Maintaining privacy in the age of biometrics? [on hold]

Aggregation of data by governments

Biometric identifiers present a unique and insurmountable challenge to privacy and safety. Avoiding enrollment in centralized biometric databases is becoming impractical.

  • Australia – Photos from passports and driver’s licenses are used to create a national database of faces to cross-reference suspected criminals with CCTV images in public places. [1] All government services (taxation, child support, job search etc) are provided through a central online portal, myGov, which includes myHealth – a summary of medications, reports and doctor’s notes. [2]
  • China – China is using “alert project” in Xinjiang region inhabited by the Uighur community. Residents are monitored through facial recognition on surveillance cameras, smartphone scanners, voice analysis and compulsory satellite-tracking systems for vehicles to “thwart terrorist attacks before they occur.” [3]
  • India – Aadhaar is the world’s largest biometric ID system with 1.2 billion enrollments. Demographic information and biometric records such as photograph, fingerprints and iris scans are stored in a centralized database. Benefits contingent on it include driver’s license, tax filings, school enrollment, old age pensions, medical treatment, food aid, NREGA wages, banking facilities etc. [4]
  • UK – UK companies must keep 12 months of their customer’s web traffic records by law. Police and state agencies can monitor, intercept, and alter electronic devices on an industrial scale even if the owners of these devices are not suspected of a crime. [5]
  • Worldwide – While fingerprint scans and digital photographs are captured in many airports today, biometric trials are being conducted to replace boarding passes and passports with face scans.

“If you’ve got nothing to hide, you’ve got nothing to fear.”

  • Data can be stored indefinitely, making it easier to prosecute people for minor crimes (notes from your psychiatrist mentioning drug use or being a member of the LGBT community).
  • For some people, their privacy is literally a matter of life and death. Victims of rape and HIV afflicted patients in certain countries don’t seek treatment as they will be stigmatized by their families, arrested or killed. Without the ability to use a pseudonym, patients will refuse life-saving treatment.
  • United States requires visa applicants to provide social media accounts, telephone numbers, and email addresses used in the past 5 years. A tweet or comment can be taken out of context to deny you a visa. Lying on your application can lead to deportation, revocation of citizenship, or jail. [6]

  • Authoritarian governments have a vested interest in targeting journalists. China demonstrated its powerful facial recognition technology to find a BBC journalist in a crowd in under 7 minutes. [7] Attacks on the free press are not restricted to distant regimes. In February 2019 here in the United States, FBI, ICE and CBP coordinated and compiled a database on several journalists working on the US border to target and harass them. [8]

  • Others – Domestic abuse victims, oppressed minorities, attorneys and their clients, journalists and their sources, individuals in witness protection, children/teens, spies etc.

Unlike passwords, biometric identifiers are permanent and unchangeable. Identifiers like face or gait can be captured without your consent or knowledge.

Biometric technology can be used to track people in the real world in real time. Your face can be tied to your medical history, financial status, online activity, and political opinions. This information can be stored in a searchable and sharable database, indefinitely. With weak legal protections this information can be used to target ads or silence dissidents.

1. We can take many measures to protect our digital identity. Are there any countermeasures against biometric identification?

2. How can we avoid linking sensitive personal information to our biometric identity?