Australia's biggest banks and the NSW Roads and Traffic Authority joined the NSW Council of Civil Liberties to slam the biometrics industry for sidelining privacy concerns in a regulatory environment that can only be described as "weak and unethical."
NSW Council of Civil Liberties president, Cameron Murphy, slammed providers, the government and users of the technology for failing to adopt even minimal standards when implementing biometrics.
In a fierce attack at the Biometric Institute of Australia annual conference in Sydney last week, Murphy said an industry-backed privacy code introduced in September 2006 has been virtually ignored.
Outlining dismal adoption rates, he pointed out that four out of 69 users have signed the Biometrics Institute Privacy Code even though it is an industry-negotiated standard designed to give users more confidence in the intrusive technology.
"This is appalling and an absolute disgrace; legislation is playing catch-up with biometric technology and the vendors are flying ahead [with biometric development] without any concern for privacy implications," Murphy said.
"It reflects badly on how important privacy is to the industry and will result in a lack of public confidence when it is time for them to give-up their information when adopting biometrics."
Formed in 1963 as a self-funded body for the protection of civil rights, the NSW Council of Civil Liberties and has around 2000 members including 200 barristers and 400 solicitors.
It lobbies government on privacy infringements, provides legal representation to victims of privacy violations, and participates in public interest debates.
Murphy said the council has received a twenty-one-fold increase in privacy complaints since 1991, with an eleven-fold rise in complaints centred on biometrics.
"Despite Europe's hard-line privacy regulations, Australian privacy laws are weak [and] the privacy office is under-resourced because it takes three to five years for a complaint to be fully investigated," he said adding that the council will put in a submission to government allowing people to sue for privacy breaches if business is holding information against their will.
Function-creep is one of the biggest privacy threats posed by biometrics, according to Murphy, who said government, law enforcement, and industry have regularly acquired biometric data for use outside of its intended purpose.
"Think of the wider context that biometric technology can be used outside its normal function; it is used by governments to track people, and we get cases of the police acquiring employee data such as fingerprints, for completely unrelated cases," he warned.
Privacy concerns related to biometrics are worse than the current 100-point system because "you can't get DNA back if it is stolen or acquired."
Murphy said no-one in industry can guarantee to protect biometric data despite technology advancements.
"Biometrics can reduce the quantity of ID thefts, but the risks are greater because it requires more sensitive information," he added.
Phillip Youngman, director of the Biometics Institute, and privacy officer for the Roads and Traffic Authority (RTA), also tore-into the weakness and proliferation of state and federal privacy laws, claiming too many privacy acts are built around a poor opt-out policy.