· 4 min read

Concerns Over Identity Privacy and Security Persist

Francis Tuffy
Francis Tuffy · Editor
Concerns Over Identity Privacy and Security Persist

The debate over how personally identifiable information (PII) is collected, used and stored digitally was brought into sharp focus during the worldwide response to COVID-19, with the widespread adoption of contact tracking and tracing. Now that the overriding objective of beating the virus has receded (for ever, I hope), we are still left with questions of privacy and security, as these examples from around the world illustrate.

Privacy

Israel's house of representatives has approved legislation that allows full access to the national biometric database by the Israel Defence Force, the police, the Shin Bet (security agency), and the Mossad (Institute for Intelligence and Special Operations). In a legal memorandum prepared by the government, the house also seeks to grant access to private security cameras.

An article in CTECH 1, argues that Israel’s police and security agencies will now be able to create a derivative of the national biometric database without adequate supervision and protection mechanisms. And in some cases they will be able to penetrate private security cameras without the need for court approval and without a mechanism to prevent the misuse of information.

The article picks up a familiar theme of ID rights advocates, that governments use periods of crisis (in this case, the war with Hamas) to approve laws and emergency regulations that threaten the privacy and protection of information, without anticipating a reversal of these laws after the crisis has passed.

Mass surveillance

The UK’s policing minister, Chris Philp, has written to police chiefs suggesting a target of greater than 200,000 searches of still images against the Police National Database by May 2024. Police are being encouraged to double their use of retrospective facial recognition (RFR) software to track down offenders over the next six months.

RFR allows authorities to use facial recognition after an event to establish who a person is or whether their image matches other media held on a database. Mr Philp is also encouraging police to operate live facial recognition cameras more widely.

The ID and secure document industry claims, with justification, that facial recognition is a specific set of tests that result in identifying or verifying individuals based on their facial features, and surveillance is a broader concept encompassing the systematic monitoring of individuals, places, or activities for various purposes.

However, that difference is lost in public debate and attitudes persist that, whatever the intended outcome, facial recognition is part of a wider programme of suspicionless mass surveillance.

And this concern will only increase with the use of AI in facial recognition technology for mass surveillance, which will increase the speed of data processing and the automated identification and tracking of individuals in public spaces and airports.

Although there is no specific period of crisis mentioned in Chris Philip’s instructions to police chiefs, he does use a lower level of justification, saying that the advances would allow police to ‘stay one step ahead of criminals’ and make Britain’s streets safer.

Security

Stories of ID data breaches have become a familiar sight on the pages of ID & Secure Document News™, but the recent reports of a data leak on India’s unique identifier platform, Aadhaar, looks like it will outstrip last year’s Optus data breach of Australian passport numbers (see IDN October 2022).

A report 2 by US-based cybersecurity firm Resecurity has claimed that PII of about 815 million Indians has been leaked on the dark web and that data including names, phone numbers, addresses, Aadhaar numbers and passport information has been posted for sale online.

Following the public disclosure by Resecurity, the threat actor removed the post, but a cached version of the content still remains accessible.

With roughly 1.4 billion Aadhaars issued by the UIDAI (Unique Identification Authority of India) since the service launched in 2009, it had been hailed as ‘the most sophisticated that I’ve seen,’ by World Bank chief economist Paul Romer 3.

And here lies the fuel that feeds the flames of public concern over identity privacy and security. Each time there is a removal of ID privacy safeguards in legislation, or an expansion of facial surveillance, or a large-scale ID data breach, the response from relevant authorities is that these are isolated incidents born from particular circumstances.

But you can only get away with that for so long, before people feel there is a pattern emerging.


1 - www.calcalistech.com/ctechnews/article/zchgf3ya3

2 - www.resecurity.com/blog/article/pii-belonging-to-indian-citizens-including-their-aadhaar-ids-offered-for-sale-on-the-dark-web?s=08

3 -www.livemint.com/Politics/Y0WwNHySlbDKDFMMvw57nM/Aadhaar-wins-World-Bank-praise- amid-big-brother-fears.html

Subscriber content

Read the full article

Full access to ID & Secure Document News articles, newsletters and archives.

Sign Up to ID & Secure Document News Weekly

Receive regular updates on the latest news and articles posted on our website.

Verity

Verity

AI search assistant

Ask me anything from the ID & Secure Document News archives.

free questions remaining