Theme: Biometric identification systems arguably provide the United States and the European Union with a ‘silver bullet’ solution to some key security challenges –like international terrorism, organised crime and illegal migration– associated with identity theft and document fraud. As the use of biometric technologies extends from the margins to the mainstream, important substantive issues arise concerning data protection, individual privacy and civil liberties.
Summary: In response to the September 11, 2001 terrorist attacks, the US and the EU have been adopting biometric identification solutions to improve document security and expand surveillance capabilities of non-citizens/third country nationals. Biometric systems are used to identify, verify and classify the identity of a person on the basis of physiological or behavioural characteristics archived in computer networks. Common arguments in favour of implementing biometric systems are to control borders, protect against document fraud and identity theft, track illegal migrants and criminal suspects, and prevent terrorism. Aside from technical questions about their functional reliability in the field, biometric technologies raise substantive issues about data protection, individual privacy and civil liberties that have not received adequate public debate in Spain and other EU countries. This paper introduces the nature and function biometric authentication and surveillance systems, compares current and proposed uses of biometrics in the US and the EU stemming from the Patriot Act and the Schengen Information System, respectively, comments on the substantive issues raised by the widespread adoption and ‘harmonisation’ of biometric systems, and makes some general policy recommendations.
Analysis: The Context of Biometrics
New modes of electronically enabled integration are being developed that reduce identity to ‘unambiguous’ biological features of the human body. With new information technologies, such as biometric systems, states have new tools to respond to a host of security concerns. The invisibility of ‘virtual borders’ within data networks combined with the visibility of human bodies enables innovative forms of data integration, public surveillance and social control. States are looking to biometric solutions to prevent illegal migrants, criminals and terrorists from entering national territories while ensuring the efficient flow of people, goods and services across international borders.
The improvement of document security has become a frontline policy issue in both the US and the EU, although the far-reaching measures being enacted rarely make front-page headlines. Biometric identification systems are at the forefront of these developments. The promise of biometric technologies is that they will provide highly secure identification and personal verification solutions to strengthen defences against terrorism, organized crime, illegal immigration and identity theft. Biometric systems will not replace, but rather build upon and arguably strengthen traditional forms of identification, such as national ID cards and social security numbers. The growing importance of biometrics was underscored in the 2001 MIT Technology Review as one of the ‘top ten emerging technologies that will change the world.’ This section of the analysis defines biometrics and discusses some of their key applications.
The RAND division of Public Safety and Justice defines biometrics as ‘any automatically measurable, robust and distinctive physical characteristic or personal trait that can be used to identify an individual or verify the claimed identity of an individual’ (see publication at http://www.rand.org/publications/DB/DB396/). Biometric systems are chiefly used to identify, verify, and classify the identity of a person on the basis of physiological or behavioural characteristics captured and archived in computer networks.
Briefly, a measurable biometric sample must be easily retrieved and converted into a quantifiable, digital format. The robustness of the sample is judged by the variability of the human source material over time due to age, injury, illness, chemical exposure or the like. For instance, one’s iris changes very little of the course of a person’s lifetime, giving it a high degree of robustness compared to one’s voice, which has a higher degree of variability. The measure of distinctiveness, on the other hand, looks at variations or differences in the biometric pattern among the general population. The fingerprint, for example, has a higher degree of distinctiveness than facial geometry, thus making it a more accurate identifier.
Finally, biometrics employed for purposes of human recognition rely on processes of identification and verification. With identification, the system tries to answer the question ‘Who is X?’ by performing a ‘one-to-many’ (1:N) search to compare a biometric sample against a population of stored records in a database. On the other hand, verification processes ask ‘Is this X?’ after a user claims to be X. This transaction calls for a ‘one-to-one’ (1:1) search, whereby the user points the system to a template previously ‘captured’ and stored in the database. The system then compares the new biometric sample to the user-defined template to verify person X’s identity.
Some examples of biometrics currently being tested and reviewed by public authorities and the private sector include: iris, retinal and fingerprint scanning devices, facial and voice recognition systems, dynamic signature verification and key stroke dynamics, among others. DNA identification, or the ‘genetic fingerprint’, is expected to be one day the personal identifier that will exceed all others, because of its easy measurability, robustness and high degree of distinctiveness. DNA is expected to provide an unambiguous way to link database records with individuals, making radically decentralized data integration possible. EU member states already share DNA data from their respective national databases to fight crime, and plans have long been in the works for the creation of a European DNA database (EU Official Journal C 193, 24.6.97). In due course, DNA collection and storage will raise a host of new concerns about what personal information may be gleaned from DNA samples.
For now, ‘conventional’ use of biometrics for personal authentication is fast becoming the preferred official means to identify and verify individual identity, according to the US National Institute of Standards and Technology (NIST). Among their many applications, biometric systems promise more reliable ways to identify and verify immigrant status to better track or restrict their access to entry, benefits and jobs. In addition, biometric industry advocates are quick to point out lives being saved, lost children being found and terrorists being stopped. They also claim biometrics ‘protects privacy’ by allowing for more reliable identification and verification for countering identity fraud. In terms of operability, biometric characteristics purportedly include precision of the measurements, speed (throughput rate), public acceptability, resistance to counterfeiting, acceptable storage requirements and fast enrolment time, which make biometrics a key policy solution to a range of security issues. (For additional information, see www.itl.nist.gov/div895/biometrics/about.html and the US government’s Biometrics Consortium at www.biometrics.org).
US Policy on Biometrics
In the US, the use of large-scale civilian biometric systems were being advocated well before the attacks of September 11, 2001, most notably with the ‘Illegal Immigration Reform and Immigrant Responsibility Act of 1996’ (PL 104-208). Current US policy on biometrics stems from Sec. 403 (c) of the USA-Patriot Act (PL 107-56) that specifically directs the federal government to ‘develop and certify a technology standard that can be used to verify the identity of persons’ applying for or seeking entry into the US on a US visa ‘for the purposes of conducting background checks, confirming identity, and ensuring that a person has not received a visa under a different name’.
In his statement to the Subcommittee on Immigration on April 12, 2002, Dr Arden L. Bement Jr., Director of NIST, specified the provisions of this legislation that related to the development of biometric systems. The Act called for:
‘Denying visas to those foreign nationals identified as having a criminal record or as being on a “lookout list”; and verifying that a person seeking admission to the US with a legitimate visa is the person to whom the visa was issued… The basic need to be addressed is accurate identification to ensure that terrorists are not admitted into the United States.’
The purpose of Dr Bement’s statement was to describe the technical work that needed to be done by NIST to accomplish the objectives of the recently enacted Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173), which requires that only ‘machine-readable, tamper-resistant visas and other travel and entry documents that use biometric identifiers’ shall be issued to ‘aliens’ by October 26, 2004. In addition, the Immigration and Naturalization Service (INS) and the State Department are currently evaluating biometrics for use in US border control –ie, ‘smart borders’– and recently announced plans to adopt facial biometrics as the identification key for its future ‘intelligent’ passports.
Toward this end, on May 5, 2003, the US Department of Homeland Security launched a programme called ‘US Visitor and Immigration Status Indication Technology’ (US VISIT) that is designed to secure US borders with an automated entry and exit system. The system will collect biometric identifiers along with digital photographs of all visitors to the US to assist border officers in making admissibility decisions and to verify departure. By October 2004, all countries with ‘visa waiver’ status (such as current EU member states) will also be required to provide biometric information upon entry, if their passports do not already contain similar data. As I will discuss next, EU policy approaches on biometrics are on par with those of the US, especially as lawmakers on both sides of the Atlantic move ahead with initiatives that seek to standardize the use of biometrics on all international passports in the near future.
EU Policy on Biometrics
As the EU looks for common approaches to transnational issues like migration, crime and terrorism, a range of biometric options have emerged as an integral part of recent policy proposals. Current policy, however, builds on the quiet electronic integration that has been taking place among member states since the adoption of the Schengen Information System (SIS), the ‘backbone’ of the general Agreement to open the EU’s internal borders. The original purpose of the SIS was to reassure member states that the abolition of internal frontiers would not threaten their security.
The SIS officially began operation on March 26, 1995, and more than 10 million individuals are currently registered in the system. Information in the system remains national, although the system itself is European. Originally designed for the surveillance and tracking of immigrants and asylum seekers, the SIS archives and provides data on individuals previously refused entry, detained, deported, who have had applications refused or are illegal immigrants, criminals and suspected terrorists.
In late 1996, due to the expansion of the EU and increasing obsolescence of the original SIS system, the Schengen Executive Committee decided to extend the SIS to SIS II, significantly increasing storage capacity and introducing new technological functions, most notably the broad inclusion of biometrics. A Spanish proposal envisages extending access to SIS II to the Europol, the national members of Eurojust and national judicial authorities as well as significantly expanding the range of possible searches by including new types of persons and new forms of data. The idea is to enlarge the use of the SIS in the struggle against unauthorized migration, human trafficking and international terrorism.
Both the SIS and proposed SIS II are supervised by appropriate member state authorities on data protection under the auspices of the 1995 Data Protection Directive (95/46/EC), which applies to the processing of personal data, including biometric data. These national agencies are endowed with the authority to hear claims on data protection, investigate complaints and intervene when necessary. However, ‘those authorities are currently under-resourced for their wide range of tasks. Since the supervision of the processing of biometrics will increase their workload, it will be necessary to provide additional resources for them’ [COM (2003) 558 final, 24.09.2003].
Additionally, the US and EU are said to be cooperating to lead the world in setting international standards for using biometrics in travel documents. A global standard would, for now, combine fingerprints and facial recognition using biometrics to enhance security measures associated with international travel, migration, crime, and terrorism. During the G8 meeting in Paris on May 5, 2003, the Justice and Interior Ministers from all member countries announced the creation of an international working group on biometrics to develop global standards.
At the EU Summit in June 2003, the European Commission unveiled a Communication emphasising the need for a ‘coherent approach on biometric identifiers and biometric data in the EU that would result in harmonized solutions for documents for nationals of non-EU countries, EU citizens’ passports and information systems’. Then, on September 24, 2003, the EC released proposals for the adoption of biometric identifiers for visa and residence permit regulations for third country nationals [COM (2003) 558 final, 24.09.2003]. The pending regulations would provide for the mandatory storage of facial images and fingerprints, respectively, as primary and secondary biometric identifiers of third country nationals and, a few years later, all EU citizens. Most of these developments and associated concerns about biometric surveillance have all but escaped notice by the citizens of member states.
Concerns and Recommendations
Biometric technologies –for all their alleged benefits– raise concerns about data protection, individual privacy and civil liberties. This section addresses some important sources of unease about biometrics and makes some general recommendations for policymakers in Spain and the EU.
The most alarming concerns about biometric technologies stem from their built-in ‘data surveillance’ capabilities. Data surveillance refers to the collection of information about an identifiable individual from multiple public and commercial sources that may be assembled into character or behavioural profiles. Data profiling brings up critical issues about the broader discriminatory and classificatory dimensions of biometric surveillance. Without appropriate protections in place, data profiling could negatively affect people’s life-chances or reproduce social inequalities.
As state agencies and the private sector move ahead with the adoption of biometric solutions to meet new security demands, it is only a matter of time before the original purposes of identification and verification are widened to include the use of biometric surveillance to profile individuals. For this reason, all policy development where information technology and surveillance practices intersect should be subject to democratic scrutiny, force-of-law rules and strict oversight. In fact, there is an urgent need for lawmakers in Spain and the EU to pioneer legislation on how biometric data will be collected, stored, accessed and used within the general EU framework of ‘Fair Information Practices’ (FIP). The following concerns and recommendations account for the unique features of biometric systems.
First, biometric systems interface easily with database technology, making privacy violations and unauthorized sharing of personal data far easier and more damaging. Policymakers need to pay close attention to the ways data becomes attached to biometric identifiers and how best to prevent the ‘secret’ storage of personal data.
Second, biometric technologies will eventually enable wide-spread tracking, which involves the ability to monitor an individual’s movement and actions in real time or search databases that possess information about these actions. The UN World Summit on the Information Society in Geneva (December 10-12, 2003) illustrated the power and problems of these systems when participants were required to obtain security badges but were not informed they contained built-in SmartCards and Radio Frequency Identification (RFID), which allowed their movements to be tracked throughout the Summit. Lawmakers need to take strong measures to ensure that biometric surveillance systems and associated databases are transparent to data subjects and open to independent supervision.
Third, biometric identification is only as good as the initial enrolment or registration. If an individual uses fraudulent documents to begin with, all further biometric captures of that person will result in false acceptances, which could pose high security risks. It is imperative that legislators and system administrators develop ways to ensure that only accurate, up-to-date biometric information is obtained from consenting data subjects for the sole purposes of identification and verification.
Fourth, since biometric systems entail processes of repeat surveillance, which not only require an initial capture of biometric data but also indefinite later captures, the ‘data trail’ left behind by a single person going about everyday life becomes a significant source of information and, worse yet, a form of involuntary self-disclosure The major problem with the ‘chronic longitudinal capture’ of biometric data is that individuals cannot control when they are being put into a system, when they are being tracked, how they are being categorized or for what purpose. Lawmakers should regulate tightly the open capture and storage of non-consensual biometric data.
Fifth, further potential risks depend on the level of standardisation or interoperability that make it possible to link information across disparate databases, which is a key goal of law enforcement. By eventually connecting ‘multiple governmental, business and leisure transactions of everyday life,’ future biometric systems will make it possible to compile a ‘comprehensive profile’ of an individual’s behavioural patterns, opening the way for new forms of discrimination. Will programme participants be informed about the expanded purposes for collecting information and, if so, have the right to re-evaluate their participation? New laws and strict enforcement must limit the ability of governments (and corporations) to ‘mine’ and compile personal data except when specifically warranted by appropriate legal authorities for criminal investigations.
Sixth, the effectiveness of any biometric system relies on comparing captured biometric data to templates previously stored in a biometric database. Large collections of personally identifying information (PII), however, are susceptible to database abuse. The databases and channels used to share PII are not only potential targets for cyber-attacks, theft and fraudulent use. Requests for PII by other agencies and non-EU governments could likewise jeopardize the integrity of personal data systems and undermine public trust. Concerning the SIS system and its progeny (SIS II), a bulletin by the EU Parliament Committee on Citizens’ Freedoms and Rights, Justice and Home Affairs, conceded that ‘many problems have appeared at the level of the system’s security against possible intrusions as they have at the level of protection of data’. The EU and its member states need to fortify biometric databases and the networks that transmit biometric data, and strictly control access to data networks.
Finally, other concerns include the tracking and profiling capabilities of biometric systems, especially when coupled with RFID microchips. Biometric identification techniques significantly increase the potential to locate and track people physically and link individual identity to consumption patterns, health records and other personal data. The issue of tracking is important in that biometric systems promise high accuracy, greater efficiency and wider interoperability at a lower cost. This will inevitably lead to the broader adoption of biometrics across previously unconnected public and private domains and a multiplication of potential tracking points. The widespread use of biometrics for tracking and profiling purposes could:
• Increase the visibility of individual behaviour and make possible the matching of a person’s behaviour against pre-determined patterns to generate suspicion or classify individuals in new ways.
• Expose individuals to politically damaging or personally slanderous disclosures, blackmail, or even extortion, thus harming openness and democracy.
• Expand the range of circumstantial evidence available for criminal prosecution, arguably inflating the prospects of wrongful conviction (though proponents of biometrics point to the improved ability to track a suspect back to the scene of a crime).
• Aid in repressing easily locatable and traceable individuals, thus empowering official authorities as well as corporations to deal a heavy hand against ‘troublesome’ opponents (like competitors, regulators, union organizers, whistleblowers, protestors and activists, customers and political candidates).
Policymakers should establish a new set of stringent regulations for biometric technologies to protect against new forms of discrimination and the profiling of the character or behaviours of individuals. Biometric administrators and controllers should be closely monitored by independent authorities to ensure these principles and associated policies are upheld. Most importantly, the widening scope and purpose(s) of the overall biometric system architecture needs to be independently reviewed, publicly disseminated, and openly debated before new biometric programmes are designed and infrastructures built.
Conclusion: Electronic and digital modes of communication and control in information-rich societies open new fields for surveillance by numerous state and commercial entities for multiple purposes. These diverse means of surveillance serve us in many ways by making our everyday lives more convenient, efficient and secure. Biometric identification systems form part of this broader ‘surveillance society’ whose data flows are no longer limited by national borders. At a time when online personal data intersects with the global marketplace and supranational organizations, important questions about power, citizenship, and technological development need to be asked as we look to information policy and regulation to protect individuals from violations of privacy and new forms of discriminatory categorization.
Fortunately, perfect tracking is not feasible in the near future, but recent developments in biotechnology and information science coupled with new security challenges have pointed us in that direction. Even a close approximation of perfect tracking, however, would be as ‘inimical’ to free society as perfect surveillance would be to cultural and scientific innovation and political expression. The overall risk level associated with the widespread adoption and interoperability of biometric surveillance systems thus depends upon system design and the political will to fund and enforce strict oversight. Biometric systems have many components, and only by analyzing the system as a whole can we begin to understand the full range of benefits and risks involved.
Much attention has been devoted to deploying biometrics for border security and document fraud, largely because foreigners, criminals and terrorists are easy targets, politically speaking. As this analysis has shown, the use of biometrics is quickly moving from the margins to the mainstream. Before governments further expand their commitment to biometric systems, greater public awareness and debate about these unprecedented developments needs to occur.
James C. Ross, Ph.D.