'Foreign fighter' laws leave door open on biometric data collection

Biometric data retained by automated passenger processing systems could be expanded through regulation if new laws introduced

The government's second tranche of national security legislation, the Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill 2014, includes measures that potentially allow a significant increase in the types of biometric data collected at Australian airports.

Provisions in the bill also extend to Australian travellers data collection practices that have previously been confined to non-citizens.

In addition to measures that in some circumstances could criminalise travel to conflict zones, the bill amends the Migration Act 1958 to allow the collection and retention of personal identifiers of "citizens and non-citizens who enter or depart Australia or who travel on an overseas vessel from one port to another within Australia" using "authorised systems" — the existing SmartGate systems at Australia's major international airports and the next-generation eGates, which will be rolled out from the middle of next year.

"Currently, for both arrivals and departures, the Migration Act only allows an 'authorised officer' (not an authorised system‘) to obtain personal identifiers from non-citizens by way of an identification test under section 166, 170 and 175 of the Migration Act. DIBP relies on the Privacy Act 1988 to obtain personal identifiers from citizens and non-citizens using an 'authorised system'," states the Foreign Fighters Bill's explanatory memorandum.

Although in the immediate term the biometric data collected will be limited to a photo of a person's head and shoulders, the legislation will allow further types of biometric data to be collected through changes to migration regulations, rather than requiring new legislation.

"Should the need arise, and technology improve, other personal identifiers such as a person's fingerprints or iris scan may be prescribed in the Migration Regulations," the memorandum explains.

A submission by Australian Lawyers for Human Rights to the inquiry examining the legislation said the expansion of the provisions for the collection of biometric data "not just from overseas visitors but from Australian citizens is particularly concerning given the lack of information as to related privacy protection (eg when relevant information will be deleted) and potential for sharing of such information".

The image captured by the gates will be stored in a secure immigration department database, Stephen Allen, the department's first assistant secretary, border, refugee and onshore services division, told a 3 October hearing of the inquiry.

"This is an extension of what is already happening for inwards processing, where we are gradually phasing out the manual face-to-passport check and replacing it with the automated or biometric check," Allen said.

"That is being done on the basis that it is both more efficient in terms of processing time and also more effective, in that the biometric check is very much more accurate than a manual face-to-passport check by an officer."

"The intention at the moment, and the way that the legislation is constructed, is that in the first instance we are requiring the facial biometric to be collected and stored, because that is the way that the current eGates operate," the immigration department official said.

"It is not proposed at this point in time that the eGates would operate on any other biometric, either the fingerprint or, for example, the iris. But the legislation is written so that, if in future those biometric methods are used for automated processing, we would also be able to seek policy approval for and introduce a regulation for the collection of those."

The data collected would be shared only for "purposes of national security or serious similar concerns," Allen said.

"The extension permits disclosure of information," the Australian Privacy Foundation said in its submission to the inquiry.

"Data collection, storage and disclosure will be ‘in accord’ with the APPs [Australian Privacy Principles], although safeguards under s 258B of the Migration Act will not apply (ie if you want to know what’s taking place you’ll need to read a sign at the gate or the DIBP website, and in practice won’t have a choice)."

A number of submissions to the inquiry took issue with the short time allocated to public scrutiny of the 164-page legislation.

The government's first tranche of national security legislation, which dramatically expanded ASIO's powers including the agency's ability to hack to computer systems, was passed at the start of the month.

Read more: PM appoints new intelligence watchdog

Join the Computerworld newsletter!

Error: Please check your email address.

Tags data rententionbiometricsprivacy

More about ASIOBillPrivacy Foundation

Show Comments