experts raised the alarm in September over Amazon’s merger agreement with robot vacuum company iRobot. A letter to the US Federal Trade Commission signed by 26 civil rights and privacy advocacy groups said:

Linking iRobot devices to the already intrusive Amazon home system incentivizes more data collection from more connected home devices, potentially including private details about our habits and our health that would endanger human rights and safety.

IoT-collected data can also change hands with third parties through data partnerships (which are very common), and this too without customers’ explicit consent.

Big tech and big data

In 2017, the value of big data exceeded that of oil. Private companies have driven the majority of that growth.

For tech platforms, the expansive collection of users’ personal information is business as usual, literally, because more data mean more precise analytics, more effective targeted ads and more revenue.

This logic of profit-making through targeted advertising has been dubbed “surveillance capitalism”. As the old saying goes, if you’re not paying for it, then you’re the product.

Meta (which owns both Facebook and Instagram) generated almost US$23 billion in advertising revenue in the third quarter of this year.

The vast machinery behind this is illustrated well in the 2021 documentary The Social Dilemma, even if in a dramatised way. It showed us how social media platforms rely on our psychological weaknesses to keep us online for as long as possible, measuring our actions down to the seconds we spend hovering over an ad.

Loyalty programs

Although many people don’t realise it, loyalty programs are one of the biggest personal data collection gimmicks out there.

In a particularly intrusive example, in 2012 one US retailer sent a teenage girl a catalogue dotted with pictures of smiling infants and nursery furniture. The girl’s angered father went to confront managers at the local store, and learned that predictive analytics knew more about his daughter than he did.

It’s estimated 88% of Australian consumers over age 16 are members of a loyalty program. These schemes build your consumer profile to sell you more stuff. Some might even charge you sneaky fees and lure you in with future perks to sell you at steep prices.

As technology journalist Ros Page notes:

[T]he data you hand over at the checkout can be shared and sold to businesses you’ve never dealt with.

As a cheeky sidestep, you could find a buddy to swap your loyalty cards with. Predictive analytics is only strong when it can recognise behavioural patterns. When the patterns are disrupted, the data turn into noise.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Brendan Walker-Munro, Senior Research Fellow, The University of Queensland

You walk into a shopping centre to buy some groceries. Without your knowledge, an electronic scan of your face is taken by in-store surveillance cameras and stored in an online database. Each time you return to that store, your “faceprint” is compared with those of people wanted for shoplifting or violence.

This might sound like science fiction but it’s the reality for many of us. By failing to take our digital privacy seriously – as former human rights commissioner Ed Santow has warned – Australia is “sleepwalking” its way into mass surveillance.

Privacy and the digital environment

Of course, companies have been collecting personal information for decades. If you’ve ever signed up to a loyalty program like FlyBuys then you’ve performed what marketing agencies call a “value exchange”. In return for benefits from the company (like discounted prices or special offers), you’ve handed over details of who you are, what you buy, and how often you buy it.

Consumer data is big business. In 2019, a report from digital marketers WebFX showed that data from around 1,400 loyalty programs was routinely being traded across the globe as part of an industry worth around US$200 billion. That same year, the Australian Competition and Consumer Commission’s review of loyalty schemes revealed how many of these loyalty schemes lacked data transparency and even discriminated against vulnerable customers.

But the digital environment is making data collection even easier. When you watch Netflix, for example, the company knows what you watch, when you watch it, and how long you watch it for. But they go further, also capturing data on which scenes or episodes you watch repeatedly, the ratings of your content, the number of searches you perform and what you search for.

Hyper-collection: a new challenge to privacy

Late last year, the controversial tech company ClearView AI was ordered by the Australian information commissioner to stop “scraping” social media for the pictures it was collecting in its massive facial recognition database. Just this month, the commissioner was investigating several retailers for creating facial profiles of the customers in their stores.

This new phenomenon – “hyper-collection” – represents a growing trend by large companies to collect, sort, analyse and use more information than they need, usually in covert or passive ways. In many cases, hyper-collection is not supported by a truly legitimate commercial or legal purpose.

Digital privacy laws and hyper-collection

Hyper-collection is a major problem in Australia for three reasons.

First, Australia’s privacy law wasn’t prepared for the likes of Netflix and TikTok. Despite numerous amendments, the Privacy Act dates back to the late 1980s. Although former Attorney-General Christian Porter announced a review of the Act in late 2019, it has been held up by the recent change of government.

Second, Australian privacy laws are unlikely on their own to threaten the profit base of foreign companies, especially those located in China. The Information Commissioner has the power to order companies to take certain actions – like it did with Uber in 2021 – and can enforce these through court orders. But the penalties aren’t really big enough to discourage companies with profits in the billions of dollars.

Third, hyper-collection is often enabled by the vague consents we give to get access to the services these companies provide. Bunnings, for example, argued that its collection of your faceprint was allowed because signs at the entry to their stores told customers facial recognition might be used. Online marketplaces like eBay, Amazon, Kogan and Catch, meanwhile, supply “bundled consents” – basically, you have to consent to their privacy policies as a condition of using their services. No consent, no access.

TikTok and hyper-collection

TikTok (owned by Chinese company ByteDance) has largely replaced YouTube as a way of creating and sharing online videos. The app is powered by an algorithm has already drawn criticism for routinely collecting data about users, as well as the ByteDance’s secretive approach to content moderation and censorship.

For years, TikTok executives have been telling governments that data isn’t stored in servers on the Chinese mainland. But these promises might be hollow in the wake of recent allegations.

Cybersecurity experts now claim that not only does the TikTok app routinely connect to Chinese servers, but that users’ data is accessible by ByteDance employees, including the mysterious Beijing-based “Master Admin”, which has access to every user’s personal information.

Then, just this week, it was alleged that TikTok (owned by Chinese company ByteDance) can also access almost all the data contained on the phone it is installed on – including photos, calendars and emails.

Under China’s national security laws, the government can order tech companies to pass on that information to police or intelligence agencies.

What options do we have?

Unlike a physical store, we don’t get a lot of choice about consenting to digital companies’ privacy policies and how they collect our information.

One option – supported by encryption expert Vanessa Teague at ANU – is for consumers simply to delete offending apps until their creators are willing to submit to greater data transparency. Of course, this means locking ourselves out of those services, and it will only have a big impact in the company if enough Australians join in.

Another option is “opting-out” of intrusive data collection. We’ve done this before – when My Health records became mandatory in 2019, a record number of us opted out. Though these opt-outs reduced the usefulness of that digital health record program, they did demonstrate that Australians can take their data privacy seriously.

But how exactly can Australians opt-out of a massive social app like TikTok? Right now, they can’t – perhaps the government needs to explore a solution as part of its review.

A further option being explored by the Privacy Act review is whether to create new laws that would allow individuals to sue companies for damages for breaches of privacy. While lawsuits are expensive and time-consuming, they might just deliver the kind of financial damage to big companies that could change their behaviour.

No matter which option we take, Australians need to start getting more savvy with their data privacy. This might just mean we actually read those terms and conditions before agreeing, and being prepared to “vote with our feet” if companies won’t be honest about what they’re doing with our personal information.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Mark Andrejevic, Professor, School of Media, Film, and Journalism, Monash University, Monash University and Gavin JD Smith, Associate Professor in Sociology, Australian National University

Private companies and public authorities are quietly using facial recognition systems around Australia.

Despite the growing use of this controversial technology, there is little in the way of specific regulations and guidelines to govern its use.

Spying on shoppers

We were reminded of this fact recently when consumer advocates at CHOICE revealed that major retailers in Australia are using the technology to identify people claimed to be thieves and troublemakers.

There is no dispute about the goal of reducing harm and theft. But there is also little transparency about how this technology is being used.

CHOICE found that most people have no idea their faces are being scanned and matched to stored images in a database. Nor do they know how these databases are created, how accurate they are, and how secure the data they collect is.

As CHOICE discovered, the notification to customers is inadequate. It comes in the form of small, hard-to-notice signs in some cases. In others, the use of the technology is announced in online notices rarely read by customers.

The companies clearly don’t want to draw attention to their use of the technology or to account for how it is being deployed.

Police are eager

Something similar is happening with the use of the technology by Australian police. Police in New South Wales, for example, have embarked on a “low-volume” trial of a nationwide face-recognition database. This trial took place despite the fact that the enabling legislation for the national database has not yet been passed.

In South Australia, controversy over Adelaide’s plans to upgrade its CCTV system with face-recognition capability led the city council to vote not to purchase the necessary software. The council has also asked South Australia Police not to use face-recognition technology until legislation is in place to govern its use.

However, SA Police have indicated an interest in using the technology.

In a public statement, the police described the technology as a potentially useful tool for criminal investigations. The statement also noted:

There is no legislative restriction on the use of facial recognition technology in South Australia for investigations.

A controversial tool

Adelaide City Council’s call for regulation is a necessary response to the expanding use of automated facial recognition.

This is a powerful technology that promises to fundamentally change our experience of privacy and anonymity. There is already a large gap between the amount of personal information collected about us every day and our own knowledge of how this information is being used, and facial recognition will only make the gap bigger.

Recent events suggest a reluctance on the part of retail outlets and public authorities alike to publicise their use of the technology.

Although it is seen as a potentially useful tool, it can be a controversial one. A world in which remote cameras can identify and track people as they move through public space seems alarmingly Orwellian.

The technology has also been criticised for being invasive and, in some cases, biased and inaccurate. In the US, for example, people have already been wrongly arrested based on matches made by face-recognition systems.

Public pushback

There has also been widespread public opposition to the use of the technology in some cities and states in the US, which have gone so far as to impose bans on its use.

Surveys show the Australian public have concerns about the invasiveness of the technology, but that there is also support for its potential use to increase public safety and security.

Facial-recognition technology isn’t going away. It’s likely to become less expensive and more accurate and powerful in the near future. Instead of implementing it piecemeal, under the radar, we need to directly confront both the potential harms and benefits of the technology, and to provide clear rules for its use.

What would regulations look like?

Last year, then human rights commissioner Ed Santow called for a partial ban on the use of facial-recognition technology. He is now developing model legislation for how it might be regulated in Australia.

Any regulation of the technology will need to consider both the potential benefits of its use and the risks to privacy rights and civic life.

It will also need to consider enforceable standards for its proper use. These could include the right to correct inaccurate information, the need to provide human confirmation for automated forms of identification, and the setting of minimum standards of accuracy.

They could also entail improving public consultation and consent around the use of the technology, and a requirement for the performance of systems to be accountable to an independent authority and to those researching the technology.

As the reach of facial recognition expands, we need more public and parliamentary debate to develop appropriate regulations for governing its use.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Zofia Bednarz, Lecturer in Commercial Law, University of Sydney; Kayleen Manwaring, Senior Research Fellow, UNSW Allens Hub for Technology, Law & Innovation and Senior Lecturer, School of Private & Commercial Law, UNSW Law & Justice, UNSW Sydney, and Kimberlee Weatherall, Professor of Law, University of Sydney

What if your insurer was tracking your online data to price your car insurance? Seems far-fetched, right?

Yet there is predictive value in the digital traces we leave online. And insurers may use data collection and analytics tools to find our data and use it to price insurance services.

For instance, some studies have found a correlation between whether an individual uses an Apple or Android phone and their likelihood of exhibiting certain personality traits.

In one example, US insurance broker Jerry analysed the driving behaviour of some 20,000 people to conclude Android users are safer drivers than iPhone users. What’s stopping insurers from referring to such reports to price their insurance?

Our latest research shows Australian consumers have no real control over how data about them, and posted by them, might be collected and used by insurers.

Looking at several examples from customer loyalty schemes and social media, we found insurers can access vast amounts of consumer data under Australia’s weak privacy laws.

Your data is already out there

Insurers are already using big data to price consumer insurance through personalised pricing, according to evidence gathered by industry regulators in the United Kingdom, European Union and United States.

Consumers often “agree” to all kinds of data collection and privacy policies, such as those used in loyalty schemes (who doesn’t like freebies?) and by social media companies. But they have no control over how their data are used once it’s handed over.

There are far-reaching inferences that can be drawn from data collected through loyalty programs and social media platforms – and these may be uncomfortable, or even highly sensitive.

Researchers using data analytics and machine learning have claimed to build models that can guess a person’s sexual orientation from pictures of their face, or their suicidal tendencies from posts on Twitter.

Think about all the details revealed from a grocery shopping history alone: diet, household size, addictions, health conditions and social background, among others. In the case of social media, a user’s posts, pictures, likes, and links to various groups can be used to draw a precise picture of that individual.

What’s more is Australia has a Consumer Data Right which already requires banks to share consumers’ banking data (at the consumer’s request) with another bank or app, such as to access a new service or offer.

The regime is actively being expanded to other parts of the economy including the energy sector, with the idea being competitors could use information on energy usage to make competitive offers.

The Consumer Data Right is advertised as empowering for consumers – enabling access to new services and offers, and providing people with choice, convenience and control over their data.

In practice, however, it means insurance firms accredited under the program can require you to share your banking data in exchange for insurance services.

The previous Coalition government also proposed “open finance”, which would expand the Consumer Data Right to include access to your insurance and superannuation data. This hasn’t happened yet, but it’s likely the new Albanese government will look into it.

Why more data in insurers’ hands may be bad news

There are plenty of reasons to be concerned about insurers collecting and using increasingly detailed data about people for insurance pricing and claims management.

For one, large-scale data collection provides incentives for cyber attacks. Even if data is held in anonymised form, it can be re-identified with the right tools.

Also, insurers may be able to infer (or at least think they can infer) facts about an individual which they want to keep private, such as their sexual orientation, pregnancy status or religious beliefs.

There’s plenty of evidence the outputs of artificial intelligence tools employed in mass data analytics can be inaccurate and discriminatory. Insurers’ decisions may then be based on misleading or untrue data. And these tools are so complex it’s often difficult to work out if, or where, errors or bias are present.

Although insurers are meant to pool risk and compensate the unlucky, some might use data to only offer affordable insurance to very low-risk people. Vulnerable consumers may face exclusion.

A more widespread use of data, especially via the Consumer Data Right, will especially disadvantage those who are unable or unwilling to share data with insurers. These people may be low risk, but if they can’t or won’t prove this, they’ll have to pay more than a fair price for their insurance cover.

They may even pay more than what they would have in a pre-Consumer Data Right world. So insurance may move further from a fair price when more personal data are available to insurance firms.

We need immediate action

Our previous research demonstrated that apart from anti-discrimination laws, there are inadequate constraints on how insurers are allowed to use consumers’ data, such as those taken from online sources.

The more insurers base their assessments on data a consumer didn’t directly provide, the harder it will be for that person to understand how their “riskiness” is being assessed. If an insurer requests your transaction history from the last five years, would you know what they are looking for? Such problems will be exacerbated by the expansion of the Consumer Data Right.

Interestingly, insurance firms themselves might not know how collected data translates into risk for a specific consumer. If their approach is to simply feed data into a complex and opaque artificial intelligence system, all they’ll know is they’re getting a supposedly “better” risk assessment with more data.

Recent reports of retailers collecting shopper data for facial recognition have highlighted how important it is for the Albanese government to urgently reform our privacy laws, and take a close look at other data laws, including proposals to expand the Consumer Data Right.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

South Australia has begun a trial of a new COVID app to monitor arrivals into the state. SA Premier Steven Marshall claimed “every South Australian should feel pretty proud that we are the national pilot for the home-based quarantine app”.

He then doubled down with the boast that he was “pretty sure the technology that we have developed within the South Australia government will become the national standard and will be rolled out across the country.”

Victoria too has announced impending “technologically supported” home quarantine, though details remain unclear. Home quarantine will also eventually be available for international arrivals, according to Prime Minister Scott Morrison.

The South Australian app has received little attention in Australia, but in the US the left-leaning Atlantic magazine called it “as Orwellian as any in the free world”. Right-wing outlets such as Fox News and Breitbart also joined the attack, and for once I find myself in agreement with them.

Location tracking and facial recognition

Despite the SA Premier’s claims, this isn’t the first such app to be used in Australia. A similar home-quarantine app is already in use for arrivals into WA, and in some cases the Northern Territory.

Both apps uses geolocation and facial recognition software to track and identify those in quarantine. Users are required to prove they are at home when randomly prompted by the application.

In SA, you have 15 minutes to get the face recognition software to verify you’re still at home. In WA, it is more of a race. You have just 5 minutes before you risk a knock on the door from the police.

Another difference is that the SA app is opt-in. Currently. The WA app is already mandatory for arrivals from high risk areas like Victoria. For extreme risk areas like NSW, it’s straight into a quarantine hotel.

Reasons for concern

But why are we developing such home-quarantine apps in the first place, when we already have a cheap technology to do this? If we want to monitor that people are at home (and that’s a big if), wouldn’t one of the ankle tags already used by our corrective services for home detention be much simpler, safer and more robust?

There are many reasons to be concerned about home-quarantine apps.

First, they’ll likely be much easier to hack than ankle tags. How many of us have hacked geo-blocks to access Netflix in the US, or to watch other digital content from another country? Faking GPS location on a smartphone is not much more difficult.

Second, facial recognition software is often flawed, and is frequently biased against people of colour and against women. The documentary Coded Bias does a great job unpicking these biases.

Despite years of effort, even the big tech giants like Google and Amazon have been unable to eliminate these biases from their software. I have little hope the SA government or the WA company GenVis, the developers of the two Australian home-quarantine apps, will have done better.

Indeed, the Australian Human Rights Commission has called for a moratorium on the use of facial recognition software in high-risk settings such as policing until better regulation is in place to protect human rights and privacy.

Third, there needs to be a much more detailed and public debate around issues like privacy, and safeguards put in place based on this discussion, in advance of the technology being used.

With COVID check-in apps, we were promised the data would only be used for public health purposes. But police forces around Australia have accessed this information for other ends on at least six occasions. This severely undermines the public’s confidence and use of such apps.

Before it was launched, the Commonwealth’s COVIDSafe app had legislative prohibitions put in place on the use of the data collected for anything but contact tracing. This perhaps gave us a false sense of security as the state-produced COVID check-in apps did not have any such legal safeguards. Only some states have retrospectively introduced legislation to provide such protections.

Fourth, we have to worry about how software like this legitimises technologies like facial recognition that ultimately erode fundamental rights such as the right to privacy.

If home-quarantine apps work successfully, will they open the door to facial recognition being used in other settings? To identify shop lifters? To provide access to welfare? Or to healthcare? What Orwellian world will this take us to?

The perils of facial recognition

In China, we have already seen facial recognition software used to monitor and persecute the Uighur minority. In the US, at least three Black people have already wrongly ended up in jail due to facial recognition errors.

Facial recognition is a technology that is dangerous if it doesn’t work (as it often the case). And dangerous if it does. It changes the speed, scale and cost of surveillance.

With facial recognition software behind the CCTV cameras found on many street corners, you can be tracked 24/7. You are no longer anonymous when you go out to the shops. Or when you protest about Black lives mattering or the climate emergency.

High technology is not the solution

High tech software like facial recognition isn’t a fix for the problems that have plagued Australia’s response to the pandemic. It can’t remedy the failure to buy enough vaccines, the failure to build dedicated quarantine facilities, or the in-fighting and point-scoring between states and with the Commonwealth.

I never thought I’d say this but, all in all, I think I’d prefer an ankle tag. And if the image of the ankle tag seems too unsettling for you, we could do what Hong Kong has done and make it a wristband.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

In the US, tireless opposition to state use of facial recognition algorithms has recently won some victories.

Some progressive cities have banned some uses of the technology. Three tech companies have pulled facial recognition products from the market. Democrats have advanced a bill for a moratorium on facial recognition. The Association for Computing Machinery (ACM), a leading computer science organisation, has also come out against the technology.

Outside the US, however, the tide is heading in the other direction. China is deploying facial recognition on a vast scale in its social credit experiments, policing, and suppressing the Uighur population. It is also exporting facial recognition technology (and norms) to partner countries in the Belt and Road initiative. The UK High Court ruled its use by South Wales Police lawful last September (though the decision is being appealed).

Here in Australia, despite pushback from the Human Rights Commission, the trend is also towards greater use. The government proposed an ambitious plan for a national face database (including wacky trial balloons about age-verification on porn sites). Some local councils are adding facial recognition into their existing surveillance systems. Police officers have tried out the dystopian services of Clearview AI.

Should Australia be using this technology? To decide, we need to answer fundamental questions about the kind of people, and the kind of society, we want to be.

From facial recognition to face surveillance

Facial recognition has many uses.

It can verify individual identity by comparing a target image with data held on file to confirm a match – this is “one-to-one” facial recognition. It can also compare a target image with a database of subjects of interest. That’s “one-to-many”. The most ambitious form is “all-to-all” matching. This would mean matching every image to a comprehensive database of every person in a given polity.

Each approach can be carried out asynchronously (on demand, after images are captured) or in real time. And they can be applied to separate (disaggregated) data streams, or used to bring together massive surveillance datasets.

Facial recognition occurring at one end of each of these scales – one-to-one, asynchronous, disaggregated – has well-documented benefits. One-to-one real-time facial recognition can be convenient and relatively safe, like unlocking your phone, or proving your identity at an automated passport barrier. Asynchronous disaggregated one-to-many facial recognition can be useful for law enforcement – analysing CCTV footage to identify a suspect, for example, or finding victims and perpetrators in child abuse videos.

However, facial recognition at the other end of these scales – one-to-many or all-to-all, real-time, integrated – amounts to face surveillance, which has less obvious benefits. Several police forces in the UK have trialled real-time one-to-many facial recognition to seek persons of interest, with mixed results. The benefits of integrated real-time all-to-all face surveillance in China are yet to be seen.

And while the benefits of face surveillance are dubious, it risks fundamentally changing the kind of society we live in.

Face surveillance often goes wrong, but it’s bad even when it works

Most facial recognition algorithms are accurate with head-on, well-lit portraits, but underperform with “faces in the wild”. They are also worse at identifying black faces, and especially the faces of black women.

The errors tend to be false positives – making incorrect matches, rather than missing correct ones. If face surveillance were used to dole out cash prizes, this would be fine. But a match is almost always used to target interventions (such as arrests) that harm those identified.

More false positives for minority populations means they bear the costs of face surveillance, while any benefits are likely to accrue to majority populations. So using these systems will amplify the structural injustices of the societies that produce them.

Even when it works, face surveillance is still harmful. Knowing where people are and what they are doing enables you to predict and control their behaviour.

You might believe the Australian government wouldn’t use this power against us, but the very fact they have it makes us less free. Freedom isn’t only about making it unlikely others will interfere with you. It’s about making it impossible for them to do so.

Face surveillance is intrinsically wrong

Face surveillance relies on the idea that others are entitled to extract biometric data from you without your consent when you are in public.

This is false. We have a right to control our own biometric data. This is what is called an underived right, like the right to control your own body.

Of course, rights have limits. You can lose the protection of a right – someone who robs a servo may lose their right to anonymity – or the right may be overridden, if necessary, for a good enough cause.

But the great majority of us have committed no crime that would make us lose the right to control our biometric data. And the possible benefits of using face surveillance on any particular occasion must be discounted by their probability of occurring. Certain rights violations are unlikely to be overridden by hypothetical benefits.

Many prominent algorithms used for face surveillance were also developed in morally compromised ways. They used datasets containing images used without permission of the rightful owners, as well as harmful images and deeply objectionable labels.

Arguments for face surveillance don’t hold up

There will of course be counterarguments, but none of them hold up.

You’ve already given up your privacy to Apple or Google – why begrudge police the same kind of information? Just because we have sleepwalked into a surveillance society doesn’t mean we should refuse to wake up.

Human surveillance is more biased and error-prone than algorithmic surveillance. Human surveillance is indeed morally problematic. Vast networks of CCTV cameras already compromise our civil liberties. Weaponizing them with software that enables people to be tracked across multiple sites only makes them worse.

We can always keep a human in the loop. False positive rates can be reduced by human oversight, but human oversight of automated systems is itself flawed and biased, and this doesn’t address the other objections against face surveillance.

Technology is neither good nor bad in itself; it’s just a tool that can be used for good or bad ends. Every tool makes some things easier and some things harder. Facial recognition makes it easier to oppress vulnerable populations and violate everyone’s basic rights.

It’s time for a moratorium

Face surveillance is based on morally compromised research, violates our rights, is harmful, and exacerbates structural injustice, both when it works and when it fails. Its adoption harms individuals, and makes our society as a whole more unjust, and less free.

A moratorium on its use in Australia is the least we should demand.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The primary reason has again been busyness on policy issues, but to some extent the COVID-19 epidemic has also played a role.
The lockdown hasn’t greatly affected the workings of an organisation that has operated mostly virtually for decades already. However, it’s had a substantial impact on many of our most active volunteers.
The drastic economic slowdown is disproportionately affecting the self-employed. Meanwhile, the government’s structuring of its support programs to actively exclude the tertiary education sector has harmed the interests even of employed academics. And it’s doing far more damage to the large proportion of university teaching staff who have been ‘casualised’ as a result of the invasion of chancelries by profit-oriented CEOs and their inevitable focus on large marketing overheads.

The COVID-19 epidemic has been used as an excuse by elements within the public service to further their desires for social control. Rather than being abashed by the court’s demolition of the Robo-Debt program, they have turned their attention to establishing the misleadingly-named ‘COVIDsafe’ contact ‘tracing’ tool that was quite evidently designed to fail, both technically and operationally, opening up the possibility of mass ‘tracking’ surveillance.

Considerable efforts continue to be invested in a wide range of other privacy matters.

The desire among economists to impose a right for corporations to access consumers’ data, dressed up as a ‘Consumer Data Right’ (CDR), is coming to fruition, with the privacy needs largely ignored.

The ABS held a nominal consultation process in relation to Census 2021, and then ignored the submissions made to it. It may be necessary for the APF to be more forthright than it has been in the past, and declare the ABS to have not just breached public trust, but to have destroyed it, such that the public can be expected to increasingly treat the agency and the survey with disdain.

Applications of biometrics continue to be wildly inappropriate and largely uncontrolled.

The OAIC continues to protect government agencies and business, not privacy.

Among the issues where we’re still in the ring, influencing policy decisions, are:

• Google’s proposed acquisition of Fitbit – a global collection of health, location and other data
• TOLA (the Telecommunications Legislation Amendment (International Production Orders) Bill) – weakly-accountable overseas access to a wide range of Australian data in the cloud
• extensions of the CDR into such areas as electricity and gas

On the positive side:

• re RoboDebt, the submissions of APF and so many other advocacy organisations about the iniquitous behaviour of (Achtung: newspeak:) ‘Services Australia’ have been vindicated, but far too late to prevent a vast amount of harm among the least well-off. But the harm, and the waste of over a billion dollars, have given rise not to sackings, demotions and prosecutions, but rather to promotions
• aspects of the ACCC’s Report on Digital Platforms have been highly privacy-positive, and may lead to some actual benefits for privacy
• even technology suppliers are realising that the potential of facial recognition has been massively over-sold, and governments need to pull back on their schemes until and unless they are subjected to effective regulation

Here is the index of policy papers.

They are also accessible by topic-area.

We’re working on a wiki page to carry details of all current opportunities to influence policy relevant to privacy. It’s intended to be maintainable by any contributor. Here’s a pilot implementation.

The APF continues to value your support for its work for privacy, and against privacy-abusive initiatives in business and government.

Membership Renewals: With the turnover of the new financial year, Renewal Notices are due to go out shortly, except of course to Life Members and recent new Members. Here is Membership-related information