Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general
Rules:
FAQ ~ NZ Community List ~ Join Matrix chatroom
Banner image by Bernard Spragg
Got an idea for next month's banner?
This is crazy but it does seem like this is a result of an underfunded agency. Doubly so when the staff are "too busy to think about privacy".
I hope this is not used as justification to cut funding or disestablish the agency when the opposite is needed. Most of these issues have technology solutions that could be implemented with some investment.
One of their examples was probably the whisper network (warning someone about historic allegations about someone else who probably had contact with them) but some of the others have me scratching my head.
I think what happens sometimes is that over time with underfunding and undertraining you end up with an organizational culture that becomes weirdly blind to privacy issues, like how our birds evolved to not have wings.
I definitely think you're right that if your organisation doesn't make privacy an important thing then you get blind to it. I've worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I'd expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it's because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I've seen are very strict on recording every access, however, didn't enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it's probably fairer to say they have all the tools they need to take it seriously but that doesn't mean they do.
Ah, that makes sense and it tracks. If you ever want to work somewhere with little accountability, that would probably be a good place!
Speaking of govt systems do you know anything about RealMe? It sort of looks like they are phasing it out?
I know a bit about RealMe. As far as I know the service itself is not being phased out, and new government portals are still required to implement it. What gave you the impression it's being phased out?
I personally think RealMe is a poor customer experience. It's not the concept (which is good), but the execution.
I think I saw something about DIA no longer allowing it for passport renewal. But when I google all I get is articles saying it is being expanded.
Been ages since I had to renew so I'm probably forgetting the poor customer experience part and am about to find out.
I think I saw something about DIA no longer allowing it for passport renewal.
I think that's unlikely since they are the ones pushing for its use. Perhaps it was that a verified RealMe is no longer required? Their renew passport page says you can create a RealMe during the process, which implies a verified RealMe is not required. I can't remember if it was previously required.
The distinction between RealMe as a login service and RealMe as an identity verification service is one thing I think they convey poorly. They should consider splitting these products into two separate but connected brands.
Been ages since I had to renew so I’m probably forgetting the poor customer experience part and am about to find out.
Exciting! If you already have a RealMe then the process is mostly ok. The RealMe onboarding is atrocious and the distinction between the login and verification is endlessly confusing to users (you should not need to go to a post shop to verify your identity).
DIA has done heaps to improve the passport process in recent years so hopefully it goes smoothly for you! Looking online they seem to actually be issuing passports within normal times, too! After COVID they got so many applications all at once they were taking months to issue passports.
Just found this (orange website though) which I think must be what they were talking about, but I don't fully follow it.
Dug up my passport as well - needs renewal next year. So hopefully this smooth going continues and we don't get a bird flu pandemic! God I look young in that picture.
I really like RealMe, it's super convenient as a verification, especially for those of us with limited forms of ID (I can't actually leave the country these days but I need a passport because I also can't drive).
I suspect the newer passport application processes make applying without a verified RealMe easier, so having to go to a post shop to verify your RealMe account was probably not helpful anymore. I know DIA got big money to improve the passport application processes.
Renewing your passport shouldn't be a drama. If you've ever had one (even if expired now) then you can do the renewal process and they just use facial recognition to compare against your previous passports to confirm it's you.
Oh I see that makes sense. Thanks! I think I was getting renewal and application mixed up.
Good, I remember it being easy-ish last time I renewed (which must have been when I signed up to RealMe hence the confusion). I remember being really surprised and happy they let me keep my old expired one because it was from back in the day and had stamps in it etc.
The only hassle was their insistance on not smiling which meant I took like 100 photos of myself to find one that didn't full on look like a mug shot of a serial killer.
Try to avoid selfies if you can! Get someone else to take the photo. Selfies can distort the photo and also tend to mirror it. It messes with facial recognition.
It might not be too big of a deal if you're not using it for travel but the electronic gates at customs will have trouble because they use facial recognition to let you through.
Or maybe the advice is to use selfie mode if you aren't using it for travel since it will impact on the ability for the government to surveil you?
Thanks for the warning, it's a good point! But it should be all good - I don't like facial distortion, so my method of taking passport photos (or for any official-ish thing) involves setting up an old actual camera with a manual aperture and a tripod.
(I tend to do it myself cos other people get exasperated after about the 15th photo of me looking like a murderer.)
I do like the idea of being hard to surveil though! Didn't think about that aspect of selfie culture! But presumably if they're using photo matching to the previous passport having a distorted image would impact its chances of being accepted?
If it fails the facial recognition then it just goes to a person to check, so if it's not obvious it might just get approved anyway.
If you have a big mole and they notice it's on the opposite side then they will probably reject the photo, but most if the time the mirroring or distortion is hard to spot so it will probably get accepted anyway.
Mirroring may won't work for me due to a distinguishing mark but it sounds like one of those phone selfies with a huge nose would.
Hmm decisions decisions. On the one hand I'm against surveillance capitalism, on the other hand what's the bet that facial recognition tech improves exponentially and I'm stuck with identification that looks like Gollum for no purpose.
If it helps your decision, they probably have plenty of previous photos to use so it probably won't make much difference 😅
Definitely underfunded, overworked, and probably mentally clocked out.
Even if the agency was well funded and well managed, I can't imagine working there is good for your mental health.
Oh, definitely not.
Underfunding plus corruption in procurement plus poor training results in this kind of thing.
Unfortunately the current government has promised to cut funding even more, be even more corrupt and spend even less on training.
I know it's underfunding but that first one is just movie villain levels of weird. "Sure, here's the address of the person you might have assaulted." Wth?