“Extreme”: Privacy Foundation slams SA fingerprint plan


news The Australian Privacy Foundation has written to the South Australian Premier and Leader of the Opposition expressing strong concern about what it said was the “extreme” project currently being pursued by the South Australian police force to deploy fingerprint scanners to front-line police officers.

Last week, the South Australian State Government issued a media release noting that it had committed to deploying a fleet of fingerprint scanners coupled with Android-based smartphones that would allow officers in the field to conduct identity checks in the field instead of taking suspects back to police stations.

The technology is billed as being able to reduce police officers’ vulnerability to inaccurate identity claims and is being deployed with the assistance of Japanese technology giant NEC.

The solution consists of a small, lightweight fingerprint capture unit, which is connected via Bluetooth to an Android smartphone. The device is installed with a custom-built NEC app that officers use to cross-reference captured fingerprints against Australia’s Crimtrac National Police Reference database — specifically the National Automated Fingerprint Identification Services (NAFIS). If a match is found, results are displayed on the device as a “hit”, containing additional information about the person such as any bail conditions, outstanding warrants, current photo, address details and any behaviour characteristics such as “possibly violent tendencies.”

SAPOL and NEC ran a trial deployment of 20 biometric scanners and smartphone pairs beginning in late 2013. Having been deemed a success, the mobile identification technology will be deployed across 150 units.

However, the APF, which is the primary national association dedicated to protecting the privacy rights of Australians, has written to SA Premier Jay Weatherill and his Opposition counterpart (see the letter to Weatherill here in PDF format) expressing its concern over the project.

“… the APF expresses the most serious concern about the proposal, and the manner in which it is being developed,” wrote APF chair Roger Clarke in the letter. “Any proposal to invade privacy of the physical person is extreme, and requires extreme justification. The necessary approach to such proposals in a democracy is for an evaluation to be performed.”

Clarke attached several documents which describe how organisations can protect privacy and carry our privacy impact assessments. “Would you please confirm that your Government will: withdraw any decision that may have been made in relation to fingerprint collection; and conduct a sufficiently public process, consistent with the above guidance,” he added.

Both NEC and the SA State Government have branded early trials of the project as a success.

“The rollout and operation at this point has been a complete success. It’s helped the South Australia Police force identify a number of suspects with outstanding warrants, bail conditions and aided investigations into missing persons,” said D’Wayne Mitchell, Director of Communications Solutions at NEC Australia, in a separate statement last week. The NAFIS database currently contains 5.6 million sets of finger and palm records for 3.3 million people.

Data security was paramount to the deployment, according to NEC. The vendor supported this objective by developing a dedicated secure gateway, which supports auditing requirements and handles requests to NAFIS through CrimTrac’s National Portable Biometric Identification application interface. In compliance with SAPOL’s data security requirements, NEC’s solution ensures that no data is stored on the device.

Legislation will need to be passed before police can compel a person to provide their fingerprints.
Changes to the Summary Offences Act and the Criminal Law (Forensic Procedures) Act 2007 will be required and are being progressed.

In a separate statement, SA Police Minister John Rau praised the rollout. “These devices allow police to quickly access a person’s criminal history and see if there are any outstanding warrants,” Rau said. “During the recent trial, police officers have reported a number of examples where they were able to make arrests on the spot thanks to the mobile scanners. We are just the second state to take advantage of this technology – behind only New South Wales. We will be introducing laws to expand the powers for police to more effectively use these scanners to fight crime.”

At this stage, Delimiter believes that fingerprints collected by the SA Police will not be permanently stored either on the devices used or on fingerprint databases — that the service will only be used for identity matching processes.

The APF is right — there are clear privacy issues here. No police force should have the right to interfere with someone physically unless there is a very strong justification. As I wrote last week:

“To be honest, I’m in two minds about this kind of deployment. On the one hand, I have to say that this precisely the kind of technology which we should expect Australian police officers to be deploying and using in 2014. Mobile fingerprint scanners have been around for years, and smartphones, with their mobile broadband connections and touchscreen interfaces make great interfaces to police databases of all kinds. This technology has the potential to make police forces much more efficient and productive, which is a great thing.

However, on the other hand, I have to say all this sounds a little Orwellian. Compelling people to hand over their fingerprints on the spot of a crime, without any due process? That sounds like a step too far; and almost goes into presumption of innocence. I think if a police officer asked me to hand over my fingerprints in the field for an ID check, I’d be asking to speak to my lawyer, pronto (well, in fact, as a journalist if a police officer asked me to do anything at any stage I would be asking to speak to my lawyer, but that’s by the by).

We need to balance out the potential usefulness of new policing technologies with the privacy implications of those new technologies. NEC and SA Police appear pretty gung ho about these new fingerprint scanners. But nowhere do I see an accompanying focus on maintaining the privacy of ordinary Australians. Being tough on crime is all well and good. But all too often, in today’s Australian society, that seems to mean also being tough on innocent people.”

Image credit: NEC


  1. First presumption of innocence only applies in a courtroom, the police can presume you guilty all they want.
    Second its not about being ‘at the scene of a crime’ its about ‘looking suspicious’, which is where it all goes off the rails.
    The decision to check someones prints is in exactly the same category as police asking to check your ID is now; its purely subjective and depends on how the officer ‘percieves’ you.
    I’m not sure what the law is about checking ID, probably some waffle about ‘reasonable suspicion’ or something (a lawyers picnic) but I dont see how checking fingerprints is any worse or categorically different than checking ID.
    So basically if you are ok with the police doing random license checks, random ID checks and basically being able to give someone the once over without evidence they are criminals then I cant see how this is any worse.
    And from the point of view of catching offenders who have skipped bail, parole or who have warrants for their arrest outstanding then this tech could keep the streets safer. Until the Orwellian police state takes over; in which case if they dont have scanners they will get them pretty quickly anyway :)

  2. Find the supplier and you find who has been taking politicians and bureaucrats out to lunch.

    Have we got an EXCELLENT PRODUCT for you!

    Pity no one thinks of citizens, rights, freedom, justice, privacy…

  3. RichyRoo +1.

    It looks to me as though the APF wants the Police of all States AND the AFP to have their teeth permanently drawn so as to render them incapable of protecting the very people who cannot protect themselves.

    In WA, if this equipment had been available last year, we would not have had the unedifying “incident” of a perfectly innocent man being swept up, wrongly identified, incarcerated in a “Secure Mental Facility” and injeccted with a psycho-drug which could have turned him into a vegetable. Simply because he had the same skin colour.

  4. The APF can be expected to rail against this kind of measure, just as the police can be expected to request and require it.

    It’s all about the requirements for use, and the penalties for misuse, that apply to the technology. When they get it, police should be grateful for having access to such a powerful tool. And they should be slightly apprehensive when using it, knowing that if they misuse it then their own butt is on the line.

    • Except it never is.

      We keep seeing that miss-use if executive power is never punished.

      Police are commonly exposed in corrupt and illegal practices and due to the power of their connections and unions are not prosecuted.

      Quis custodiet ipsos custodes?

      Frankly no-one in this country.

      • Who polices the police, or watches the watchmen? The presumption is the processes in place ensure that those provided with powers of protection (the police) and judgement (the judiciary) are somehow beyond illegal behaviour, incompetence and corruption. When you think about it, from the perspective of providing a stable structure upon rests the framework of our society, it really does need to be above suspicion and trustworthy beyond doubt. I would suggest that the path to this is through transparency and acknowledgement that humans are fallible, providing a form of due process whereby the corrupt and incompetent can be weeded out, but the incumbent system exists to protect existing structures and people in positions of power, not protect the interests of the people and the structure of society above all.

  5. Now there are several ways this can go.
    Where we are using the devices to verify identity, no real issues here as it improve accuracy and reduces mistakes. There are other options available based on presentations I’ve attend NEC are a fairly advanced with facial recognition also.

    Now taking that fingerprint and comparing it to a databases of unidentified fingerprint found at crime scenes. This can very much depend on how it is handled by legislation and police. As not all police will know or need to know the details of the case. Poorly handled it can results in innocence people or potential witness being threat as wanted criminals because the officer who takes your finger doesn’t have all the information and there might be expectation or requirement for privacy with regards to the case. There are ways around this with careful management, training, and external auditing of process.

    There bigger issue is recording on finger prints for future use.

    • Just like putting a photo on the Internet, once it has bee in digitised and uploaded you lose all control over what happens to it.

      What I’m really interested in is how long it will take before someone hacks one of these portals. I remember six or seven years ago someone from Israel managed to find vulnerabilities in CIA systems and used that as a vector to compromise further systems, so even the most secure environments can be penetrative and it’s a pretty good argument against exposing police databases to the outside world.

Comments are closed.