Articles

    No Identification Without Representation: Constraints on the Use of Biometric Identification Systems

    The tourist hoping to use her credit card in any part of the globe, the asylum seeker hoping to access social benefits in her host country, the banker hoping to move money from one stock market to another in real time—all have the same need. They must prove their identities and be certain of others’. Traditional means of proving identities are not dependable enough in most parts of the world and hence unfit for global digital networks. In this context, biometrics appears to offer a viable technological solution. However, the technology itself is subject to popular critique, warning of dystopian futures of overwhelming surveillance and loss of privacy.

     

    By: Emilio Mordini, Andrew P. Rebera

    Article first published online: 19 JAN 2012 DOI: 10.1111/j.1541-1338.2011.00535.x

    Abstract

    The human species is again becoming nomadic. Each year, about two billion persons move across large geographic distances (not to mention people in “virtual mobility” through information and communication technology). Many of these people have weak or unreliable identification documents—and many poorer people in developing countries do not even have these documents. In 2000, the United Nations Children’s Fund (UNICEF) calculated that 50 million babies (41% of births worldwide) were not registered at birth. In this scenario, a personal identification scheme based on birth registration and state-issued passports is less and less tenable. Biometrics appears to offer a viable technological solution. However, the technology itself is subject to popular critique, warning of dystopian futures of overwhelming surveillance and loss of privacy. The best answer to those who fear an Orwellian future is to engage with the technology and seek to ensure that biometric identification systems are developed in positive ways. We suggest that identification schemes become problematic when the reciprocity of identification goes unnoticed, forgotten, or (what is worse) is intentionally bypassed. The dynamics of identification should be reciprocal, dialogical, and involving mutual recognition. In the traditional political domain, this is the recognition by the state of a citizen and by the citizen of the state. In the digital age, identification systems must increasingly transcend geopolitical borders. A globally recognized identification scheme is therefore a necessity. However, it is merely the nature of the borders that has changed here—not the nature of identification. Our call will be: no identification without representation.

    1. Introduction

    The development of methods for establishing, communicating, and authenticating the identity of individuals has been driven by a number of factors, not least the desire of governments to efficiently exercise power over their subjects. No doubt this was spurred by the development of concepts of the state, the individual, the citizen (and so forth). The modern state presupposes, in addition to technologies of identification, the “creation of a [. . .] people open to the scrutiny of officialdom” (Caplan & Torpey, 2001, p. 1).

    That the need for reliable methods of identification arose at all is presumably connected with the birth of the first urban societies during the so-called “Neolithic Revolution” (Childe, 1950). At this point, the human species, hitherto nomadic, began to settle down (so to speak). Societies developed robust geographical roots, population densities increased, and social hierarchies developed. Growing societal complexity, alongside developments in artisanship and intrasocietal and intersocietal trade, would have made the identification of the trustworthy—as well as the detection of the untrustworthy—increasingly vital to the normal functioning of these early societies.

    Of course it remains true that the major interventions of the state into the lives of its subjects—e.g., taxation, conscription, and the administration of authority/justice—need not proceed at the level of the individual. The necessity for individual identification is less severe when taxes, conscription, and so on are imposed collectively (Caplan & Torpey, 2001, p. 1). Specific individual identification has been more closely tied up with mass literacy and increased state bureaucracy (Goody, 1986). The Roman Empire, which was the first cosmopolitan society in the West, provided the first example of a universal identification system through a tripartite codified name scheme. In Europe during the Middle Ages, individuals were chiefly identified through passes and safe conducts issued by religious and civil authorities. Seals and handwriting mainly enforced the authenticity of these documents. The Modern era, which saw increased mobility associated with urbanization and industrialization, required more effective recognition schemes. These were administered by nation states. Indeed, the development of more robust identification schemes has to some extent progressed in parallel with the development of post-Westphalian polities, marking the passage from feudal to industrial society. Thus, as Valentin Groebner (2001, p. 16) notes: “by the beginning of the eighteenth century, the failure to carry [documents of origin and identity] while travelling was already an offense that could attract considerable penalties.”

    After World War I, most European countries introduced systems of identity cards, incorporating facial photography (and, in some cases, also fingerprinting), as a tool for identifying people within their state borders. Yet even in countries where identity cards did not become mandatory, a new powerful driver for personal identification emerged: the need to identify and authenticate people entitled to receive social benefits. The welfare state, which first emerged in Northern Europe after World War II, is based on the provision of services via redistributionist taxation. Taxation and welfare provision both rely on robust and reliable systems of personal identification.

    Following the agricultural, industrial, and welfare revolutions, we are now on the verge of a new epochal transition. The human species is again becoming nomadic. Each year, about two billion persons move across large geographic distances (not to mention people in “virtual mobility” through information and communication technology); approximately half cross international boundaries. The International Air Transport Association reported that their members carried 1.6 billion passengers in 2007, among which 699 million flew internationally (International Air Transportation Association, 2010). The United Nations World Tourism Organization (2009) estimated 924 million international tourist arrivals in 2008. International movements for permanent resettlement by immigrants, refugees, or asylum seekers, and temporary movement by migrant workers and others augment the total international movements each year. The International Labour Organization stated that in 2004, an estimated 175 million persons (3% of the world’s population) lived permanently outside their country of birth and that there were 81 million migrant workers (excluding refugees) globally (International Labour Organization, 2004).

    Globalization has been characterized by the development of technologies dramatically transcending national control and regulation. This is not without consequence for traditional identification schemes. The globalized world is confronted with a huge mass of people with weak or absent identities. Most developing countries have weak or and unreliable documents—and many poorer people in these countries do not even have these documents. In 2000, UNICEF calculated that 50 million babies (41% of births worldwide) were not registered at birth. In Pakistan, Bangladesh, and Nepal, child registration at birth is not even mandatory. In this scenario, a personal identification scheme based on birth registration and state-issued passports is less and less tenable.

    The tourist hoping to use her credit card in any part of the globe, the asylum seeker hoping to access social benefits in her host country, the banker hoping to move money from one stock market to another in real time—all have the same need. They must prove their identities and be certain of others’. Traditional means of proving identities are not dependable enough in most parts of the world and hence unfit for global digital networks. In this context, biometrics appears to offer a viable technological solution. However, the technology itself is subject to popular critique, warning of dystopian futures of overwhelming surveillance and loss of privacy.

    For better or worse, biometric technologies are, it would seem, here to stay. The best answer to those who fear an Orwellian future is not merely to provide optimistic reassurances (which rarely reassure anyone) but rather to engage with the technology and seek to ensure that biometric identification systems are developed in positive ways. Our aim in this article is to articulate the positive potential of biometric identification schemes.

    Orwellian fears are not unjustified, as we shall discuss. However, we will suggest that identification schemes become problematic when the reciprocity of identification goes unnoticed, forgotten, or (what is worse) is intentionally bypassed. The dynamics of identification should be reciprocal, dialogical, and involving mutual recognition. In the traditional political domain, this is the recognition by the state of a citizen and by the citizen of the state. In the digital age, identification systems must increasingly transcend geopolitical borders. A globally recognized identification scheme is therefore a necessity. However, it is merely the nature of the borders that has changed here, not the nature of identification. In this article, we will set out a framework for a system of identification. We begin in the following section by considering some objections to biometric identification systems. We will argue that where the objections are reasonable, this is not specifically attributable to the use of biometrics. We then (section 3) offer a partial defense of biometrics as a desirable candidate for a global identification system in the digital age. We do so by diagnosing the cause of the undesirable consequences associated with biometrics, discussed in section 2. Having identified the root problem, we conclude by proposing a guiding principle for the implementation of a global biometric identification system: no identification without representation.

    2. Biometric Identification

    Let us suppose that there is a group—relatively small in number—who would prefer that biometric systems of identification were not employed—that the technology had not been developed, or that other less intrusive forms of identification were more robustly suited to the digital age. For the sake of having a name, call this group “the anti-biometrics camp.” (We are speaking hypothetically here but it is not unreasonable to suppose that such a group exists.1) The anti-biometrics camp calls for the outlawing of biometric identification systems, or at least for such severe restrictions as to amount to a de facto outlawing of the technology. We will consider two arguments in the anti-biometrics camp’s arsenal: (i) that the technology is inherently demeaning and (ii) that the technology is a tool of the “surveillance society.”2

    (i) Biometrics is Inherently Demeaning

    “To identify” is a transitive verb. Correspondingly, the activity of identifying is relational: A identifies B, or, in the present case, Abiometrically identifies B. The question then, is what in this particular relational structure demeans B?

    Standard means of gathering biometric data include: fingerprinting, facial scans, iris scans, voice recognition, hand vein recognition, gait analysis, keystroke pattern, and so on. Some of these means, it should be noted, are—if not inherently demeaning—at least conventionally associated with negative connotations. Fingerprinting is a clear example, being primarily associated with criminality (at least in some cultural areas). Furthermore, it is not unreasonable to suppose that most other biometrics—indeed the domain in general—are largely bound up in the popular imagination with criminality and crime detection. This is witnessed by the popularity of television shows centering on forensic pathology and criminology (e.g., CSI in the United States, or Silent Witness in the United Kingdom); while historically speaking, the associations trace back to the pioneers of anthropometrics such as Francis Galton (1822–1911) in the United Kingdom and Alphonse Bertillon (1853–1914) in France.3

    In this respect, biometrics has something of an image problem. The problem is only deepened by high-profile examples in which biometrics plays a role—though it should be noted, for this is indicative of the extent of the image problem, that in many of these cases biometrics is incidental to the story.4 In a well-known case, Italian philosopher Georgio Agamben refused to enter the United States in protest at the United States Visitor and Immigrant Status Indicator (US-VISIT) program’s requirement for visitors to be fingerprinted and photographed (Agamben, 2008). In other cases too, U.S. immigration officials have been accused of heavy-handedness. In May 2011, 2000 elderly cruise passengers were fingerprinted and had retina scans during a 7-hour security check (Bloxham & Bingham, 2011); while Amir Khan, boxing’s IBF and WBA World Light Welterweight Champion, has complained of profiling and extensive security checks upon entering and re-entering the United States (Davies, 2011). Similarly, the use of biometrics was reported in connection with the recent controversy concerning the French government and the Roma community (Fraser, 2010). The biometrics connection was that the French authorities recorded biometric details of Roma migrants prior to repatriation. However, the primary newsworthy issue was not the use of biometrics but the alleged profiling of Roma communities, in apparent contravention of the European Union Charter of Fundamental Rights (BBC News, 2010a).

    In only one of these cases (Agamben’s) is there any real suggestion that biometric technologies are themselves inherently demeaning. What is demeaning in the other cases is the way in which individuals are treated by the authorities. In the Agamben case, it is claimed that the gathering of biometric data is a form of bio-political tattooing, akin to the tattooing of Jews during the Holocaust. The implications of that association, if sound, are of course horrific. However, it is not entirely clear what Agamben’s argument really is. We will be brief as this is not the place (and even if it were, we have not the space) for detailed discussion. The difficulty is this. Agamben writes:

    The problem [. . .] concerns the juridical-political status (it would be simpler, perhaps, to say bio-political) of citizens of the so-called democratic states where we live. [. . .] There has been an attempt the last few years to convince us to accept as the humane and normal dimensions of our existence, practices of control that had always been properly considered inhumane and exceptional. (2008, p. 201)

    However, in and of itself, biometric identification is not obviously inhumane or exceptional. At root, biometric identification is nothing more than the identification of an individual by way of their physical or behavioral traits. This is something that we all do every day in normal interactions with our fellows. Here Agamben would probably argue that the body features that we use in everyday life to identify our fellows are biographical signs, embodied languages, “hot” media, which tell the biography of the subject. This is the case with human faces, body gestures, voices, odors, even wrinkles and scars, which are signatures of time on our skin. Biometrics are instead artificial signatures mechanically extracted from our bodies by impersonal technologies. They are “cool” media, which speak of our biology rather than our biography, so depersonalizing the subject. Biometrics—or so Agamben would argue—turn the persona into a bare body that becomessoma, as per the original meaning of this word in ancient Greek (roughly: corpse). However, Agamben would be wrong in two respects. First, the current trend in biometrics is to use more and more “hot” bodily features like face dynamics, gestures, behavioral traits, and so on. Second, the very notion of “bare body” is misleading. Human bodies are never pure bodies, they are always languages that tell stories: even the more remote physical features, even DNA, tell us much more than biological details, as is well illustrated by the huge amount of personal and medical information that can be elicited by any biometric signature (Mordini & Massari, 2008). Hence, it would seem that biometric identification is only inherently demeaning if normal interpersonal relationships are inherently demeaning—and while interpersonal relations can be demeaning, in the vast majority of cases, they are quite the opposite.

    There is certainly some truth in what Agamben says, although we would suggest that he has mislocated it. As he says, this is a problem of juridical-political status—of bio-power relations; however, the core problem is not of biometrics. We can explore this by considering a response one might offer on behalf of the anti-biometrics camp. The analogy between identification in the sphere of interpersonal relationships and biometric identification is, the response goes, fundamentally flawed. True, normal interpersonal relationships are not demeaning, but then again one’s relationship to biometric identification devices—say, fingerprint scanners—is not interpersonal: fingerprint scanners are not persons, and our relations to them are not analogous to our relations to people. This is an important point with which we entirely agree.

    Notice however that it does not support Agamben’s position. Agamben evokes Foucault, alluding to “a new bio-political era” (Agamben, 2008, p. 201). Foucault had articulated biopower as a “set of mechanisms through which the basic biological features of the human species became the object of a political strategy, of a general strategy of power” (Foucault, 2009, p. 1). However, he also pointed out that his analysis of the mechanisms of power involved, inter alia, investigating “between whom” (Foucault, 2009, p. 2) power is applied—that is to say (although Foucault may not have put it this way) that the power relations here are, in the final analysis, personal.5 So what is objectionable about U.S. immigration procedure is not, pace Agamben, the use of biometrics per se; rather, it is the way that they are deployed as an arbiter and medium of interpersonal relations.

    (ii) Biometrics as a Tool of the “Surveillance Society”

    Just as it would be wrong to suppose that biometric identification is in itself demeaning, so it would be wrong to suppose that biometric identification systems are inevitably geared toward surveillance. Or rather, it would be wrong to suppose that they are any more inevitably geared toward surveillance than are other forms of identification (any means of identification—biometrics, passports, proper names—can be used to keep track of an individual). However, the concerns regarding surveillance are perhaps more tangible than those discussed above, for the signs of surveillance are, in a physical sense, all around us.

    The iconic technology of the surveillance society is probably the closed-circuit TV camera. Popular statistical folklore has it that there is one CCTV camera for every 14 British citizens and that the average Briton is caught on CCTV 300 times a day.6 In combination with CCTV, biometric identification technologies open the door to an enormous potential for surveillance. Facial recognition technology is the obvious candidate here, although recent work on identification by gait pattern has great potential too. As surveillance—spurred mainly by developments in biometrics—becomes increasingly automated, it inevitably becomes less and less focused. That is to say, we are not now dealing solely with the surveillance of antecedently identified suspects, but with the mass surveillance of society with the aim of identifying the suspicious among us. As an illustration of the dangers here, consider the use of search warrants. If authorities wish to search someone’s property, they need a warrant, which will, if all is working well, be issued only if sufficient evidentiary justification of reasonable suspicion can be produced. However, compare the surveillance of the 2001 Super Bowl. This measure identified, from a crowd of 100,000, just 19 individuals with criminal records. To have a criminal record is not a crime. And in a civilized country, to have a criminal record could not be considered sufficient evidentiary justification of reasonable suspicion that one might commit some (unspecified) crime. There is, it would seem, cause for concern here.

    In the West, the United Kingdom and the United States have particularly poor records in this regard. In 2007, Privacy International rated the United Kingdom the worst performing European Union (EU) state in terms of privacy protection and surveillance, categorizing it alongside the United States, China, and Russia as “endemic surveillance societies” (Privacy International, 2007). The dangers have not gone unrecognized. In its response to the House of Commons’ Home Affairs Committee’s report, “A Surveillance Society” (Home Affairs Committee, 2008), the UK Government articulated a number of commitments to increase data minimization and protection and to ensure balance, responsibility, and transparency in the employment of surveillance technologies (Secretary of State for the Home Department, 2008). This was a welcome pronouncement in the light of Privacy International’s findings. (By 2010, the United Kingdom’s ranking had been downgraded from “endemic” to merely “extensive” surveillance [Privacy International, 2010]. This is better but still not good.)

    Orwellian fears of all-pervasive surveillance are exacerbated by a number of factors. As mentioned above, developments in biometric technologies mean that identification can increasingly take place at a distance, via gait, for example (BBC News, 2010b). Second, biometrics and surveillance are increasingly commercial domains and, through public–private interaction, this can give rise to the impression that responsibility for good practice is passed from directly elected, and hence accountable, public officials, to businessmen and executives, whose primary goals are not best practice but profit, and whose responsibilities are to shareholders first, citizens second. (Note that this is not an objection to commercialization or the private sector in general; we merely note that different structures of accountability apply in the public and private sectors.) A further concern is with the speed with which new surveillance technologies are implemented—the worry being that insufficient consultation takes place. Examples include the case of the Visionics Corporation, which offered their facial recognition systems to the Tampa Police Department for a year free of charge “in an effort to build a market among municipalities,” prompting the American Civil Liberties Union of Florida to comment that “This is yet another example of technology outpacing the protection of people’s civil liberties” (Canedy, 2001). While in the United Kingdom, biometrics and CCTV in schools have been a cause of consternation. The Guardian, to give just one example, recently carried a story reporting various problematic cases of CCTV in schools (not only in classrooms but also in the bathrooms). A teachers’ union officer is reported to have commented: “There are lots of schools that install CCTV and don’t know the rules—and the companies who supply it don’t feel the need to tell them” (Harris, 2011).

    Whatever may be the facts of the cases mentioned above, the fears are real. And the retort that if you have nothing to hide you have nothing to fear does not hold water. Privacy, secrecy, and freedom from surveillance have no necessary connection with shame or wrongdoing (Bok, 1989). Moreover, as the example of Brandon Mayfield (who was wrongly connected to the 2004 Madrid bombings on the basis of a false-positive fingerprint match) attests, it may well happen that you have nothing to hide but everything to fear; Mayfield was arrested, imprisoned, and claims to have been threatened with the death penalty. Eventually the U.S. government agreed to compensate him to the tune of $2 million (Eggen, 2006).

    Fears of a surveillance society are not, then, unjustified. However, to reiterate, as with the objection in section (i), there is no necessaryconnection between biometrics and surveillance. The anti-biometrics camp is, we argue, misguided. Their position is vulnerable to two telling objections. First, in practical terms, their proposal is extremely unrealistic. The biometrics industry is well established: it has gained much support at governmental level (if not at public level), and although the technology is not flawless, it is advancing rapidly and appears to be the most likely candidate for a global identification system in the digital age. Second, the anti-biometrics camp misconstrues the conceptual link between biometrics and the potential undesirable consequences (individuals being demeaned and subject to surveillance) mentioned above. The source of the trouble is not, we will claim, biometric identification systems themselves but the way in which they are implemented.

    3. Biometric Identification as a Reciprocal Relation

    In this section, we make a partial defense of biometrics as a desirable candidate for a global identification system in the digital age, diagnosing the cause of the undesirable consequences associated with biometrics, as discussed above. Having identified the root problem, we will conclude by proposing a guiding principle for the implementation of a global identification system based on biometrics:no identification without representation.

    Are biometric identification schemes desirable? We think they can be, if suitably regulated. As described above, biometrics can lead to bad outcomes. However, that does not seem to be a solid reason for opposing them. Consider the following analogy (or rather:disanalogy). The anti-biometrics camp associates biometrics with a number of undesirable consequences and argues that since the consequences are so undesirable, the benefits of biometrics do not outweigh the risks: therefore, biometrics should be outlawed. Compare the controversy in the United States over the Second Amendment right to bear arms.

    “Guns don’t kill people, people kill people,” or so the bumper sticker goes. There is a clear—but limited—sense in which this is obviously true: guns do not normally kill people unless somebody pulls the trigger (and notice that we do not normally punish the gun). However, as the comedian Eddie Izzard notes, “If you just stood there and yelled BANG, I don’t think you’d kill too many people” (Izzard, Jordan, & Swanson, 2004). When somebody is shot, the gun obviously plays a rather important role: they would not have been shot without it. To oppose restrictions on gun ownership on the basis that guns do not kill people, people kill people, is plainly wrongheaded. Other things being equal, the fewer guns at large, the less likely one is to be a victim of gun crime. Indeed, it is trivially true that if there were no guns—if Mr. Gunpowder had never invented the stuff—there would be no gun crime. Hence, it would seem, abstracting from complexities, that there is a prima facie case to be made for banning guns.7 It is alas true that even if there were no gun crime, there would still be crime and people would still get murdered. However, if there are fewer murders—even just one fewer—that is definitely a good thing.

    An evangelical biometrician might adorn her bumper with a sticker reading “biometrics don’t identify people, people identify people” (it is not so catchy as its cousin, but zealotry sees past such trifles). Will the Izzard response work here? It is true that if contemporary automated biometric identification systems did not exist, less identification would occur (for one of the claims of biometrics is that it provides a potential mode of identity management to those who currently have no identity documents at all). So in the absence of biometrics, there would, trivially, be no biometric identification and there would very likely be less identification overall. However, while lowering the murder rate is highly desirable, lowering the identification rate is not desirable. In the developed world, most of us do not want to be without identity management. We need secure identification systems in order to travel, to communicate and transact across the internet, and to claim welfare or tax-relief. We do not want no identification, we simply want a more reliable, less objectionable system than we have at present. And in the developing world, people with weak identity documents need robust alternatives. Thus, the point of this dis-analogy between guns and biometrics is that while shooting people is inherently undesirable, identifying people is not.8

    If we accept that identification is desirable and that biometrics are neither inherently demeaning, nor any more geared toward surveillance than other identification systems, it behooves us to investigate biometric identification more carefully. What positives can it bring?

    The advantages of biometric identification systems are a function of limitations of more traditional schemes. Mariana Muzzi (2010, p. 2) reports that “Around 51 million births go unregistered every year in developing countries, which translates to one in three children globally.” Recording the identity of these children is important: “Children whose births are not registered at birth are not able to claim the services and protection to which they have a right on a full and equal basis with children who are registered at birth” (Muzzi, 2010, p. 3). That is, one needs to establish one’s identity in order to claim and secure access to one’s rights. This is also the rhetoric behind India’s Unique Identification Number scheme (although what the reality is apart from the rhetoric is a matter of dispute—see, e.g., Ramakumar [2010]). Moreover, it is, to some extent, borne out by the transfer of welfare and entitlements direct to individuals in a large number of African counties (Devarajan & Giugale, 2011Gelb & Decker, 2012)—such services being made cheaper and more secure by biometric means.

    In such cases as these, we observe a reciprocal relation between identifier and identified. Schematically, we may put the point like this. “Aidentifies B,” but within this relational structure is the potential for reciprocity: A‘s identification of B can imply B‘s acknowledgement of A. This reciprocity is not essential. For example, if A is a geologist and B a fossil, the fossil does not acknowledge the geologist. However, where there is agency on the parts of both A and B, the relational structure “A identifies B” can imply reciprocity. Our claim is that “Aidentifies B” not only can imply reciprocity but should imply reciprocity. Let us try to be a little more specific. What exactly do we mean by “reciprocity?”

    (i) Symmetry

    By the reciprocity of identification we mean to imply a certain symmetry: if A identifies BA should also be identified to B. This is a sort of exchange of information, but it grounds only a weak symmetry since no specifics as to the balance of information are implied. A may demand from B more—or at any rate different—information than A divulges. The rights and wrongs of the balance here will depend on circumstances.

    (ii) Bestowal and Acknowledgment of Rights

    In identifying BA must bestow rights upon B, of which B is aware (or of which she can reasonably be expected to come to be aware).9 The system of registering children at birth is a fine example of this imperative. The child is registered and in that very act is documented as a bearer of rights. The provision of birth certificates may be thought of as the initial bestowal of rights. Subsequent identification transactions between A and B cannot, in general, be thought of as bestowing rights (although some may: e.g., A‘s issuing B a driving license could be thought of as A bestowing the legal right to drive—identifying B as a legal driver). However, these subsequent transactions may be thought of as A‘s acknowledging (explicitly or implicitly) the rights previously bestowed upon B (alternatively they might be thought of as premised upon A‘s earlier bestowal of rights upon B10).

    (iii) Transparency

    In normal circumstances, formal identification—i.e., identification by governments, commercial operations, and others—should be transparent. That is to say, it should be clear to B that they are being identified by A. The demands of transparency may depend on circumstances. For instance, if a border control agent asks for your passport, you do not normally ask them for proof of their identity and position—their identity and position are sufficiently clear in the context (they have the uniform, they are sitting in the booth at the airport, and so on). Or again, a store using CCTV to identify shoplifters need not be so transparent as to ask each customer to sign an informed consent form. However, they should, for example, display signs informing customers that they are being recorded. What level of transparency is appropriate to different contexts is a difficult issue which we have no intention of addressing here. We make the point in rather vague terms: identification should be tolerably transparent, given the circumstances.

    Certainly, there is more to be said here. However, for present purposes, the above should suffice. In short, we argue that, at a minimum, the process of identification should: (i) be symmetrical; (ii) involve the bestowal upon, and acknowledgement of, the rights of the identified; and (iii) be transparent and open to the identified.

    We conclude by looking at three problematic applications of biometric identification technologies. In each there is something objectionable. We will argue that what is objectionable is attributable to the failure to satisfy the reciprocity of identification.

    Case 1: The Surveillance Society— Above, we identified a number of concerns regarding ubiquitous surveillance in a biometric future. The extent of CCTV coverage in public places is one cause for concern. However, the fact that you are often on film is not, in and of itself, any more objectionable than the fact that other people often observe you. Moreover, the fact that data regarding your whereabouts can be retrieved many years later is not, in and of itself, objectionable (if we were more observant and had better memories, the same data would be retrievable by testimony). Rather, what is objectionable about the profusion of CCTV cameras in public places is that, first, one does not know who is identifying one (although one knows that it is a formal identification—i.e., that it is a government or commercial agency, and so the situation is quite unlike being observed by a passerby in the street); second, it is not always apparent where the cameras are, so that one is not necessarily aware that one is under observation. These two problems are, respectively, failures to honor (i), the symmetry requirement, and (iii), the transparency requirement.

    Similarly, the increased administration of surveillance by the private sector can be understood as objectionable in virtue of a failure to respect requirements (i) and (ii). Do the students in classrooms observed by cameras know which company is recording their images? If not, symmetry is not respected (or at least the symmetry is too weak given the context). Moreover, it will tend to be the case that if requirement (i) is not sufficiently well respected, requirement (ii) will not be either. Do private companies bestow any rights upon the students they identify? No.

    To continue with the example of cameras in schools, one may object that the identification transactions do not involve the private companies. The private companies merely facilitate a transaction between the school and its students. If so, the use of CCTV in classrooms is, in some respects, less objectionable. Indeed, it is less objectionable to the extent that the situation is more in accord with requirements (i)–(iii).11

    Finally, the concern that surveillance technologies are implemented too quickly, in advance of detailed consultation, may be understood as the concern that there is insufficient understanding of whether the administration of the new technology complies with requirements (i)–(iii). If the employment of new technology outstrips consultation as to its merits and demerits, the framework imposed by requirements (i)–(iii) cannot be guaranteed.

    Case 2: The Afghan Villager— The New York Times reports that information on 1.5 million Afghans and 2.2 million Iraqis is now held in databases administered by U.S., NATO, and local forces (Shanker, 2011). In general, military–civilian identification transactions are liable to be problematic. This is evidenced by the prima facie double standards reported in the story: “While the systems [employed in Afghanistan and Iraq] are attractive to American law enforcement agencies, there is serious legal and political opposition to imposing routine collection on American citizens” (Shanker, 2011). We do not wish to comment on the specifics of the Afghan or Iraqi cases but speak, rather, about identification transactions between military forces and civilians in general, taking as inspiration the arresting image that accompanies the New York Times‘ article.

    The photograph shows an aged, grey-bearded Afghan villager having his iris scanned. His right eye is shut, while the left is held open by the gloved hand of an American soldier. There are three soldiers in the picture: one holds the eye open, one holds the camera capturing the iris scan, and the other holds his hand above the villager’s forehead for shade. This shading hand is the only American flesh we see, all else is khaki, and we see no faces. It seems somehow significant that the uncovered hand casts a shadow not for the benefit of the villager, but in order that the iris camera is not “blinded” by the sunlight. It is a poignant image. What makes it so striking is the imbalance it portrays: they are soldiers, he is a civilian; they are three, he is one; his one eye is shut, the other held open.

    Leaving aside the politics of the war in Afghanistan, as well as the particulars of the actual facts depicted in the photograph, this image—as a symbolic evocation—can only sound warning bells to those who are wary of biometrics. They will view it, not unreasonably, as a representation of the individual utterly overcome by faceless forces he is powerless to resist. Viewed in this way, what is objectionable about the image can be understood in terms of requirements (i)–(iii). First, this identification transaction is not symmetrical: the soldiers in the photo appear as anonymous.12 Second, the military cannot normally (in democratic societies at least) bestow rights upon individuals. Hence, requirement (ii) is not met.13 Third, it is entirely possible that military personnel operating overseas do not speak the local language. If so, it is not difficult to see how requirement (iii) might fail to be met. How can you explain to someone that they are being enrolled in a biometric database for whatever purpose, if you share no languages?14

    The image of the Afghan villager is startling and, from a certain perspective, disturbing. What is disturbing about it is, we claim, that it is easy to read the story of the picture as if it involved the violation of the three requirements of the reciprocity of identification as described above.

    Case 3: Bio-Political Tattooing— Recall that Agamben claims that the biometric enrollment required by the US-VISIT program is part of an attempt “to convince us to accept as the humane and normal dimensions of our existence, practices of control that had always been properly considered inhumane and exceptional” (Agamben, 2008, p. 201). We suggested that, in and of itself, biometric identification is neither inhumane nor exceptional. Rather, what is objectionable about U.S. immigration procedure is the manner in which it functions as an arbiter and medium of interpersonal relations. We are now in a position to make this a little clearer, with reference to requirements (i)–(iii).

    Transparency does not appear to be an issue here. The procedures required as a condition of entry were sufficiently transparent that Agamben could consider them, judge them unreasonable, and decline to enter (although of course it is inconvenient not to enter a country having crossed the Atlantic to reach it). One could also make a case that symmetry is respected. The heart of the problem is requirement (ii), the bestowal and acknowledgment of rights.

    Agamben is correct that there is something exceptional about the US-VISIT program. In broad terms, US-VISIT is simply an identification scheme: visitors must have their identities recorded upon entry. That is not exceptional: travel to almost any country and you will be identified as you cross the border. What is exceptional—what is not common to all border crossings—is that US-VISIT is not satisfied with the standard identity documents issued by other states but wishes to enrol individuals in a database wholly unconnected with their home state. This is an additional identification transaction, distinct from the presentation of a passport or visa. (We acknowledge of course that the United States is not the only state to request additional documentation or information to enter.) As such, if we are correct that identification should be governed by reciprocity as per requirements (i)–(iii), one ought to have some rights bestowed or acknowledged in the course of this additional identification transaction. But what rights does the entrant receive? She receives the privilege of entering the United States and enjoys the protection of the laws. However, that is something that, in pre-US-VISIT times, she would have received by virtue of the standard passport-based identification transaction; and (mutatis mutandis) it is something she still receives in most other countries by virtue of nothing more than a passport-based identification transaction. In this way, requirement (ii) is not met in the case of the additional biometric identification transaction that US-VISIT demands. However, pace Agamben, what is objectionableabout the additional biometric identification transaction is a failure of reciprocity—not anything specifically to do with biometric identification itself.

    In insisting that the relational structure of identification be understood as reciprocal—i.e., that it involve symmetry adequate to the context; that it involve the bestowal upon, or acknowledgment of, rights of the identified individual; and that it be transparent—we are, in effect, insisting that identification be tightly bound to recognition of rights. If A may legitimately demand identifying data of BA must acknowledge the rights of BA owes something to B, which B may legitimately demand.

    To speak in such terms is, of course, somewhat theoretical. In slightly more practical terms, our point can be made using the example of birth certificates. Registering births is a good thing because, as the child’s identity is registered, it becomes a bearer of rights; the child is, from the point of registration, hence, entitled to various protections by the state. However, as the statistics of birth registration attest, traditional means of identification are failing; and even where identification methods succeed, they are pressurized by the transition to the digital age. Biometric identification systems promise to be, from a technological point of view, adequate to the challenges of the digital age; and if they can be rolled out in accordance with the ideal of the reciprocity of identification, they will be a force for good. Rights will be protected because they will be enshrined in the very process of the state’s identification of its citizens. The state represents its citizens asbearers of rights. The power relations here may not be exactly equal, but they are at least reciprocal. Abuses of power arise where the reciprocity of identification falters.

    Civil liberty advocates should not be frightened if it happens—as it has (Giroday, 2010)—that the head of Interpol calls for a globally verifiable electronic identity card (e-ID) system for migrant workers. This is a challenge and an opportunity because a global system of electronic identification is ethically and politically tenable only if it is sided by a global system for claiming fundamental rights and civil liberties; and this becomes increasingly feasible as we can provide everybody with secure and reliable identification. You can tax people, or alternatively identify them, only provided that you give them a political representation. In other words, identification is legitimate as far as it becomes instrumental to the enforcement of their political and civil rights. Identification without civil liberties would be no less abusive than taxation without representation. This is a lesson that—in a time of “tea party protesters”—it is worth remembering.15

    Notes
    • 1 We intend no reference to any actual group of that name, should such exist.
    • 2 We do not discuss the other major concern, namely that the technology could be highly invasive of privacy and has the potential to reveal a huge amount of sensitive personal information regarding, say, health, background, lifestyle, and others. In this regard, there is some overlap with the issues discussed in section 2(ii).
    • 3 See, e.g., Kaluszynski (2001), Joseph (2001), as well as Project Bertillon athttp://www.criminocorpus.cnrs.fr/bertillon/enter_uk.html.
    • 4 In all cases bar the first of the following, biometrics is fairly obviously incidental. Even in the first (concerning Agamben) we feel that, ultimately, what is objectionable does not pertain to biometrics.
    • 5 We are here using the word “personal” (and cognates) in a very wide sense, according to which relations between the state and an individual may be described as personal.
    • 6 In the spirit of the (tongue in cheek) adage that 88.5% of statistics are made up, the veracity of these statistics is explored inAaronovitch (2009) and Channel 4 News (2008).
    • 7  There are of course a variety of issues at play in this controversy. Our point is merely that there is a prima facie case to be answered. Whether it can be answered and how is not a point of interest here.
    • 8  It is of course the case that if the primary goal of bearing arms is not to shoot people but, say, to shoot targets for sport, or to have something nice to hang above the mantelpiece, then we might construe the analogy differently. As mentioned in an earlier note, we are not really concerned with the rights and wrongs of gun ownership here.
    • 9  How strongly one reads “bestow” here is likely to depend upon one’s answers to antecedent questions in political philosophy. A certain variety of social contract theorist might suppose that the citizen is, in some sense, born of identification by the state; in which case bestowal here is more or less literal: the state creates the citizen as a bearer of rights. Alternatively, if one holds that rights accrue to the individual independently of the state, identification by the state will involve less of a bestowal and more of an acknowledgment of rights. Our use of “bestow” is not intended to prejudge any of these foundational matters in political ontology and philosophy.
    • 10  In the Kantian mode: the initial bestowal of rights serves as a condition of the possibility of all subsequent legitimate identification transactions between A and B, state and citizen.
    • 11  The use of CCTV in classes would still be objectionable on the grounds of data minimization. What need is there for cameras in classes? If it is for discipline, or for teacher-training, these ends could be met by less intrusive methods. We will not explore the issues.
    • 12  The soldiers appear in the photograph as anonymous. In reality they are (presumably) not, but have at least their names or numbers shown on their uniforms. Let us emphasize again that we are not discussing what or who is literally depicted in the photo, but its wider symbolic significance as an iconic image of the dark side of biometric identification transactions.
    • 13  Again, the facts in Afghanistan may be different, but we are not discussing Afghanistan.
    • 14  Once more: we are not discussing Afghanistan. Perhaps the actual soldiers in the photograph speak the villager’s language—perhaps he speaks theirs. Perhaps there has been a huge publicity campaign about the identification system.
    • 15  This work has been funded by two European Commission research grants, RISE—Rising panEuropean and International Awareness of Biometrics and Security Ethics (GA230389), and TABULA RASA—Trusted Biometrics under Spoofing Attacks (GA 257289).

    About the Authors

    Emilio Mordini is the founding director of the Centre for ScienceSociety and Citizenship in Rome, Italy. He was Professor of Bioethics in the Medical School of the University of Rome “La Sapienza” (1994–2005), and a member (1994–2000) and secretary (2000–2004) of the Bioethical Commission of the Italian National Research Council. Since 1992 he has served as a contractor in quite a number of European Commission (EC) funded projects. His current board participations include: the Biometric Sector Federation of the Italian Confederation of Education and Knowledge Companies; the Committee for Standardization in ICT Focus Group on Biometrics; and the EC expert group on “ethical and regulatory challenges to science and research policy at the global level.” His research interests include ethical and social implications of security technology policies, and the ethics and policy of biometrics and emerging identification technology. His main publications include Ageing and Invisibility (IOS Press, 2010, edited with P. de Hert), and Second Generation Biometrics: the Ethical and Social Context (Springer, 2011, edited with D. Tzovaras).

    Andrew P. Rebera (DPhil, University of Sussex) is a researcher at the Centre for ScienceSociety and Citizenship in Rome, Italy. His research interests include identity, privacy and data protection, surveillance and security, as well as philosophical issues in logic and metaphysics.

     

    References

    The Team

    Michael (Micha) Shafir

    Founded Pons Holdings (Technology Greenhouse) on March 2003 and PonsEye Medical Sciences LTD. on August 2003. 2000-2003 - MagniFire Co-Founder, CTO and Chief Architect. Founded MagniFire on August 2000 (F5 Networks has bought MagniFire WebSystems on June 2004 for $29 million in cash).

    Micha has over 20 years of networking and information security experience. Before founding MagniFire, he headed new product development at Radware Ltd. (NASDAQ: RDWR). At Radware Micha participated in and led the new technology definitions and implementations, working closely with resellers worldwide and established the company's support team. Prior to his work in Radware, Micha established the integration department and acted as its manager at Israel's largest networking company, Bynet Data Communication Ltd.

    Micha holds long patents attainments (Medical science, security, networking and communication).

Privacy Statement

PLEASE READ THIS PRIVACY STATEMENT CAREFULLY.

All materials, information, software, products, and services included in or available through this site (the "content") are provided "as is" and "as available" for your use. The content is provided without warranties of any kind, either express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

Innovya R&D Ltd have taken all reasonable steps to ensure the accuracy and completeness of the information on this website however, Innovya R&D Ltd do not warrant that the content is accurate, reliable or correct; that this site will be available at any particular time or location; that any defects or errors will be corrected; or that the content is free of viruses or other harmful components. Services described in these pages, prices referred to in these pages and the conditions under which any services or products are provided are subject to constant change and our beyond our control. Your use of this site is solely at your risk.

Innovya R&D Ltd accepts no liability for any injury loss or damage of whatsoever nature and howsoever arising in respect of any inaccurate, incomplete or misleading information or in respect of interrupted use of this website. Innovya R&D Ltd is not responsible or liable in respect of the contents of any pages linked to or referred to on this website, which are not part of the website.

Reference in this website to any commercial products, process or service by trade name, trade mark, manufacturer, service provider or otherwise, or reference to other websites does not constitute or imply endorsement or recommendation by Innovya R&D Ltd. Because some jurisdictions do not permit the exclusion of certain warranties, these exclusions may not apply to you.

The information and services on this website are provided subject to this disclaimer and to the terms and conditions governing use of the website.

If you find any incorrect information on this website please do not hesitate to Contact us with the details at Info@Innovya.com

Articles

No Identification Without Representation: Constraints on the Use of Biometric Identification Systems

The tourist hoping to use her credit card in any part of the globe, the asylum seeker hoping to access ...

More Than Facial Recognition – Tagging your friend in a Facebook photo – potential danger

Tagging your friend in a Facebook photo seems like harmless fun. But a new study from Carnegie Mellon University warns of ...

RSA SecurID Breach – Seed Record Threats

SECUROLOGY The following is a threat model that assumes the RSA SecurID seed records have been stolen by a sophisticated adversary, which ...

End of the Web As We Know It?

26 July 2011 by James Tulloch Mikko Hypponen, cybersecurity expert, speaks during TEDGlobal 2011 in Edinburgh, Scotland. "Stuxnet shows that the PLCs ...

Biometric – Anything You can Store – I Can Steal

Currently there is no single technology that can mitigate the weakest link in the security chain - End-User Authentication Biometric Collection ...

End of the Web As We Know It?

26 July 2011
by James Tulloch

Cybersecurity expert Mikko Hypponen / Credits: James Duncan Davidson / TED ConferencesMikko Hypponen, cybersecurity expert, speaks during TEDGlobal 2011 in Edinburgh, Scotland. “Stuxnet shows that the PLCs that control our entire infrastructure, everything that we rely on, can be infected.” (Source: James Duncan Davidson / TED Conferences)

Cybersecurity expert Mikko Hypponen, chief research officer at F-Secure Corporation in Finland, has some chilling warnings about the age of organized cybercrime and Stuxnet-style cyberwarfare. We tracked him down at TEDGlobal 2011 in Edinburgh.

You have tackled many computer virus outbreaks. Who or what are the biggest cyber threats today?
We can split attackers into three basic groups.

There are the hobbyists or hactivists like Anonymous or Lulzsec. They are not trying to make money, they are trying to send a political message, do it for fun or the challenge.

They are a problem but not nearly as bad a problem as organized criminal gangs who do all their attacks for money: they infect home computers, do banking Trojans to steal data, hack credit card details, hijack computers for ransom. They are the biggest threat to the normal end user.

The third problem is cyberwar or cybersabotage, things like the Stuxnet virus launched against a nuclear research centre in Iran, or countrywide denial of service attacks like we saw hitting Georgia and Estonia. These problems will be even more frequent in the future.

How do cybercriminals steal our sensitive data?
The most typical way to become a victim is to take a Windows computer and go online. Five years ago it was done through email, now it’s done through the web.

You might go to Google, click on a search result, and you’re infected. You don’t see anything happening, you can’t tell. They hack into high-profile websites like newspaper websites and insert some exploit codes and so you visit the site, read the news, and get infected.

Another way is to make a new, fake site from scratch, put lots of keywords there and so it ends up in the search results. There is no real content there but you go there and get infected.

Then there are key loggers. They sit silently on your computer and record everything that you type. Everything is saved and sent to the criminals. They are looking for online purchases when you type your name, address, credit card details and security codes.

How much is cybercrime costing us?
Nobody really knows. Nobody can calculate it reliably because the biggest losses come from denial of access to services, for which it is difficult to calculate the losses. You hear that cybercrime is bigger than the drug trade. I don’t believe that. It’s big, but it’s not that big. I believe it’s in the hundreds of millions of euros per year.

So what can we do to protect ourselves?
We have to stop blaming the user because most problems are not related to the user.

A trader in the Karachi stock exchange in Pakistan. / Credits: ReutersGlobal Risks 2011

Click on image to see Special

more

Of course the computer has to be vulnerable, which can be down to user error, but that gets very technical. Your Windows might be updated, but what about Quicktime, Flash and Java plug-ins or add-ons?

We have to move responsibility up to higher levels, to operating system manufacturers, to security companies like us, and to operators and Internet Service Providers (ISPs) that provide the connections.

What about governments or law enforcement authorities?
In the online world each individual crime is small but there are lots of lots of them, and victims all over world. It makes it a nightmare to investigate.

On the internet there are no borders, making every single online crime an international crime, beyond national jurisdictions. That means the sheer numbers of international crimes have exploded in the last ten years. Have the numbers of international law enforcement systems exploded in the last 10 years? No they haven’t.

We are proposing a new framework, like Interpol, focusing on online crime. All countries would promise to work together. So if country A is investigating a crime involving servers in countries B and C, those countries would be forced to help solve the crime.

So the internet needs to be more orderly than previously?
Yes, it does but we have to be very careful not to restrict the openness, creativity and freedom of speech we have on the internet, careful not to move towards a police state.

Mikko Hypponen at the TEDGlobal 2011: ”Fighting viruses, defending the net”

You say we risk losing everything if we don’t deal with cyber security. What do you mean?

When people learn about these security and privacy problems their first reaction is to never go online again. That’s perfectly human but it’s not the right reaction. We have crime in the real world. Yet people run businesses and walk the streets.

One thing we are missing from the online world which we have in the real world is police work. That is why we have to fight these security and privacy problems. We risk these criminals running rampant and taking away peoples’ trust. If people don’t trust the net they won’t use it.

We are already seeing some countries blocking ISPs from some regions so we risk turning the globalized internet back into nation states or islands of internet usage that don’t talk to each other.

Which brings us to cyberwarfare: why is Stuxnet such a revolutionary threat?
Stuxnet is unique. Yes, it infects computers but in addition it is capable of jumping from those computers to Programmable Logic Controller (PLC) boxes, in this Stuxnet’s case Siemens PLCs running Siemens’ own operating system. These PLCs operate all kinds of infrastructure, factories and systems.

Stuxnet infects the PLC and hopes that device is used in one specific target—in this case the Natanz nuclear enrichment processing plant in Iran. We believe it broke nuclear fuel enrichment centrifuges by turning them at the wrong speeds. But if it infects other PLCs that end up in a food processing plant then nothing will happen.

That is a targeted attack, a very difficult attack, and a very worrying attack.

What happens now that the Stuxnet genie is out of the bottle?
Let me tell you something worrying. Three months ago I went online and tried to find a copy of Stuxnet from public sources. It took me three minutes. Any other government or any extremist group could try to modify Stuxnet, it is right there.

It is the first of its kind, so far we’ve only seen one, but the worry is we will see more. Stuxnet shows that the PLCs that control our entire infrastructure, everything that we rely on, can be infected.

Immigration bill contains horrible biometric identities tracking database

Submitted by sosadmin on Fri, 05/10/2013 – 13:34

We’ve been warning for some time about the stealth creation of federal databases containing the biometric identifiers of millions of people, as well as the federal government’s use of state registry of motor vehicle databases as pools from which to harvest driver ID photos at will.

20130516-181754.jpg

But a proposal in the new bipartisan immigration bill makes even the FBI’s spooky Next Generation Identification database and its “Project Facemask” seem like 20th century card catalogues. Wired reports:

The immigration reform measure the Senate began debating yesterday would create a national biometric database of virtually every adult in the U.S., in what privacy groups fear could be the first step to a ubiquitous national identification system.

Buried in the more than 800 pages of the bipartisan legislation (.pdf) is language mandating the creation of the innocuously-named “photo tool,” a massive federal database administered by the Department of Homeland Security and containing names, ages, Social Security numbers and photographs of everyone in the country with a driver’s license or other state-issued photo ID.

Employers would be obliged to look up every new hire in the database to verify that they match their photo.

Sounds like an ambitious project that will likely cost a lot of money, and probably severely impact civil liberties.

But does face recognition even work? At present, not very well, even in highly controlled environments.

A Boston Globe report from 2011 found that face recognition software deployed at the Massachusetts Registry of Motor Vehicles misidentifies about 1,000 people per year, causing pretty substantial inconvenience for them. Multiple that figure by 50 and you’ve got a likely figure for misfires if such a system goes federal.

What’s the big deal, though? If the registry of motor vehicles denies you a license renewal for a couple weeks while you fix the errors, it’s a pain, though clearly not the worst thing in the world.

But what if the inconvenience became something much more serious? What if it meant you — or 50,000 other Americans each year — were denied employment and therefore lost your home to foreclosure, or fell behind on credit card bills and slumped into serious debt? Or worse, if the government started using this DHS biometric system for ‘security’ procedures, what if you were wrongfully arrested or even shot in a botched raid, a tragic case of mistaken identity?

In fact, advocates warn that, like the social security number, this tool could end up being used to track us in ways the creators of this supposedly ‘immigration-related’ system never intended.

Wired:

This piece of the Border Security, Economic Opportunity, and Immigration Modernization Act is aimed at curbing employment of undocumented immigrants. But privacy advocates fear the inevitable mission creep, ending with the proof of self being required at polling places, to rent a house, buy a gun, open a bank account, acquire credit, board a plane or even attend a sporting event or log on the internet. Think of it as a government version of Foursquare, with Big Brother cataloging every check-in.

“It starts to change the relationship between the citizen and state, you do have to get permission to do things,” said Chris Calabrese, a congressional lobbyist with the American Civil Liberties Union. “More fundamentally, it could be the start of keeping a record of all things.”

For now, the legislation allows the database to be used solely for employment purposes. But historically such limitations don’t last. The Social Security card, for example, was created to track your government retirement benefits. Now you need it to purchase health insurance.

An analyst at the Competitive Enterprise Institute told Wired that the proposed tracking system would be “like a national ID system without the card.”

No thanks.

The biometrics industry, meanwhile, is licking its chops. Analysts predict that the business will be worth $10 billion per year by 2018. The future beckons, and it’s looking more and more like Minority Report every day.