To understand whether or not a national biometric identification system should be implemented in Australia, we need to first look at context. I will first set the Australian and Indian context for biometric technology and compare the two.
The benefits and consequences of adopting a centralised biometric database will be then discussed. My conclusion is that, considering Australia’s context, we do not have a need to adopt and therefore the consequences outweigh the benefits.
What is biometric identification?
Firstly, let’s talk about what biometric identification even means. The definition of biometrics is “any automatically measurable, robust and distinctive physical characteristic or personal trait that can be used to identify an individual or verify the claimed identity of an individual” (Woodward, Orlans, & Higgins, 2003). So technically, biometric identification has been used as early as 500 B.C, where fingerprints were used as identification for Babylonian business transactions (Di Nardo, 2008). Some of the most well-known biometric technologies are fingerprinting, voice verification, facial recognition and iris scanning.
Australia’s current biometric applications
Australia’s current uses of biometric technologies are personal and local. For example, using fingerprints or facial recognition to unlock a phone or a single bank creating their own customer biometric database are non-networked, localised uses of biometrics (Dixon, 2017).
Biometric technology usage in Australia is mainly centred around security. The immigration and travel sector hold the largest share of biometric usage. Biometric technology has created a more convenient and secure option for the travel process. For example, the SmartGates at our airports use facial recognition and fast tracks the usual customs and immigration checks (ACBPS, 2015).
The Department of Immigration and Border Protection has plans to automate approximately 90% of air traveller processing with a contactless system by 2020 through biometrics. They also collect biometric information from offshore visa and onshore protection immigration detainees, visa applicants and other airline passenger categories (Emami, Brown, Smith, 2016)
There has also been a rise in economic crime and cyber hackers in the financial service industry. Biometric identification has enabled organisations to move to a more secure authentication method. Citigroup has used biometric authentication services through verifying their customer’s voice in the first 15 seconds. Mobile phones have also increased their device security through scanning fingerprints and using facial recognition to log on to devices.
There have been moves towards a national biometric database, with the government’s BIS (Biometric Identification Services) project. The project was aimed to replace the current national automated fingerprint identification system (NAFIS) and provide a more efficient and accurate identification system. However, the BIS project was scrapped after the budget was blown.
In terms of policies for our biometric data, it is currently regulated under the Privacy Act to the extent that the data is considered ‘personal information’. For Australians, privacy is also not an absolute right. Privacy is balanced against other competing interests (Pilgrim, 2010).
Indian’s Aadhaar Program
India released the national biometric identification program, Aadhaar, in 2008. Aadhaar is an example of a nationwide, networked biometric identification system, in contrast to Australia’s siloed use of biometrics (Dixon, 2017). The program’s purpose is to achieve a more efficient public and private service delivery and social inclusion (Banerjee, 2015). In a nation where around 60% of the population hasn’t had their birth registered (UNICEF, 2013), Aadhaar could improve social protection as it provides legal identification documents. It also addresses the issue of the “identity gap”. This program can improve security and accuracy, facilitate faster data collection and processing and create auditable transaction records. These all have the potential to improve service delivery, prevent fraud and aid in development planning (Gelb, Clark, 2013).
Issues with Aadhaar
Aadhaar has three main issues: failure to enrol, privacy and failure to match. Failure to enrol for a biometric ID occurs when individuals have biometrics that are difficult to capture, such as worn fingerprints or cataracts (Gelb, Clark, 2013). The individuals who may experience difficulty, like infants, manual laborers and elderly, are often already marginalised in society, hence further excluding them.
In terms of privacy, there are already examples of security leakages of biometric data. Early in 2017, articles were published that described the ease of locating Excel files containing Aadhaar numbers and demographic data through a simple Google search. The government has also shown a lack of attention in enacting privacy policies, especially in regards to privacy practices and data protection.
The failure to match, when individuals cannot be matched with their biometric identifier, is also an issue. The Indian government (2017) has stated that The State of Jharkhand experiences a 49% failure to match rate. Without matching, they are unable to access their benefits. This is particularly concerning as there has been a major mission creep with Aadhaar. It has grown from just bank accounts, medical records and pension payments to school enrolments, buying rail tickets and public sector jobs. Once ‘voluntary’, Aadhaar enrolment has become ‘mandatory’, magnifying the issues highlighted above (Dixon, 2017).
However, there was a recent court hearing in September 2018 due complaints that the scheme infringed on privacy. While Aadhaar was upheld, a few changes were made in how it could be used.
Australia Vs India
It’s interesting to see the difference in application between rich and low to middle-income countries. Richer countries, like Australia, mainly use biometrics for security and forensics and few have incorporated them into a national biometric identity system or for public service delivery. In contrast, poorer countries, like India, apply the technology for more non-security purposes, such as civil registries, voter rolls or pension payments (Gelb, Clark, 2013). A possible reason for this difference in usage is the identity gap between rich and poor countries.
Should Australia Adopt an Aadhaar-like Program?
As we have seen from the BIS project, Australia has been making moves towards a system like India. There are both benefits and risks to adopting a centralised biometric system.
Moving from siloed uses of the technology to a network could mean an enhanced impact of our current applications, for example security and convenience.
As discussed earlier, some services such as banks and immigration already employ biometric identification. However, if all these institutions shared a national database, security around identity and personal information would reach a higher level. With identity fraud, theft and fake IDs a growing problem, a national biometric ID is beneficial due to the difficulty to forge biometric information (Smith, 2008).
Also, public safety could be further improved with a national biometric database. For example, if the government’s BIS project was not scrapped, Australian law enforcement and border security agencies would have a faster and more accurate method of identification. If DNA was included in the database, suspects are 5 times more likely to be identified compared to fingerprints (Smith, Mann, 2015).
Convenience is another benefit since all your data is accessible by multiple institutions. Just imagine, you get into a car accident and you are being rushed into a hospital. Rather than being questioned by paramedics for information, a swipe of your identity card would retrieve your medical history and even your financial payment information. This system would save confusion, time and possibly even lives through the ability to address problems more efficiently (Smith, 2008).
In order to prevent issues regarding privacy rules or data protection, Australia could take a ‘policy before technology’ approach. For example, Estonia already had robust policies in place due to being a member of the European Union. This resulted in a much fairer system compared to India, who put technology before policy (Dixon, 2017).
However, in creating a centralised biometric database, security and privacy risks become more prevalent. Security risks and data breaches, whether they are due to hackers or accidental leaks, are persistent threats (Dixon, 2017).
There is also concern about a “big-brother society” as it would enable extensive surveillance on individuals. With facial recognition technologies, individuals could be monitored without their consent or knowledge (OECD). There is the perception that it will increase government power and reduce individual freedom and rights (Smith, 2008). An possible outcome could be China’s “social credit” system where biometrics are used to monitor and reward/punish citizens through points.
Sesame Credit: China’s Creepy New Social Engineering Experiment. By corbettreport, Youtube, CC BY
Also, there are inherent risks in the convenience acquired by a networked database. If all transactions required biometric authentication, those with access to the data have a detailed portrait of the individual and may be linked without the consent of the individual (O’Connor, 1998).
Australia could also experience similar issues as India with failures to enrol, matching inaccuracies, inadequate security and policies surrounding data and function creeping.
If a national biometric identification system was not adopted in Australia, some implications on Internet users would mainly surround identity fraud and theft.
As more transactions are occurring online, cybercrime is on the rise. In a report published by Veda (2016), identity takeover fraud grew 80% between 2015 to 2016 and is the fastest growing type of fraud. With 57% of credit application fraud now occurring online, Internet users are experiencing higher levels of identity fraud than before. A national database could help mitigate these risks as all the organisations would be able to confirm your biometric identity.
In the end…
I do not recommend Australia to adopt a program like Aadhaar since the consequences outweigh the benefits. While it may bring heightened security and convenience, it is not worth all the associated risks of implementation. Continuing with localised biometric identification usage means Australia can still tackle security concerns, such as identity theft. I acknowledge that there are inherent privacy risks with biometric identification as a whole, but localised and optional usage is still lower risk than a centralised database.
Even considering a ‘policy before technology’ approach is not realistic as technology evolves too fast for policies stay relevant.
Compared to India, where they have an imminent need to address the identity gap and improve social protection, our current context does not prove a need to implement a networked biometric database.
What would you recommend?
Woodward, J. D., Orlans, N. M., & Higgins, P. T. (2003). Biometrics: Identity Assurance in the Information Age: McGraw-Hill Osborne Media
Di Nardo, J. V. (2008). Biometric technologies: Functionality, emerging trends, and vulnerabilities. Journal of Applied Security Research, 4(1-2), 194-216.
Dixon, P. (2017). A Failure to “Do No Harm”–India’s Aadhaar biometric ID program and its inability to protect privacy in relation to measures in Europe and the US. Health and technology, 7(4), 539-567.
Australian Customs and Border Protection Service (ACBPS) 2015. Annual Report 2014–2015. Canberra: ACBPS. https://www.homeaffairs.gov.au/ReportsandPublications/Documents/annual-reports/ACBPS-Annual-report-2014-15.pdf
Emami, C., Brown, R., & Smith, R. G. (2016). Use and acceptance of biometric technologies among victims of identity crime and misuse in Australia. Trends & Issues in Crime and Criminal Justice. Australian Institute of Criminology, retrieved from https://aic.gov.au/publications/tandi/tandi511
Pilgrim, T. (2010). Privacy in Australia: Challenges and Opportunities. Office of the Australian Information Commissioner. Retrieved from https://www.oaic.gov.au/privacy-law/privacy-archive/privacy-speeches-archive/privacy-in-australia-challenges-and-opportunities
Banerjee, S. (2016). Aadhaar: Digital Inclusion and Public Services in India. World Development Report. Retrieved from http://pubdocs.worldbank.org/en/655801461250682317/WDR16-BP-Aadhaar-Paper-Banerjee.pdf
UNICEF. (2013). Every Child’s Birth Right: Inequities and trends in birth registration. New York: UNICEF.
Gelb, A., & Clark, J. (2013). Identification for development: the biometrics revolution. Center for Global Development.
Government of India (2017). Economic Survey 2016-2017, Department of Economic Affairs, retrieved from https://www.indiabudget.gov.in/es2016-17/echapter.pdf
Biometric Technology Today (2012) Indian biometrics market to grow 42.4% by 2014. (2012). Biometric Technology Today, 2012(2), 12-12. doi:10.1016/S0969-4765(12)70056-5
Smith, A. D. (2008), The benefits and risks of national identification programmes, Emerald Group Publishing. Retrieved from http://www.emeraldgrouppublishing.com/learning/management_thinking/articles/pdf/national_id.pdf
Smith, M, Mann, M (2015). “Recent developments in DNA evidence.” Trends and Issues in Crime and Criminal Justice. Australian Institute of Criminology. Retrieved from https://aic.gov.au/publications/tandi/tandi506
Organisation for Economic Co-operation and Development (OECD) (2004), Biometric-Based Technologies, 12–13. Retrieved from http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=DSTI/ICCP/REG(2003)2/FINAL&docLanguage=En
O’Connor, S. (1998) “Collected, Tagged, and Archived: Legal Issues in the Burgeoning Use of Biometrics for Personal Identification”, Stanford Technology Law Review, STLR Working Paper. Retrieved from http://stlr.stanford.edu/stlr/Working_Papers/98_O_Connor_1/index.htm
Veda (2016), Cybercrime and Fraud Report, Equifax. Retrieved from https://www.equifax.com.au/sites/default/files/ved562_cybercrime-fraud-report_fa_hr.pdf