Peter A Clarke

Colorado’s governor has just signed into law legislation aimed at limiting the use of facial recognition technology by government agencies and state institutions.  This highlights that facial recognition is capable of proper regulation, that privacy issues can be regulated and there is a public good in properly regulating this form of technology. 

It has been well summarised in The National Law Review as:

Ramping up the state’s continued focus on data privacy, on June 8, 2022, Colorado Governor Jared Polis signed legislation aimed at limiting the use of facial recognition technology by government agencies and state institutions of higher education.

The new law, SB 113, requires an agency, defined as “an agency of the state government or of a local government; or a state institution of higher education,” that intends to “develop, procure, use or continue to use facial recognition service” to provide notice of intent to use those services with its “reporting authority” prior to using the technology. Read the rest of this entry »

The Choice story regarding some of our biggest retailers using facial recognition in their stores continues to attract media coverage.  As well it should.  The ABC has undertaken a broad brush review, Renewed calls for national guidelines on using facial recognition technology after CHOICE investigation, regarding the science of facial recognition and the legal regulation, or more accurately the lack thereof. The Conversation weighs in for some analysis with Bunnings, Kmart and The Good Guys say they use facial recognition for ‘loss prevention’. An expert explains what it might mean for you.

The Oz with Faceprint technology: Kmart, Bunnings and The Good Guys are scanning customers’ faces in stores reports on the (usual) call for Federal Government action to ban facial recognition.  Bunnings has decided to join the fray and attack the Choice article stating:

We are disappointed by CHOICE’s inaccurate characterisation of Bunnings’ use of facial recognition technology in selected stores. This technology is used solely to keep team and customers safe and prevent unlawful activity in our stores, which is consistent with the Privacy Act.
In recent years, we’ve seen an increase in the number of challenging interactions our team have had to handle in our stores and this technology is an important tool in helping us to prevent repeat abuse and threatening behaviour towards our team and customers.
There are strict controls around the use of the technology which can only be accessed by specially trained team. This technology is not used for marketing, consumer behaviour tracking, and images of children are never enrolled.
We let customers know if the technology is in use through signage at our store entrances and also in our privacy policy, which is available via the homepage of our website.

It is a wholly unconvincing defence of the facial technology and proper notice of the use of the facial recognition technology. It is a weak defence because:

• What is the safety issue? It is not terrorism or armed robberty? It is challenging interactions which constitutes abuse and “threatening behaviour”.  What exactly does challenging interactions mean.  These terms have been misused on occasion by organisations and government to extend to dissent or disagreement of any form.  If it is arguments at the check out why is it necessary to obtain facial recognition data of all individuals.  With these interactions why isn’t it sufficient to take a picture of the malefactor using a camera or smartphone and then use that as a resource to enforce a banning order, if that is what is anticipated. 
• What is the threshold for the use of the facial recognition?  A prior argument or what?  It is all very vague.  
•  how is the technology being used to keep team and customers people safe? If a small proportion of individuals cause a problem how does that justify the hoovering up of thousands of images.  
• how long are the images kept for?  Are they being distributed throughout all Bunnings Stores?  Are they provided to Bunnings staff for delivery purposes?  It is possible for a customer who engages in “challenging interactions” to order on line and have products delivered.
• what are strict controls regarding the use of the technology.  It is a statement that means nothing.,  What is the special training that the team receive before they can access the technology. 
• how does the Bunnings screen out children?  What is the age cut off?  How is that determined?  By an algorithm or a specially trained staff. 
• the notice to the customers is a joke.  The signage at the store entrance is in small print.  Nothing is done to bring that to the customers attention.  Similarly burying reference to it in the privacy policy is unsatisfactory, as the Information Commissioner found with 7 Eleven’s notice on web site.  How Bunnings can rely on this argument given the Commissioner’s findings last year is quite extraordinary. 

Read the rest of this entry »

Choice has published the findings of its investigations of retailers using facial recognition with Kmart, Bunnings and The Good Guys using facial recognition technology in stores.  The Australian has picked up on that story with Faceprint technology: Kmart, Bunnings and The Good Guys are scanning customers’ faces in stores.

Both stories cover a disturbing pattern of organisations deploying privacy instrusive technology without any real restrictions or regulation.  As the stories make clear the compliance with the Privacy Act 1988 as to collection of personal information is either buried in on line privacy statements or small inconspicuous written notices under the heading conditions of entry off to the side of the entrance of Kmart stores.  This is arrogance writ large.  Kmart has undergone a box ticking exercise.  And the excuses used by Bunnings, that facial recognition technology is to “..to help identify persons of interest who have previously been involved in incidents of concern in our stores,” and that it is  “..an important measure that helps us to maintain a safe and secure environment for our team and customers.”  is, if true, a wholly disproportionate response to a problem Read the rest of this entry »

Canada is likely to join the United States and Australia and other countries in legislating increased cyber security for key industries as reported in New federal bill would compel key industries to bolster cyber security — or pay a price.  This form of legislation is probably required however remains a panacea.  Adding an additional layer of obligations doesn’t change the base of the problem, that too few businesses put in nearly enough effort in basic privacy and data protection,  The new laws will require the key industries to set up processes and respond to a cyber attack.  But will it mean companies will spend what needs to be spent to protect themselves properly.,  If Australia is any guide then no.

The Canadian Broadcasting Service Read the rest of this entry »

US Chamber of Commerce has written an open letter to the Members of the Senate Committee on Commerce, Science and Transportation and the House Committee on Energy and Commerce, on potential national data privacy legislation. As far as the history of legislative action in the privacy field this is a pretty big deal.  Little wonder given the growing patchwork of state laws that now exist to fill the gap in regulation.  From a business point of view having to comply with various levels of protections across jurisdiction would be a nightmare and one that will get worse not better. 

The letter Read the rest of this entry »

Blake Lemoine, hardly a household name, has the tech world and Google aflutter with his suggestion that Google’s artificial intelligence chatbox has become sentient.  That has earned him a suspension and whatever else Google can come up with on his return.  Google has Read the rest of this entry »

The Australian reports breathlessly with Australia an ‘easy target’ for bank app trojans that Australian banks are vulnerable to malware with 13 of 34 apps being targeted by a variety of banking trojans. Given Australian financial institutions spotty records when it comes to data breaches this story hardly deserves the column inches it gets.  In April last year NAB repaid customers $687,000 for a data breach.  In August 2019 hackers breached tens of thousands of Australian banking accounts through PayID.  In May 2018 the Commonwealth Bank of Australia lost the personal financial histories of 12 million customers.  And being a bank it decided that its customers did not need to know.  The information was contained in magnetic tapes which, of course, were not encrypted. 

So the most recent Australian story is worth a run but hardly a novel turn of events. The criticisms in the article about inadequate infrastructure, ineffective consumer protection laws and a poor mindset have applied for many years.  There is no incentive to change.  The consequences of a data breach are embarrassment, sitting across the table from the Information Commissioner for a few hours and compensation for those account holders who lost money through fraud.  That is small change Read the rest of this entry »

The private lives of celebrities have always been the subject of fascination, and a source of coin for certain parts of the media.  Magazines such as New Idea, Women’s Day, Women’s Weekly spent big on photos of couples doing what couples do..up to a point.  That earned them good readership and lots of advertising revenue.  That the magazine trade has hit the cyber wall does not mean the appetite to know about the private lives of celebrities has dimmed.  Far from it.  If anything the demand is more voracious. 

The Nine newspapers more into covering the the rich, not so rich, the famous and the just pleasant to look at to keep readership up on line.  Click bait trumps everything. Hence the Culture/Celebrity/Private Sydney column.   

Which brings us to the Rebel Wilson, privacy and the Sydney Morning Herald’s tenuous connection to journalistic ethics. 

The Sydney Morning Herald thought it was onto something when it heard from friends and associates that Rebel WIlson was in a new relationship and then spied a social media post that the relationship was with another woman.  Or at least that it is what Andrew Hornery, of the SMH, says.  Given Rebel WIlson had supposedly identified as hetrosexual that makes for a story.  So Sydney Morning Herald emails Rebel with questions and she, no doubt with the advice of her PR team, take control of the story and announce, if that is the right word for it, the relationship. 

The Wilson camp think she was going to be “outed” while the SMH felt it had a right to ask a question.  It copped a social media firestorm and has done a mea culpa of sorts with I made mistakes over Rebel Wilson, and will learn from them.  It is yet another example of the outsize influence of campaigners on social media to affect many aspects of our lives and the mainstream media.  Some of it is for the good.  Often times it is frightening and a threat to a robust but respectful exchange of views.  Here the outcome is probably good but some of the social media commentary is over the top.

At its core this is all about privacy.  The right of Rebel Wilson to decide to show to world what relationship she is in or not to show to the world what relationship she is in.  Her relationship status has no bearing upon how the economy operates or national security.  The simpering apology by the SMH talks about Read the rest of this entry »

The Rand Corporation has produced an excellent paper America’s 5G Era Balancing Big Data and Privacy which highlights the threat to privacy with the introduction of 5G.

The brief summary provides:

Key Findings

Recommendation

It is a very thoughtful and quite complex report.  Some of the more detailed comments Read the rest of this entry »

The use of closed circuit television has been a matter of concern in for privacy commissioners in Europe and the UK for some time.  Now the Privacy Commissioner in New Zealand has provided guidance on the use of the CCTV, responding to the concerns about the use of surveillance cameras.  Unfortunately in Australia at the Federal level the Information Commissioner has showed scant interest with one short page saying pretty much nothing about the issues.  That is a pity.   The potential of privacy intrusion through the misuse of cctv technology is significant. 

The media release provides:

From our experience, putting up a CCTV or surveillance camera can get a strong reaction from the public.

Our Privacy Concerns and Sharing Data 2020 survey found 41 percent of people over 18 years old were concerned about the use of surveillance cameras.

Because CCTV captures images of people, which can be used, stored, manipulated, and disseminated, those who operate the systems need to be aware of how to manage privacy issues.

Good management of personal information is essential to the effective running of CCTV systems. Businesses can only take advantage of the full benefits available from CCTV technology if they manage their system with privacy in mind.

All organisations considering using CCTV need to be mindful of their obligations under the Privacy Act 2020. Organisations must only collect personal information if it is for a lawful purpose connected with their functions or activities, and the information is necessary for that purpose. 

We always recommend that agencies minimise the amount of personal information they collect. Any information that is collected should also be securely disposed of once it’s no longer needed for the organisation’s purpose.

The guidelines provides, with Read the rest of this entry »