Contributed by Daltrey.
We wanted to alert you to an emerging trend where people’s images are unknowingly landing in biometric engines. There is an emerging trend where people’s images are unknowingly landing in biometric engines, which are vastly more complex and powerful than just photo libraries.
Australian biometric security firm, Daltrey warns that people’s images connected to the popular City2Surf event is an example, with Sportograf the German owned facial recognition technology behind it.
Blair Crawford, CEO and co-founder of Daltrey, explains that when Australians register and attend the event and their photos are taken, they are uploaded into Sportograf’s biometric registration system. “Each of the faces in the photos is subjected to a facial recognition system that maps their faces. This is the start of the issue, as people may not be aware that their images are being placed into such a system that is accessible by so many other people with so little protection. In addition, spectators’ images may unknowingly be captured in the background, uploaded and searchable, without the opportunity for them to consent,” he explains.
People can then find their face, or a someone that strongly resembles them, using a selfie or an image of someone they have. Once they have found a match for the picture of the person they are looking for, the selfie is erased (as per Sportograf’s privacy policy) but the images in the biometric registration system are retained.
“It’s possible for a stalker to track someone, for instance a participant or a minor who is captured in the background as a spectator, by accessing the images as they are not secured behind any sort of authentication. The images could be used to create a deep fake of the person, to confirm they were in the location of the event, and furthermore they are accessible anywhere in the world,” stresses Blair.
He highlights that in the case of spectators they have neither registered nor signed up to City2Surf’s terms and conditions. “Participants, who have registered and agreed to the terms and conditions, are unlikely to have read the details and fully understand the extent to which they have consented. This raises the key question of how biometric technology is outpacing the community’s understanding of its application, as we have seen recently with the Bunnings example,” he says.
Blair argues that the responsible use of biometric technology is an imperative. “Vendors of technology that can impact the security and privacy of people need to think through all potential consequences. Biometric programs must be built on a foundation of consent, where people must opt in based on a clear understanding of the scope and the value to the person opting in.
“In terms of a national framework, there are a lot of standards that already exist to guide the use and applications of biometric technology such as ISO/IEC 24745:2022, which defines the principles of confidentiality, integrity, and privacy protection of biometric information to make the use of biometrics safer. The focus should be on the adoption of these standards to safeguard the integrity of the users’ security and privacy,” he says.
