BixeLab founder explains digital ID bill nuances, basic facts to Australian Senators

Data centralization, the vulnerability of biometric data and the line between privacy and risk reduction: all of these were raised as topics of concern to Dr. Ted Dunstone of BixeLab testing laboratory, when appearing as a witness to the Senate regarding Australia’s Digital ID Bill. The discussion, which also involved representatives from Experian and Cyber CX, offers a fascinating window into what experts in the field of biometrics and digital ID consider to be priorities, and the astonishing scope of knowledge displayed by politicians debating the issue.

“We stand at the brink of a number of very profound changes globally, in identity and in the way that people prove their identity,” says Dr. Dunstone in his introductory remarks. Dunstone emphasizes the critical role of independent testing in digital identity products against international standards. “The challenge before us is clear: we need to move away from the fragmented identity systems of the past. We need to move towards something which is interoperable, unified, well tested and with the right guard rails around it.” Dunstone says it is “essential to the integrity, security and ultimately, the public’s trust in any of these schemes.”

“Mandatory rigorous testing aligned with both national and international benchmarks is not just a measure of diligence,” he says. “It’s a cornerstone of trust.”

Data breaches, identity verification, algorithmic bias and fraud prevention are among the topics the Senators and other witnesses raise for discussion. The answers vary. (Dunstone’s answer is usually “testing.”) But early on, it is clear some fundamental clarification is in order.

Firstly, says Dr. Dunstone, biometrics are already much more common than many people think. “Most people these days will actually have it on their phones as part of their process of unlocking a phone,” says Dunstone. “But it’s used in all sorts of places to help bind identity.” Its widespread use is part of what’s behind Dunstone’s advocacy for testing against international standards. “There are always issues with security with people using various ways that they could trick the technology,” he says. “Also, there can be issues with marginalized groups. So it is important to continue to test. But the technology is now at a stage where it really is very good and can be trusted for that type of purpose.”

Dunstone expresses support for restrictions in the digital ID bill around the potential misuse of biometric data, and applauds the role assigned to a regulator in making sure that the right international standards have been tested for the various products that use biometrics. His sentiments are generally shared by his colleagues from Equifax and Cyber CX, who approve of the bill in broad terms, even if they have select reservations around data retention and the program’s rollout to firms in the private sector, accreditation of which will not begin for two years.

Ceci n’est pas les biometrics

A particularly uncomfortable moment comes near the end of the hearing, when Senator Matthew Canavan expresses his concerns that biometric data cannot be changed in the case of a breach, and asks, “What’s wrong with the current system?”

Dunstone’s answer is practical: “At the moment, if you’re not a federal government agency, the main way people can verify is by taking a photograph of a document and matching the photo off the document with a person, and that’s obviously incredibly insecure because there are lots of ways that you can potentially create fraudulent documents.”

Canavan replies that he’s “much less concerned with a photo of me being hacked than with biometric information.”

“But,” says Dunstone, “that photo is biometric information.”

“But I’m more talking about facial recognition and that stuff, that’s where this is going,” says Canavan.

“Yes,” says Dunstone. “Absolutely.” He then proceeds to explain a basic selfie biometrics system for identity verification.

That a sitting Senator does not appear to understand the basic terms he is discussing (Canavan apparently believes that “facial recognition” means a 3D facial scan) is richly illustrative of the wider problems with language and communication facing the biometrics and digital identity industry. Trust is key, and the terminology of biometrics and digital identity still makes many people wary. If Australia’s debate is any indication, as laws and attitudes evolve, it would behoove the lexicon of biometrics to be open to change, as well.

Article Topics

Australia  |  biometric testing  |  biometrics  |  BixeLab  |  digital ID  |  selfie biometrics