Experts slam storing of biometric data

Experts slam storing of biometric data

Tisa to raise issue with prime minister

Citizens' stored biometric data is at high risk for data leaks and identity theft, Tisa says.
Citizens' stored biometric data is at high risk for data leaks and identity theft, Tisa says.

Cybersecurity experts have condemned the government for storing citizens' biometric data like eye and facial images that are at high risk for data leaks and identity theft.

The theft of biometric data is extremely harmful for individuals because one cannot change his or her bio identity, said the Thailand Information Security Association (Tisa).

The group will bring its concerns to the prime minister, and a member of Tisa's committee will personally sue in the Administrative Court on the grounds that the government is violating citizens' rights under the constitution.

The Foreign Ministry and the National Broadcasting and Telecommunications Commission (NBTC) are the top two targets of the suit.

"We would like to let policymakers know how dangerous it is to keep biometric data unnecessarily, in particular iris and face recognition images," Suthi Tuvirat, a Tisa committee member, said at a recent seminar on biometric data collection.

According to Tisa, the Foreign Ministry is taking great risks by mandating keeping iris data in addition to face images and 10 fingerprints on new passports.

Moreover, the biometric database is operated and managed by a foreign firm that won the project to store the highly sensitive data. The firm has been sued by the Estonian government in the past for losing its data.

In Europe, countries only use two fingerprints to authenticate a person's identity. Elsewhere, San Francisco became the first city to ban the use of facial recognition.

Mr Suthi said the NBTC is another state agency that overruled the constitution's Section 32 to keep biometric information of citizens without their consent, as the regulator uses SIM registration with fingerprints.

If there is a need to keep highly sensitive data that might violate personal data or citizens' rights, Section 32 requires an endorsement that needs to pass a public hearing in the House of Representatives.

Both the Foreign Ministry and the NBTC follow their own rules and regulations, and not the act that violates the constitution.

"Biometric data leaks, 10 fingerprints, iris and face scanning will cause harm to victims of data breaches and they cannot recover as in other cases where they could simply change a password or replace a lost passport," said Prinya Hom-anek, a cybersecurity expert at Tisa.

Biometrics should be used to identify a person but not as "authentication of a person" to access resources or services, he said.

If these biometrics are leaked or are hacked or stolen, hackers can track highly important people, or make fake identities using the leaked info. This can impose high personal risks, as evidenced by the fact that hackers can use facial recognition to track the location of their targets, the same way police can use facial recognition to track down criminals.

The biometric authentication system is badly designed and will lead to catastrophic consequences, Mr Prinya said.

The recent Personal Data Protection Act also allows the government to keep biometric data in contravention of the constitutional law in Section 32.

Mr Suthi said the government must consider how to store biometric data and take measures to ensure governance, transparency and auditing for data owners, and provide compensation for those effected by biometric data loss.

The problem not only pertains to government: convenience stores use facial recognition, while banks employ the technology to open bank accounts.

Do you like the content of this article?

Department sources 56,000 positions to help out jobless

The Department of Employment has sourced 56,138 full-time job vacancies to help the unemployed.


Chapel, pagoda won't be razed for rail line

The Mass Rapid Transit Authority of Thailand (MRTA) on Friday came out to assure that the 237-year-old chapel and pagoda on the grounds of Wat Iam Woranuch in Bangkok's Phra Nakhon district will not be demolished by the Purple Line rail project.


Making case for debt spending

Thailand should implement fiscal stimulus to overcome the Covid-19 crisis, says Supachai Panitchpakdi.