The NSW Opposition has called for an inquiry after it was revealed that the biometric data of students in the state was collected by Microsoft Teams for a month to create a “voice and face profile” of them.
As first reported by The Guardian, the NSW Education Department was unaware for a month that the collection of biometric data had been automatically enabled for users of Microsoft Teams, including students and teachers in the state.
Microsoft Teams is used as a video conferencing tool in New South Wales schools by students and staff.
The NSW Department of Education said the app is a “hub for teachers and students to engage, create, interact and collaborate”, and it is a “one-stop communication platform”.
Late last year Microsoft announced that the “voice and face enrolment” feature would be switched on by default for all Teams users from March this year.
This tool creates a “voice and face profile” of each video conference participant, with Microsoft saying that this helps to improve audio quality, reduce background noise and allows the software to automatically recognise voices and faces.
Disabled after a month
When this was switched on by default in March, the NSW Education Department failed to turn it off for a month, The Guardian reported.
A spokesperson for the NSW Department of Education told Information Age that it does not collect the biometric data of students.
“A new Microsoft Teams feature that allowed voice and facial enrolment for people entering Teams meetings was quickly disabled across our network, and any face or voice recognition profiles that were created have been removed,” the spokesperson said.
They said the biometrics collection service was turned off in April and that all profiles made of students and staff were deleted within 24 hours.
It has not been revealed how many students in the state had their biometric data hoovered up by Microsoft in the month that the service was enabled.
A spokesperson for Microsoft told Information Age that the company does not have access to the biometric data.
“It's encrypted and stored securely per our compliance and privacy standards,” the spokesperson said.
‘Complete breach of privacy’
NSW Shadow Education Minister Sarah Mitchell called on the state government to launch an inquiry into the issue.
“This is a complete breach of privacy and trust for every student and parent across NSW and the Minns government needs to step in and get to the bottom of what happened here,” Mitchell said in a statement.
“Not only do we not know how long the data was held, but we also have not been told what the data was used for while it existed.
“What’s even more concerning is the fact that it appears there are parents out there who are not even aware this occurred – and that is simply not good enough.”
A spokesperson for Minister for Education and Early Learning Prue Car said she had asked for a full briefing on the incident from the Department.
“We want to assure parents and students that the function is now disabled and that no biometric data was held by the Department,” the spokesperson said.
‘Come clean’
The state Opposition urged the Minns government to reveal how many students were impacted by the data collection service.
“The Education Minister needs to come clean to teachers, students and parents about the level of this catastrophe that happened on her watch,” Mitchell said.
“We need to know exactly how many students have been caught up in this and who they are so they can be notified immediately.
“It’s also scary that there’s no indication of who had access to this sensitive data while it was available.
“Every parent across the state should be worried about this and we need proper answers from the Department and the Minister.”
There have been numerous recent incidents involving the collection of biometric data and the use of facial recognition technologies in Australia.
Earlier this month the City of Melbourne Council revealed it is looking to upgrade its 280 cameras with facial recognition and artificial intelligence that can detect signs of crime, uncleanliness and vandalism.
Councillors voted to prepare a report by next month on “options regarding the use of video analytics”.
Last year the Australian privacy watchdog found that the use of facial recognition technology by retail giant Bunnings over a period of three years “breached” privacy laws.
Bunnings denied this and said that “privacy was not at risk” due to the use of the technology.
Late last year it was revealed by Information Age that members of Australian law enforcement had called for changes to Australian privacy legislation to allow them to use AI-powered facial recognition and decryption more easily in order to identify victims and perpetrators of child sexual abuse material.
