Incoming changes to Australia’s Privacy Act are likely to leave tech giants Google, Apple and Facebook scrambling to update their privacy polices and practices, according to identity management and privacy expert Stephen Wilson.
Speaking at last week’s AusCERT information security conference, Wilson said an amendment to the law that will see biometric information classified as “sensitive” would have a major impact on organisations like Facebook that use facial recognition technology for identification of individuals.
“Under the covers they are running biometric facial recognition algorithms. In fact, the more angles and the more pictures they can get from different aspects the better.
“They are then synthesising a biometric template and that in itself is wrong without being transparent about it,” Wilson said.
Already deemed unlawful in Europe, the practice of identifying people with facial recognition and then making suggestions is likely to be challenged under Australia’s new privacy law, Wilson said.
“Sensitive information technically in Australia means information about health, sexuality, religion, political affiliation, and the law in Australia forbids the collection of that information without prior consent.”
Wilson said organisations would not be allowed to collect sensitive information and then give notice that they did so.
“Obviously the implications for facial recognition here are really tough. How do you give a stranger in the photo the ability to say yes or no before they’re tagged? I don’t think you can and so technically the legal barrier is almost impassable for the likes of Facebook and other facial recognition practitioners.”
Wilson said Apple’s Siri was also skirting existing legislation in many markets around the world.
“Every time you type a text message into your phone the telecommunications legislation forbids the telcos from knowing the content of your messages, but Siri is like an end run around telecommunications Acts worldwide. It means that Apple has got copies of the texts and the messages you dictate to that magical woman in the cloud.”
Apple has previously admitted it stores the data, which essentially amounts to a biometric voice print, but says it is only used for Siri’s operation and to help Siri improve its understanding of recognition.
However that didn’t stop IBM from blocking Siri for BYOD staffers with iPhones.
Wilson said Google Glass was another example of a technology where people were missing the point on privacy.
“The agenda is kind of pathetic. The privacy agenda is about sexting and about peeping toms.
“It’s not the problem – we’ve always had sexting and peeping toms. The problem here is that the service providers running image processing and object recognition and content addressable image databases will not be able to help but avail themselves of phenomenal personal information that’s being collected 24/7 by these sorts of augmented reality devices.”
Wilson said many technologists were not thinking clearly about issues like facial recognition or voice prints because they had been led to believe privacy was not a technology issue.
“But I think the people that are doing it know exactly what they’re doing and the rest of us think it’s a bit creepy,” Wilson said.
“It serves the interests of Mark Zuckerberg and others to think that it’s a bit creepy, because if that’s the worst thing you can say about facial recognition, it actually disenfranchises the people that are complaining, it makes them all seem a bit drippy and a bit luddite-ish.”
Wilson said he had had many arguments with engineers who believed if information was in the public domain then it wasn’t private.
“That is just such an error, it’s a category error. If the information is personally identifiable then you need to be careful about what you do with it.”