Australian ministry admits biometric data emails
30 April 2018 16:45 GMT

Australia's Department of Foreign Affairs and Trade has called for an automated system after it revealed that biometric information is currently disclosed with other agencies via email.

It made the admission as part of an endorsement of the national facial recognition scheme, which it sees as a way to improve its data sharing practices.

Proposed laws to enable that scheme are currently being reviewed by a parliamentary committee.

In a submission to that committee, the department said the bills - which formalise an agreement signed between federal, state and territory leaders last October to establish a capability for law enforcement agencies to share and access identity information in real time - would improve how biometrics information requests are performed.

It said the current approach was largely “analagous” to the facial verification service (FVS) and face identification service (FIS), except it was ad hoc, manual and relied on “a person in another agency … send[ing] an email to an inbox in the department”.

The process involves a requestor sending a completed request form stating “the reason for the request” and a facial image from “an official Australian Commonwealth or state or territory government email address”.

The department said the requestor needed to “assert that they have responsibility within that agency for the matter of the request”, and that it would query requests that “seem out of place”.

After the application for biometric information is received, a “desk level [DFAT] staff member” retrieves the information from departmental systems, before sending it back to the requestor by email.