By Paul Rosenzweig, The George Washington University Law School
From fingerprint recognition, iris recognition, face recognition to gait recognition and DNA analysis, there are many different forms of biometrics which help in verification and identification. Some of them are also less intrusive and cost-effective. Biometrics can be great, so what could possibly go wrong? Let’s find out.
The answer to the question above rests with whether or not we’re comfortable with the government having an immutable record of who we are and what we do. One development about biometrics in recent years that troubles some civil liberties advocates was the case Maryland v. King, which was decided by the Supreme Court in 2013.
Maryland v. King
The case asked the question of whether, and when, the government could forcibly collect your DNA from you. In general, authorities can collect DNA from people convicted of crimes. But, what if you are merely arrested and not yet convicted? The Supreme Court—by a narrow 5–4 majority—said that the administrative collection of DNA from all arrestees was permissible, even in the absence of a warrant or probable cause. The dissent in that case was vehement, essentially asking, what happened to the rule of innocent until proven guilty?
With the results in the King case, the government is now free to assemble a template DNA national database of anyone who’s ever been arrested for a crime.
So, the use of biometric technologies poses a host of interrelated policy questions. Some of the questions one might ask are: Can the biometric system be narrowly tailored to its task? Who’ll oversee the program? What alternatives are there to biometric technologies? What information will be stored and in what form?
This is a transcript from the video series The Surveillance State: Big Data, Freedom, and You. Watch it now, on Wondrium.
Biometrics: More Questions Than Answers
Other questions: To what facility or location will the biometric give access? Will the original biometric material be retained? Will biometric data be kept separately from other identifying personal information? Who will have access to the information? How will access to the information be controlled? How will the system ensure accuracy? Will data be aggregated across databases? If data is stored in a database, how will it be protected? Who’ll make sure that the program administrators are responsive to privacy concerns? Can people remove themselves from a database voluntarily? How will consistency between data collected at multiple sites be maintained? If there’s a choice, will people be informed of optional versus mandatory enrollment alternatives?
More Concerns about Biometrics
Some of the fears surrounding biometric information include that it will be gathered without permission, knowledge, or clearly defined reasons; used for a multitude of purposes; disseminated to others without explicit permission; and used to help to create a complete picture about people for surveillance or social control purposes. There are also concerns about tracking, which is real-time or near real-time surveillance of an individual, and profiling. Both of these would effectively destroy a person’s anonymity.
So here are some ideas about biometrics to consider. Before one is enrolled in a biometric program, one should probably be made aware of that enrollment. Also, biometric systems are better used for verification than identification. In general, that is, they’re better suited for a one-to-one match, assuring that the individual in question is who he says he is, and has the requisite authorization to engage in the activity in question.
Learn more about eye scans and facial recognition software.
Some Solutions
We should prefer biometric systems that are opt-in, and require a person’s consent, rather than those that are mandatory. By this we should not mean that requiring one to opt-in cannot be made a condition of participation. For example, if you want to enter the United States you must provide a biometric, since participation is ultimately voluntary in some way.
And we also recognize that certain biometric applications, like DNA for convicted criminals, may need to be mandatory. Again, however, this should be an exception to the general rule of voluntariness.
And, finally, we need to be concerned about the security of a biometric database. After all, if your password or credit card number gets hacked, you can change it. But, if your biometric data gets hacked, there is much more trouble afoot.
Centralized storage of biometric data also raises privacy concerns by tending to enable easier mission creep. Clearly, for some technologies and applications, local storage won’t be feasible—but to the extent it’s practicable, local storage should be preferred.
Learn more about the policy issues around drones.
Biometric Tech: Who Decides the Policies?
Should citizens have a right to control their extremely sensitive biometric data? In one sense, the answer seems like it should be obvious. If I can take a picture of you on the street without your permission—which I can; just go on the street and take a shot—why can’t the government? On the other hand—well, it’s the government.
Today, however, the decision to move forward with biometrics is not really the subject of wide public debate. In 2014, the FBI started to use a Next Generation Identification biometric database with 14 million face images, with more images to be collected in the future.
Some communities are even issuing mobile biometric readers to their governmental staff. The staff—usually police officers, but sometimes other regulatory agents—can take pictures of people on the street or in their homes and immediately identify them and enroll them in face recognition databases.
Biometric technologies are likely to be of great value in creating secure identification. But to be useful and acceptable, they need to be privacy and civil liberties-neutral. They can, and should, be designed with appropriate protocols to ensure privacy before they’re implemented. On that, perhaps we all can agree.
Common Questions about Biometrics and the Dark Side of Technology
After the Maryland v. King case, the government is now free to assemble a template DNA national database of anyone who’s ever been arrested for a crime.
Centralized storage of biometric data raises privacy concerns by tending to enable easier mission creep.
Some communities have issued mobile biometric readers to their staff—usually police officers, but sometimes other regulatory agents. They can take pictures of people on the street or in their homes and immediately identify them and enroll them in face recognition databases.
