Aussies mull use of biometrics for gambling machines

Published 4 January 2011

The Australian government wants to keep an eye on who uses poker and gambling machines installed in pubs, clubs, and casinos; many see biometrics as a solution — but agree that the Australian Privacy Act has to be modified, and standards set, to make sure the biometric information collected is not misused; there are worries about users stealing and reusing fingerprints from the readers, thus allowing gamblers to sign in as another, and bypass the financial controls

Australia’s Privacy Act will need to be toughened and guidelines created if the federal government wants to use biometric technology in its plans to curb poker machine use, according to a peak technology group.

The government is mulling the controversial idea as part of a deal to secure the support of independent MP Andrew Wilkie.

Prime Minister Julia Gillard warned the states that the government will impose regulation if a mandatory “pre-commitment technology” to curb poker machine use is not in place by May.

Biometrics — which capture data from the body such as finger and iris prints — have not been ruled out as a means of addressing the government demands, although it has not mandated a technology.

The Biometrics Institute general manager Isabelle Moeller said that strict national laws restricting the use of captured data would be required to ensure clubs, pubs, and casinos adequately protect and do not abuse sensitive customer information.

Who ensures how data is collected and when it is destroyed? The [Privacy] Act is not specific enough,” Moeller said.

She said that biometric data is not included in the Act, and that government agencies and small businesses with revenues less than $3 million are exempt.

ZDNet reports that the federal government is reviewing the Privacy Act in order to introduce a consistent national scheme. It plans to introduce caveats into the Act that will allow it to be more responsive to changes in technology and also iron out inconsistencies in privacy requirements across the states.

The biometric battle has been long fought by the institute and Moeller would welcome its end. “We would like to see the Privacy Act completed and new information taken on from the institute code.”

She said Australia is a privacy laggard compared to many other nations that already have or are implementing tougher updated laws.

The institute is still struggling to get members to sign onto its voluntary biometric privacy code, despite having the blessing of the Privacy Commissioner and its context has a unanimous tick from the industry.

Moeller said this is because businesses are reluctant to impose guidelines that may restrict their competitiveness against non-compliant rivals. It would also make it tougher to implement biometrics solutions.

Currently, pubs and clubs are charging ahead with biometrics installs, with little or no regard to the code.

Moeller said one business had purchased a cheap off-the-shelf biometric system online which could place customer data at serious risk if it is not adequately secured.

Any biometric solution used to control poker machine use would also be subject to the many well-publicized obfuscation techniques through which users steal and reuse fingerprints from the readers. Such an attack would allow gamblers to sign in as another, and bypass the financial controls.

Instructions of how to conduct the attacks, including how to make a replica finger from gelatine, are freely available on the Internet.

The body heat sensor [within biometric devices] might also be affected by holding cold drinks, but I suspect that this would be minimized,” information security specialist Christian Heinrich said. “Obviously, other successful published attacks against biometrics would also apply.”

The concerns come ahead of news that pubs and clubs are gearing up for a coordinated and well-financed advertising campaign to smear the government’s plans to impose gambling monitoring.

Industry figures have said the campaign will be like the mining industry’s mass-media attempt to attack the government’s super-profits tax.

Heinrich said the industry could use biometrics as a physiological deterrent within the campaign by appealing to public fears that the technology is akin to “taking one’s soul”.