Biometrics then and now
Shachtman opened the discussion by pointing out that the use of biometrics for identification dates at least to 2,400 years ago, when the Chinese used hand prints and thumbprints on official documents. In the mid-19th century, the British East India Company used them to authenticate documents and track prisoners (in the aftermath of the Indigo Revolt, 1859-1861). The first use of fingerprints in modern criminal case, he said, occurred in in Brazil.
The US government has funded biometrics research from ear lobes to body odors as potentially unique, personal identifiers, many of which can be used from a distance. Some 31 states (including Texas, see Grits' discussion from 2004 here, here and here) use facial recognition with DMV photos. The Department of Justice has a database with fingerprints of 130 million people.
Biometrics have three characteristics which make them useful for identification: They are immutable, readily accessible, and individuating. Those characteristics, though are a source of both benefits and problems. Notably, while biometrics are individualized, your computer turns them into ones and zeroes, meaning they can be electronically captured. Biometrics data can be gathered from a distance in public settings on a mass scale and monitored continuously, telling more about a person than just their identity. It's one thing, said Schactman, to get a fingerprint or DNA swab upon arrest. But today telescopes can capture an iris scan from 1,000 meters away. Thus setting the stage, we turn to the panelists:
Game changer: Remote identification, 'multimodal' biometrics
- Move to multimodal biometrics. Pairing fingerprints with iris scans, DNA.
- Pairing of biographic information and biometrics.
- Interoperable databases
- Collapsing distinction between law enforcement, homeland security and national security.
Historically biometrics were used for immediate, one-to-one identification: Fingerprints identified someone booked into the jail, or an iris scan let them enter a secure corporate facility. But now many biometrics can be matched remotely and instead of one-to-one matching, can to one-to-many, potentially wiping out any remaining vestiges of privacy in public spaces. The dynamic of biometrics use is changing, said Donohue, along the following axes:
- One-to-one vs. one-to-many.
- Close up or at a distance
- Custodial detention vs. public spaces
- Notice or consent vs. none
- A one time, limited occurrence vs. continuous and ongoing manner.
Immigration enforcement driving interoperable government databases
NYU's Travis Hall discussed biometrics, interoperability and immigration reform, with a particular focus on the FBI and the Department of Homeland Security's "Secure Communities" program, where people arrested on state and local criminal charges are matched with federal immigration databases to check for immigration violators and people for whom a criminal offense might itself be an immigration violation under the terms of their visa. Defense Department and Department of Justice databases don't talk to each other, he said, but they communicate indirectly through the Department of Homeland Security. The United States has a "federated system," said Hall, with four main biometric databases that after 9/11 all began to share data directly or indirectly. Fingerprints from federal, state and local arrestees are uploaded to the FBI which sends them to DHS to check for immigration violators. That way, DOD and intelligence agencies end up with access to data from state and local law enforcement activities.
At first, Secure Communities was pitched to the states as an opt-in program and only 13 states signed up to be notified of immigration violators in their jails. Then, when Illinois and Boston tried to opt out, the feds said "no, you can't."
What's the problem? The lines between criminal and civil enforcement mechanisms are becoming blurred, said Hall. Immigration status is often not static but "fuzzy," making bright-line enforcement under Secure Communities problematic. This blurring of criminal and civil enforcement mechanisms could also have unforeseen consequences down the line in areas of law completely unrelated to immigration. (I found myself wishing he'd given more hypotheticals about what that might look like.) With the advent of mobile biometrics, immigration agents can perform fingerprinting and iris scans in the field that instantly connect up to all the above-mentioned federal databases. (See an EFF white paper by Jennifer Lynch on the conjunction of biometrics and immigration enforcement.)
The expansion of immigration-related biometrics may impact youth eligible under the DREAM Act (or the administrative equivalent announced last year by President Obama), which states that applicants must demonstrate "good moral character." Applicants go through background checks and must give up their biometrics in order to qualify for provisional status, a process that's resulted in an "entrenchment of surveillance tools." In order to be lenient on “the good guys,” he said, government needs surveillance on everyone to identify bad actors.
Facebook as Big Brother
In an earlier panel, 9th Circuit Presiding Judge Alex Kozinski pointed out that in the Katz case, in which SCOTUS first articulated the concept of a "reasonable expectation of privacy," the court based its interpretation of Mr. Katz's expectations in large part on the anachronistic fact that he closed the door to the wiretapped phone booth - an factor that appears quaint in the modern age of cell phones. Sen. al Franken's aide, Alvaro Redoya, said that today, "the phone booth door is very much open." He added that "the future is now," and "this is a big deal."
We shouldn't just be concerned about the Minority Report scenario where advertising is funneled to us based on remote identification, he said. Now your driver's license, passport and Facebook account are all connected to facial recognition applications.
Facebook is honing its facial recognition software through its tag suggestions program, which presently is active everywhere but Europe where privacy laws prevent its implementation. On the back end, Facebook makes a "faceprint" they can match like a fingerprint. When your friends upload pictures, they are prompted, "would you like to tag" the people in them. The company has rolled this out on an "opt out" basis, meaning they're gathering faceprint data unless you've specifically declined to participate. The average person has 53 photos on their Facebook page, he said. Assuming a 60% non-participation rate (which is probably way too high), the company would have a faceprint for one out of 20 people on the planet. Assuming a 20% opt-out rate, which is perhaps more realistic, Facebook has pictures of one out of 10 humans in their facial recognition system. Every time Facebook suggests, "is this so-and-so?" and asks if you want to tag them, and you say "no, it's not that person," the company improves their algorithm. Essentially, Facebook has crowd-sourced refinement of its system. Facebook does not promise they won't sell information to third parties. There are scenarios with real person to person (P2P) harms. In early 2010 an Israeli company rolled out Click App, a facial recognition system which Facebook purchased last year. Someone hacked it and figured out you could download pictures from Facebook and use it as a private facial recognition system.
Prof. Donohue had earlier described how the FBI had developed facial recognition technology to scan individuals at political rallies, identifying everyone who had attended two or more events. Redoya said the events in the FBI's example were from Obama and Clinton political rallies. In all states where such facial recognition technology has been rolled out, he said, it's a crime to block a sidewalk, for example, so it's easy to find a law enforcement justification for its use in such settings. Your faceprint remains roughly the same between ages 20 and 50, he said.
In Katz, the Supreme Court considered it important that the phone booth door was closed. But every time you walk outside you knowingly expose your face to the public, Redoya observed. Unless the law catches up to that sort of functionality, those sorts of outdated distinctions will obliterate personal privacy.
Privacy in the age of augmented reality
Carnegie Mellon's Ralph Gross discussed "Privacy in the age of augmented reality" (see an FAQ) having conducted experiments analyzing the convergence of public self-disclosure in social networks, improvements in facial recognition accuracy, cloud computing, "ubiquitous computing," and "statistical re-identification" of de-identified data The results, he said raise the question of whether in an era of "augmented reality" we have finally reached “the end of anonymity”?
Gross said modern facial recognition technology can go from an anonymous face to matching it to a presumptive name, then get online information, demographics, their friends, and potentially predict their social security number and credit score, not to mention their political and sexual orientation. This could all be done, he said, "in real time with a smart phone app. The implications are staggering and include:
- Faces as conduits between online and offline data.
- The emergence of personally predictable information
- The rise of visual, facial searches
- Democratization of surveillance, and
- Social network profiles as Real IDs
Location data as biometrics: You are where you go
The more cell-phone towers and antennas that exist, the more precise location tracking by cell phones becomes. Using a site called AntennaSearch, Lynch found that there were 74 cell towers and 529 antennas within four miles of the Yale Law School. (Running the same search for Grits' own home in Central East Austin, I found 145 towers and 675 antennas within a four mile radius.)
A young German politician named Malte Spitz sued his cell phone company for all his location data and partnered with a newspaper to produce an amazing graphic tracking his movements for six months. The graphic includes not just his location but how many phone calls and text messages he received and sent, also linking the data to his Facebook and Twitter timelines to add context, creating a stunning diary of his life. Given the foibles of human memory, it shows your cell-phone carrier (and by extension any government agency or third party that accesses that data) in some ways may know more about your life than you do.
Following in his footsteps, so to speak, Lynch tracked herself for a month with a Google program called “Latitude” that records everywhere you've been. Nothing earth shattering - she mostly went from home to office to her kid's school, with an occasional trip to a store or other destination - but really it's the mundane data that identifies you and provides the most information about who you are and how you live your life. Location data combines and amplifies all the problems with biometrics, said Lynch.
Aren't biometrics 'awesome'?
One-to-one biometrics are not as big a problem compared to "one to many" apps. It's one thing to verify identity of an individual and another to identify strangers from a crowd, especially in an era when cameras are so ubiquitous.
See prior, related Grits posts from the conference:
- Cell phone tracking by government: How it's done
- On the Fourth Amendment implications of location tracking
- Secrecy and federal court dockets: On the nuts and bolts of authorizing government surveillance
- Bypassing the telecoms: 'Stingrays' allow direct government phone surveillance with little oversight
- Video, resources from location tracking conference