Government agencies have a facial recognition system set up to share drivers' licence photos with the Covid-19 vaccine passport scheme.
Documents show the Ministry of Social Development (MSD) in talks to get people's photos through the system to check the identity of beneficiaries - though it denies ever doing this - and talk about using it in schools.
The documents show the One Time Identity (OTI) system had been developed since 2019 by the Department of Internal Affairs (DIA) - though the department told RNZ it was "a pilot".
A February 2022 internal document from Waka Kotahi said that "in collaboration" with the Ministry of Health and Internal Affairs, OTI "was successfully delivered to enable access to drivers' images for identity verification as part of the vaccine passport initiative".
The Ministry of Health (MOH) denied it had any access to driver licence photos, but later said it had considered accessing them.
Internal Affairs also denied sharing any photos with any agency through OTI.
However, emails from 2020 showed the privacy commissioner was worried about Internal Affairs sharing selfies of people with MSD.
"MSD is seeking to receive and retain the selfie to assist with the verification of identity" of clients at the counter, one email said, asking for more information about "why MSD need to retain the selfie".
The Ministry of Education said it opted out after DIA briefed agencies about OTI and police also said: "We are not involved in this project".
"As OTI check confirms identity against passport and driver licence photos, we considered it was not useful at this time for enrolling children into early learning or schooling," Ministry of Education chief digital officer Stuart Wakefield said yesterday.
The government's chief digital officer, who also heads up Internal Affairs, when asked to comment on the variance between public statements and the internal records, said in a statement that OTI, also known as Identity Check, was still under development but had been used in citizenship, passports and RealMe application processing since 2019.
"The department does not share photo images or facial recognition algorithm with any other agency," DIA said.
OTI is part of government initiatives worth more than $80 million to build digital identity technology, and public trust in it.
NZTA said OTI was "core" to this.
A bill before Parliament sets up a Trust Framework and extols the benefits of transparency.
When RNZ first asked MOH about its collaboration over driver licence photos, it said the information was "not accurate".
After the ministry saw the NZTA document, it said it "does not have (and never has had) access to drivers' licence photographs for the purposes of verifying a person's identity as part of the vaccine certification process".
It had access to written drivers' licence information, it said.
After a third approach by RNZ, the ministry yesterday said it had considered using photos from driver licences or passports for My Health Account but did not.
"It was determined that for the purposes of supporting My Covid Record, this was neither warranted nor practical, so it was never adopted."
Emails showed DIA in 2019 discussing how to spread the OTI system with "commercial model options" and how to test it to see if it "meets the business needs of potential client organisations".
The system works by a person taking their photo on their phone, and putting it into OTI, which compares it using facial recognition against a passport or driver's licence. When an identity is confirmed, that is shared with the provider of the service the person wants.
It is similar to the older system, RealMe, except customers do not need to create an account.
By 2020, DIA was well advanced on sharing people's photos with MSD.
"The selfie is used to verify a client's identity when they visit a Service Centre," MSD said.
The privacy commissioner commented that "the information sharing between MSD and DIA to facilitate the OTI tool is considerably complex" and asked for more information.
DIA completed a privacy impact assessment two years ago which made 14 recommendations to lessen the system's privacy impacts and risks.
The assessment showed DIA would only hold the selfie, metadata and Google analytics for a few months.
The emails showed the privacy commissioner was largely happy with OTI, except about MSD storing the selfies indefinitely.
Yesterday the Office of the Privacy Commissioner said it provided advice to DIA to ensure the use of personal and sensitive biometric information was protected in line with the Privacy Act.
"Ultimately, the safe and legal use of this information is the responsibility of the organisation that collects, retains and uses it," it said.
Though the email record suggests otherwise, MSD denied it had ever used selfies to identify clients.
"At no time have we ever used 'selfies' from clients as an identification tool," it said late yesterday.
RNZ has asked under the Official Information Act for records about this.
MSD said it was still "exploring" using OTI, more than two years after the long discussions of 2020. It would not be mandatory and would not use selfies but rely on getting a "notification back ... confirming an individual's identity". It did not say from whom.
Facial recognition is already used to create and check passports, and combat identity fraud.
The OTI software is from the same Irish tech firm Daon that runs RealMe; it runs on DIA's own infrastructure onshore.
DIA leads the government's work on digital identities.
It created a master agreement in 2018 that both public and private organisations could sign up to, for US tech major DXC Technology to manage a facial recognition system for them.
The legislation to set up a Trust Framework attracted an impressive 4500 submissions, but 3600 of those flooded in the final four hours of December 2021.
"We attribute this influx to misinformation campaigns on social media that caused many submitters to believe that the bill related to Covid-19 vaccination passes," the select committee said.
"Submitters were clear that greater transparency would improve trust in the framework."
Lack of a framework "undermines trust and confidence" and "creates risks for privacy and security", while having one would be worth $1.5 billion a year to the economy, the committee's report said.