Australian prime minister Malcolm Turnbull has hinted that the expansion of the nation's facial recognition databases could include private sector access.

Turnbull's statement came almost as an aside, under questioning by Sabra Lane on the Australian Broadcasting Corporation's AM public affairs program. Lane quizzed the PM on his plan to ask states to integrate drivers' license photos into the national facial recognition system (which already captures passport images).

Lane asked Turnbull whether the facial recognition system might be used to monitor people in public places such as shopping malls, and he answered “it absolutely could be” – an application that would require either a huge expansion government-owned surveillance infrastructure, or the ability for private security companies to access the database.

The government's request for drivers license photos, which will come at a Council of Australian Governments meeting tomorrow, has long been on the agenda.

Monique Mann and Marcus Smith, writing for the University of New South Wales Law Journal, explain that national sharing was an objective of the National Facial Biometric Matching Capability first announced in 2015.

However, the expansion of the system – and a possible expansion of access to it – will inevitably raise questions of the government's ability to secure the data.

Turnbull gave Lane an assurance that the data will be secured, but seemed to prioritise building and using the database, saying “the alternative is to not use data at all”.

+Comment: As The Register has previously documented, such databases are at risk of unauthorised access by both insiders and outsiders, as Australian police services have had a procession of officers charged for misusing their access to data.

The number of people who would ultimately have access to the database the government proposes is also a problem.

The lessons of post-9/11 America still hold true, that a massive expansion of personnel with access to sensitive information expands the risk that the information will leak.

Yet, alongside automation, that is exactly the aim of the National Facial Biometric Matching Capability: to make the information shareable, and therefore to expand the government personnel who can access it.

When Australian Medicare numbers were offered for sale on a Tor marketplace in July, it was clear that getting those numbers is relatively easy because tens of thousands of people, mostly government workers, have legitimate access to the database.

The same, we believe, holds true for facial recognition systems: if access is expanded far enough, protection becomes impossible. ®