Prepare to be scanned

Biometrics and the Surveillance Society

In light of the recent wave of terror attacks in the UK, Turkey, and Egypt, biometrics technology is increasingly being discussed as a means to tackle terrorism, not to mention fraud and theft. According to a recent report from the European Commission's Joint Research Centre (JRC), the introduction of biometrics is viewed as both "inevitable and necessary". Indeed, the number of biometric devices in use in Europe has jumped from 8,550 in 1996 to more than to 150,000 in 2004 and biometric industries revenues are expected to more than triple in the next two years.

While it may appear that the introduction of biometrics as a security measure is now inevitable, the necessity of introducing biometrics is still a moot point. Although national debates are underway in several countries on how desirable the technology is, a wider examination of its implications is yet to take place. "Biometrics seem headed for dramatic growth in the next few years. But calm, public discussion of their benefits and drawbacks has been lamentably lacking" wrote The Economist way back in December 2003.

Biometric technology is nothing new. The use of DNA and genetics as identifiers have already been used in forensics. However, new problems will arise if they are used more generally. One of the main concerns is that instead of increasing our level of security, it will be used merely as a tool to further reinforce the foundations of a surveillance society.

Biometrics uses physical or behavioural information to identify a person. The data used can range from fingerprints, to iris scans, to DNA. The most likely application of the technology will involve comparing the information obtained from someone on the spot with that stored in a databank in order to verify identity. Proponents claim that biometrics could thus contribute significantly towards security at a time when global terrorism is a credible threat to countries around the world. In this context, airports and border control centers have been touted as the first potential users. Indeed, in some places, such as US international airports, it has already been implemented to a certain extent.

On a more individual level, those who support this technology argue that biometrics could be used to prevent theft, for example by verifying a person's identity before allowing cash withdrawals or allowing access to buildings or cars. For local authorities, applications to avoid illicit use of social welfare and medical support provide a further justification for the widespread use of biometrics. Departments in charge of social assistance in countries like the USA, Canada, Spain, and the Netherlands are launching programmes for detecting and preventing duplicate benefits. It is claimed that the introduction of biometrics would result in billions of savings on public spending.

But the collection and storage of such personal data raises huge ethical questions. The concerns are diverse in nature: persons who find it more difficult to prove their identity, such as immigrants, may be unjustly targeted under such a system; disabled people who are unable to undergo biometrics tests may become stigmatised; and personal medical information may be obtainable. On a practical level, privacy laws differ from country to country, which will have implications for the sharing of data and the interrelation of databanks.

Dangers Ahead

There is no doubt that certain groups will become the main targets of biometrics technology. The use of biometrics for monitoring migration flows and for identifying migrants, many of whom don't have valid identity documents (asylum seekers, illegal aliens, etc.), is already becoming standard practice in many countries. Without doubt, some will be targeted because of police profiling and will include not only physical characteristics, such as ethnicity, but cultural ones as well, such as religion. As a result, there is a real danger that such groups may fall into a certain category whereby their privacy is less protected because of national security concerns.

In addition to this, there is the problem of those who are unable to undergo biometric tests. If a person is blind or short, or has lost a hand, it can make identification difficult. This, in turn, could be used as a reason to refuse entry or to label that person as a potential security risk.

Perhaps the most controversial aspect surrounding this technology, however, has to do with access to medical information. Biometrics data could provide information on whether a person has a medical condition, has used drugs, or is pregnant, for example. In the case of DNA, scientists insist that they would only analyse known coding and not genetic information. Nevertheless, there is still the possibility that this data could be used later on for genetic data mining purposes. Consequently, this raises the question of trust.

Aside from issues of trust and misuse of data, there are a number of less predictable consequences which need to be addressed. For example, biometrics isn't entirely reliable, as the corroborating data is dependent on the source that provides it. For instance, a biometrics ID card issued by a rogue regime (or a secret service organisation like the CIA) may have the biometrics correct, but the cardholder could nonetheless be dangerous.

The London bombings on July 7th underscores this point further. The individuals involved were all law-abiding citizens and integrated members of the community; there was nothing in their background or identification which would have raised any security concerns. To this extent, being able to identify someone biometrically has its limitations, for what makes a person a terrorist is not their identity but their ideology.

Not only this, but one of the major drawbacks of biometric technology are the unforeseen consequences which may, in some cases, lead to more harm than good. For instance, the introduction of biometrics technology to prevent car theft in Malaysia had one such unexpected result. As access to a car was only possible if the owner placed his finger on the car to unlock it and start it, thieves subsequently cut off the owner's finger in order to steal the car.

Biometric Discrimination

"Living characteristics" is an especially sensitive issue surrounding the use of biometrics technology. Simple biometric identification can be fooled by a latex finger, a prosthetic eye, a plaster hand, or a DAT voice recording. Biometric devices must therefore be able to determine whether there is a "live" characteristic being presented. For example, fingerprint sensors might incorporate pulse oximeter technology, and iris scanners might test for pupillary response.

Yet by monitoring such "living characteristics" biometric devices end up becoming a source of sensitive biomedical data. For instance, pupillary responses depend on whether one has been drinking or taking drugs, whether the person is pregnant, etc. Likewise, changes in blood flow are typically associated with several medical conditions. In addition to this, there are ways in which emotional attitudes can be determined from some biometrics, such as nervousness in a voice pattern and anger from a facial image.

Recent scientific research in this area suggest that biometric features can per se disclose medical information. Knowing that certain medical disorders are associated with specific biometric patterns creates an obvious temptation to link biometric patterns to behavioral characteristics, or even predispositions to certain medical conditions. If such research ever does become widespread and accepted, then biometrics might become not only an identifier, but also a source of information about an individual. This, in turn, can easily lead to discrimination in the use of genetic test information and DNA profiles.

A Question of Privacy

In the end, the use of biometric technology all comes down to the issue of personal privacy. There is no doubt that with the advancement of digital technology (as well as political developments) since the 1990s, our personal privacy has been severely compromised, both in terms of practice and policy. Moreover, globalization is a phenomena that, by itself, is an issue regarding the protection of privacy. Often, data is transferred for processing to third world countries (because of low labour costs) where there is little or no kind of protection for this personal information. Furthermore, this information frequently includes sensitive data like criminal or medical records.

Moreover, the police and other security services of various countries are now exchanging more and more personal data around the world. This means that decisions over security issues are increasingly taking place in international settings rather than national ones. An international standard for the protection of such data, however, is severely lacking.

In Europe, much has been done to ensure the protection of personal data. The European Convention on Human Rights and Biomedicine (Chapter III, Article 10) as well as the European Union Charter of Fundamental Rights (Article 8) both outline the specific right everyone has to the protection of personal data. Meanwhile, Directive 95/46/EC (in particular Article 8, Paragraphs 1, 3, and 4) constitutes the legal background of biometric technologies in Europe.

Despite this, the protection of personal data in Europe is anything from ideal. Directive 95/46/EC, for instance, may require a high level of protection of fundamental rights (in particular, privacy) within Member States, but its underlying aim is still the removal of obstacles to the flow of personal data. Additionally, with the implementation of anti-terrorism legislation in many countries that blatantly overrides civil liberties, references to fundamental rights ultimately don't carry much weight.

What is more, as a new security research programme established by the European Commission (EC) is set to officially begin in 2007, biometric technologies are increasingly viewed as the key to future economic development and innovation. In order to make such technology more acceptable among Europeans, therefore, efforts are underway to sway public opinion in favour of the technology. Recently, a project designed to initiate debate on the ethics of biometrics was launched (BITE: Biometric Identification Technology Ethics), with public consultation expected to be held in June 2006.

Although such debates are designed to raise general awareness, what must ultimately be asked is precisely why is this technology needed in the first place. If it is to stop terrorism, it is unlikely to prove effective and may turn out to be a gigantic waste of government time and money since terrorism is foremost a question of ideology and not identity. On the other hand, if it is to prevent theft and fraud, then more government effort should be put into reinforcing the need for the protection of one's privacy as opposed to that of the surveillance society. (John Horvath)