The United Workers Union has stopped the collection of facial recognition data in its tracks.
A security officer working at the Department of the Prime Minister and Cabinet building in Canberra was threatened with disciplinary action should he fail to provide “voluntary consent” to facial recognition software connected to the Singaporean Government.
Robert Beverly, employed by contractor Certis Security Australia, was concerned about more than his own personal privacy. Mr Beverly has high-level security clearances and the app requires security-cleared guards to take passport-style photos in uniform, inside classified government worksites, which are then uploaded to an unclassified non-government server.
“I raised these concerns with Certis, hoping that they would be taken seriously. Instead, they just ramped up the pressure to get me on the app. The operations team was calling me every shift asking me why I wasn’t using the app, even though I told them daily and they said they were passing it onto the boss,” he said.
Mr Beverly said: “Given the parent company is owned by the Singaporean Government, I also wanted to know if that meant the app would make facial recognition data available to a foreign government.”
Without addressing his specific concerns, Certis issued a second warning letter threatening disciplinary action should there be “further instances of non-conformance.” For Robert, this made it clear that the company was not interested in his “voluntary consent” and was going to threaten him until he complied.
“After receiving two written ‘performance notes’ the Union wrote to Certis and to the Office of the Australian Information Commissioner challenging Certis’ authority to direct me to provide ‘voluntary consent’. Not long after I got a third performance note. It was unbelievable,” he said.
Lyndal Ryan, United Workers Union Director of Property said: “It is highly alarming to know these practices are taking place. Any direction to provide biometric data, which includes facial recognition software, breaches the Privacy Act 1988 and is unlawful. Every security officer has the right to opt-out without being threatened with disciplinary action.
“The contractor Certis has a track record of complete disregard for workers’ legitimate concerns. We saw it during the bushfires, we have seen it during the COVID pandemic and now we’re seeing it with workers’ privacy and our country’s security.”
Back in June, Prime Minister Scott Morrison revealed malicious cyberattacks targeting Australian businesses and government agencies were taking place.
The Union met with Certis Security Australia and had them agree to let Robert sign in using alternative methods. “They have agreed to drop all warnings, but I never should have got them in the first place,” Mr Beverly said.
The union is surveying other security officers employed by Certis Security Australia regarding the collection of facial recognition data and investigating the use of similar facial recognition technology used in additional industries.
In February, Certis began using the Business Operations Support System (BOSS) software to capture working time and attendance of employees. While it is common to use software to record employee attendance, Certis took a deeply concerning, additional step, requiring employees to take two photos per shift, which are then verified through facial recognition software owned by the Singaporean Government.
In order to sign in to the app, an employee must tick a box reading: “I understand and voluntarily consent to my facial images being collected, used and stored on this and all future occasions in accordance with company procedures and policies.”
Certis Cisco, Singapore’s largest security organisation and major multinational, acquired the formerly Australian owned family business SNP Security in 2018 and combined it with their existing security business BRI to establish the sub-brand Certis Security Australia.
Robert Beverley has worked for SNP/Certis Security Australia for five years.
Media contact: 1300 898 633, [email protected]