Biometric Identifiers

• Background |
• News Items |
• Resources |
• Previous Top News

Latest News/Events

• EPIC to DHS Privacy Advisory Committee: End Facial Recognition: In response to a public notice by the Data Privacy and Integrity Advisory Committee, EPIC submitted comments urging the CBP to halt implementation of the biometric border program. EPIC stressed the need for federal regulation to safeguard privacy and prevent the misuse of facial recognition technology. EPIC called for a public rulemaking for the federal entry/exit program. EPIC also criticized the Committee's draft recommendations for facial recognition. EPIC said that the transfer of personal data from the State Department to the CBP was unlawful and that the opt-opt procedures were ignored in practice. Documents EPIC previously obtained in a FOIA lawsuit against CBP revealed that facial scanning did not perform operational matching at a "satisfactory" level. (Dec. 6, 2018)
• Inspector General Report: Airport Facial Recognition Faces Technical Problems: A Department of Homeland Security Inspector General report highlighted many challenges to facial recognition at airports. The problems of accurate biometric matches apply to all travelers, and particularly U.S. citizens. According to the Inspector General's report, "U.S. citizens accounted for the lowest biometric confirmation rate." A report obtained by EPIC last year through a Freedom of Information Act lawsuit revealed that iris imaging and facial recognition for border control did not perform at a "satisfactory" level. In a statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and lack proper privacy safeguards. (Oct. 4, 2018)
• EPIC Scrutinizes FBI's Massive Biometric Database: In comments to the FBI, EPIC criticized the Bureau’s proposal to remove Privacy Act safeguards from a database containing biometric data on millions of citizens, much of it unrelated to law enforcement. Through a FOIA lawsuit, EPIC obtained documents about the “Next Generation Identification” database that revealed an error rate up to 20% for face recognition searches. EPIC warned the FBI of the privacy and civil liberties risks as well as the potential for data breaches. EPIC urged the FBI to limit the scope of data collection, reduce the retention of data, and maintain the protections of the Privacy Act. (Jul. 7, 2016)
• EPIC, Coalition Demand Congressional Oversight of FBI's Vast Biometric Database: Today EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI’s massive biometric database and the risks of facial recognition technology. The letter follows the FBI’s recent proposal to exempt the "Next Generation Identification” database from Privacy Act safeguards—including requirements for accuracy, relevancy, and transparency. The civil liberties organizations said that “the FBI is retaining vast amounts of personal information and exposing millions of people to a potential data breach.” In the EPIC v. FBI FOIA case, EPIC obtained documents which revealed high error levels in the biometric database. (Jun. 23, 2016)
• GAO Report: FBI’s Use of Face Recognition Fails on Privacy and Accuracy: The Government Accountability Office released a report today detailing the FBI’s failure to conduct a privacy audit of the agency’s use of facial recognition or adequately test the accuracy of the technology. EPIC and a coalition of public interest groups recently urged the Justice Department to extend the public comment period for the FBI’s Next Generation Identification database, which includes facial recognition capabilities. Previous Freedom of Information Act requests by EPIC showed that the agency had numerous agreements with states to access driver license photos for facial recognition searches and that technical specifications allowed for a 20% search error rate. (Jun. 15, 2016)
• EPIC, Coalition Seeks Time to Review FBI Biometric Database: EPIC and a coalition of civil rights, privacy, and transparency groups urged the Department of Justice to extend the public comment period for the FBI’s Next Generation Identification database. The FBI database contains biometric data, such as fingerprint and retinal scans, on millions of Americans and raises significant privacy risks. The FBI is proposing to exempt the database from Privacy Act obligations, including legal requirements to maintain accurate records, permit individual access, and provide civil remedies. Errors plague the NGI database. In a FOIA case, EPIC v. FBI, EPIC obtained documents, which showed that the FBI accepted a 20% error rate for facial recognition matches. (Jun. 1, 2016)
• Senate to Hold Homeland Security Oversight Hearing: The Senate Judiciary Committee will hold an oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the secret profiling of American air travelers, the use of drones for aerial surveillance, the amassing of information on Americans into "fusion centers", and the collection of biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see EPIC v. DHS - Social Media Monitoring and EPIC v. DHS (Suspension of Body Scanner Program). (Jun. 10, 2014)
• Spotlight: FBI Pushes Forward with Massive Biometric Database Despite Privacy Risks: EPIC's Spotlight on Surveillance Project returns to put the spotlight on the Federal Bureau of Investigation's Next Generation Identification program. A billion dollar project to increase the Bureau's ability to collect biometric identifiers on millions of individuals in the United States. The FBI is currently adding facial, iris, and voice identification techniques that will greatly increase the Bureau’s ability to pursue mass surveillance. EPIC is pursuing a Freedom of Information Act lawsuit to learn more about the program. Many of the techniques now being deployed in the US were developed by the US Department of Defense for war zones. EPIC has urged greater Congressional oversight of the program and new privacy safeguards. See EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program. (Dec. 10, 2013)
• EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques: Today EPIC, and several privacy organizations, filed a complaint with the Federal Trade Commission about Facebook's automated tagging of Facebook users. EPIC alleged that the service was unfair and deceptive and urged the FTC to require Facebook to suspend the program, pending a full investigation, the establishment of stronger privacy standards, and a requirement that automated identification, based on user photos, require opt-in consent. EPIC alleged that "Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook." EPIC warned that "absent injunctive relief by the Commission, Facebook will likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control." EPIC has previously filed two complaints with the Commission regarding Facebook. For more information see EPIC: Facebook Privacy. (Jun. 10, 2011)
• National Academies Releases New Report on Biometrics: The National Academy of Sciences has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. See EPIC - Biometric Identifiers and EPIC - Iraqi Biometric Identification System. (Sep. 28, 2010)
• US Withdrawal from Iraq Raises Questions about Future of Biometric Database: President Obama's address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices "contravene international treaties and could lead to potentially devastating consequences." EPIC, PI, and HRW urged the Defense Department to "adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information." For more information, see EPIC - Iraqi Biometric Identification System. (Sep. 1, 2010)
• Busted Biometric Traveler ID May Return to US Airports: "Clear," the flawed airport security program that gathered biometric data on hundreds of thousands of travelers before the company went bankrupt, may return with a new operator. The assets of Verified Identity Pass -- including the fingerprints and iris patterns of previous customers -- have been sold at auction to AlClear, which intends to restart the program.  In Congressional testimony in 2005, EPIC warned that the Registered Traveler program should be subject to the federal Privacy Act. For more information, see EPIC Spotlight On Surveillance: Registered Traveler Card, EPIC "Clear" (May. 4, 2010)
• Congressional Leaders Press Obama on Privacy Board: Chairman Bennie Thompson and twenty members of the House of Representatives sent a letter to President Obama seeking the immediate nomination of members to the Privacy and Civil Liberties Oversight Board. The Privacy Board was active during the Bush Administration, but the Obama administration has moved slowly to reconstitute the advisory body. No hearings have been held and no reports have been issued. The board is intended to provide advice on the civil liberty implications of programs that effect the rights of citizens, such as the use of Whole Body Scanners by the TSA, biometic identifiers, and cyber security policy. (Mar. 30, 2010)
• Worker Biometric ID Under Consideration in US: Senators Charles Schumer and Lindsey Graham have proposed a new national identity card. The Senators would require that "all U.S. citizens and legal immigrants who want jobs" obtain a "high-tech, fraud-proof Social Security card" with a unique biometric identifier. The card, they say, would not contain private information, medical information, or tracking techniques, and the biometric identifiers would not be stored in a government database. EPIC has testified in Congress and commented to federal agencies on the privacy and security risks associated with national identification systems and biometric identifiers. For more information, see EPIC: National ID and the REAL ID Act, EPIC: Biometric Identifiers, and the Privacy Coalition’s Campaign Against REAL ID. (Mar. 24, 2010)
• EPIC Urges Increased Privacy for "Global Entry" Registered Traveler Program: On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Jan. 28, 2010)
• Congress Begins Hearings on the "Trouser Bomber" and Intelligence Reform: The Senate Judiciary Committee and the Senate Committee on Homeland Security opened hearings today on airline security and the intelligence failure on December 25. Questions about privacy and civil liberties were raised frequently by senators. Specifically, senators asked about the adequacy of privacy safeguards for the body scanners, database profiling, biometric identification, and the status of the President's Civil Liberties and Privacy Oversight Board. According to documents obtained by EPIC through a Freedom of Information Act request, the body scanners ordered by the TSA are designed to store and record images of American air travelers. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.” (Jan. 20, 2010)
• DHS Announces "Global Entry" Biometric Identification System for U.S. Airports: Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Nov. 19, 2009)
• Senate Judiciary Committee Considers National Biometric Identification System: Senator Schumer (D-NY) is proposing a new system to track all US workers to determine employment eligibility. The plan for the employment verifiability system involves the collection of biometric information. The Department of Homeland Security would approve or disapprove individuals for employment. Automated biometric identification systems raise questions about the scalability, reliability, accuracy, and security of the data collected. See EPIC Biometric Identification. (Jul. 22, 2009)
• U.S. Now Collects All 10 Fingerprints of Foreign Visitors. Under border control system US-VISIT, the Department of Homeland Security will begin collecting a full set of fingerprints from foreign visitors to the U.S. Since 2004, US-VISIT has only required two-print collection. The database now includes 90 million sets of prints. EPIC has said that the system lacks adequate privacy and security safeguards. For more information, see EPIC's page on US-VISIT. (Feb. 27)
• European Union to Fingerprint All Foreign Travelers. The European Union released a plan (pdf) to begin collecting the fingerprints of all foreign travelers when they cross the border of any EU country. The collection of the travelers' identity will be at both entry and exit of the Schengen border-free zone, which allows borderless travel among EU countries. Many privacy organizations have raised questions about this massive database of fingerprints, including Privacy International. Privacy groups explained that there have been numerous security breaches of government databases and adequate safeguards might not be created, making the information susceptible to loss or theft. (Feb. 15)
• FBI Seeks to Build Massive Identification System. The Federal Bureau of Investigation awarded a $1B, 10-year contract to design, develop, document, integrate, test, and deploy the Next Generation Identification (NGI) System to Lockheed Martin. This new database will expand on the current fingerprint-based system; the FBI willincrease its collection and storage not only fingerprints but also iris scans, palm prints and facial images. The FBI is also in talks with the U.K. police to establish a unified database for the tracking of this biometric information. The U,K. has said that the new NGI System could easily be integrated with the U.K.'s current Ident1 database. Critics have highlighted the problems created by such massive system that would share data, includinginaccurate or fake information. (Feb. 14)
• Airport Uses Iris Scans to Track Employees. For the first time in the UK 25,000 employees of the Manchester Airport are now required to use iris scan identification to access restricted areas. This new iris scan system is in addition to the current access control cards and Personal Identification Numbers already in use at the airport. When entering any checkpoint the staff will now need to swipe their ID card, enter their PIN before entering the iris scan booth. No mention of the method of data security has been released from the airport but assurances that the information will not be shared have been made. (Jan. 24, 2008)

Background

The tragic events of September 11, 2001, have led to a closer examination of security measures that might have foiled those devastating attacks and that might prevent similar attacks in the future. Prominent among the various measures being considered is the use of devices that check a person's identity using biometric identifiers such as fingerprints, iris/retina, or facial patterns. Soon after the attacks, Larry Ellison, head of California-based software company Oracle Corporation, advocated the deployment of mandatory national ID cards with fingerprint information to be matched against a national database of digital fingerprints to confirm the identity of the card's carrier. There have been recent discussions between the United States and the European Union concerning the creation of biometric passports.

Biometric identifiers are of course widely used by people to identify each other ñ one might recognize a friend by the sound of her voice, the color of her eyes, or the shape of her face. Devices using biometric identifiers attempt to automate this process by comparing the information scanned in real time against an "authentic" sample stored digitally in a database. The technology has had several teething problems, but now appears poised to become a common feature in the technological landscape.

The most widely used biometric is the fingerprint identifier. A June 2004 report by National Institute of Standards and Technology (NIST) showed that one-fingerprint identification systems had an accuracy rate of 98.6 percent, while the accuracy rate rose to 99.6 when two fingerprints were used and 99.9 when four, eight and ten fingerprints were used. The report also showed that the accuracy rate for fingerprint identification drops as the age of the person increases, especially for those more than 50 years old.

The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program marked its first anniversary in early January and extended its entry/exit biometric capturing system to 50 of the busiest land ports of entry. The system requires two digital index finger scans as well as a digital photograph of the visitor, which are intended to verify identity and are compared to a vast network of government databases.

There are significant privacy and civil liberties concerns regarding the use of such devices that must be addressed before any widespread deployment. Briefly there are six major areas of concern:

Storage. How is the data stored, centrally or dispersed? How should scanned data be retained?

Vulnerability. How vulnerable is the data to theft or abuse?

Confidence. How much of an error factor in the technology's authentication process is acceptable? What are the implications of false positives and false negatives created by a machine?

Authenticity. What constitutes authentic information? Can that information be tampered with?

Linking. Will the data gained from scanning be linked with other information about spending habits, etc.? What limits should be placed on the private use (as contrasted to government use) of such technology?

Ubiquity. What are the implications of having a electronic trail of our every movement if cameras and other devices become commonplace, used on every street corner and every means of transportation?

News Items

• Your Local Cops Now Use Iraq’s Iris Scanners
, Wired Magazine, December 20, 2010.
• DHS boosts E-Verify with links to passport photo database, Federal Computer Week, November 12, 2010.
Why no one wants DHS to play cyber mall cop, Federal Computer Week, July 22, 2010
• Biometric answer to ID fraud has limits: expert, Reuters, March 8, 2010.
• E-Verify fails to catch half of unauthorized workers, study reveals, Federal Computer Week, March 3, 2010.
• Trials of full-body scanners at Delhi airport from May, The Times of India, February 3, 2010.
• Smartmatic and Cross Match Technologies to Supply Mexico’s National Register Technology and Infrastructure, IT News Online, January 14, 2010.
• EU plans to fingerprint foreigners to beef up borders. Reuters, February 13, 2008.
• Lockheed Gets $1 Billion FBI Biometrics Contract. Information Week, February 13, 2008.
• a href="http://washingtontechnology.com/articles/2008/02/07/three-giants-compete-for-fbi-biometric-deal.aspx">Three giants compete for FBI biometric deal, February 8, 2008.
• Manchester Airport launches staff biometrics. ZDNet, January 23, 2008.
• FBI wants instant access to British identity data. The Guardian, January 15, 2008.
• Customs to collect visitors' 10 prints. USA Today, December 3, 2007.
• School security cameras go cutting edge. USA Today, November 1, 2007.
• 'Kiddyprinting' takes off in Scots schools. Sunday Herald, October 7, 2007.
• U.S. is building database on Iraqis. USA Today, July 12, 2007.
• Iraqis' phony IDs mask links to Shiites, Sunni. Star-Telegram.com, June 24, 2007.
• Backgrounder: A National ID Program for Iraq? New York Times, May 29, 2007.
• At Checkpoints in Baghdad, Disguise Is a Lifesaving Ritual. Washington Post, Sept. 29, 2006.
• To Stay Alive, Iraqis Change Their Names. New York Times, Sept. 6, 2006.
• Biometrics unreliable, says EU privacy head. CNet News, March 15, 2006.
• Co-op supermarkets introduce pay-by-touch. Reuters UK, March 9, 2006.
• Online assessments and biometrics used in new immigration system. Computer Weekly, March 8, 2006.
• Oxford Co-ops test fingerprint payments. Silcon.com, March 8, 2006.
• Biometrics at the Disney Gates. Secure ID News, March 2, 2006.
• Forgot your passwords? Try using your heart. Forbes, Februrary 24, 2006.
• Researchers Use Fingerprints to Secure Networks. NetworkWorld, February 24, 2006.
• Biometrics used to protect Germany’s Olympic athletes. Computerworld, February 22, 2006.
• U.K. e-passports start their travels. CNet News, February 21, 2006.
• Biometrics struggles to go mainstream. VNUNet, February 17, 2006.
• Brown backs biometrics. Silicon.com, February 14, 2006.
• Biometrics use to accelerate in 2006. ZDNet News, February 2, 2006.
• DHS taking second look at iris scans for Registered Traveler. GCN, January 30, 2006.
• Nursery installs fingerprint ID system. Telegraph, January 18, 2006.
• U.K. cops look into face-recognition tech. ZDNet News, January 17, 2006.
• Police build national mugshot database. Silicon.com, January 16, 2006.
• E-passport testing begins at San Francisco International Airport. Contactless News, January 16, 2006.
• Biometrics deal: Viisage paying about $770 million in stock for Identix. Associated Press, January 12, 2006.
• New biometrics group focuses on frequent fliers. GovExec News, January 9, 2006.
• Minnesota To Use Biometrics On IDs. St. Paul Pioneer Press, January 6, 2006.
• Gov't to use biometrics to better security. Miami Herald, January 5, 2006.
• Mexico hires biometrics companies to beef up prison security. Associated Press, January 4, 2006.
• U.S.Visit biometrics up and running, on time. Washington Technology, December 30, 2005.
• New biometrics software looks for sweat. ZDNet News, December 21, 2005.
• Outside View: Biometrics for security. UPI, December 18, 2005.
• Boffins use Play-Doh to fool biometrics. VNUNet, December 13, 2005.
• Ridge: Terrorist Threats Spur Tech. Internet News, December 7, 2005.
• Fingerprint, iris scans for airport employees. Toronto Star. December 7, 2005.
• Home secretary sets out business case for ID cards. VNUNet, November 23, 2005.
• Biometrics calm US web shoppers. Silicon.com, November 21, 2005.
• Decision on smart-card biometrics due soon. Government Computing News, November 18, 2005.
• Biometrics Goes CE. Electronic News, November 16, 2005.
• TSA releases guidance on biometrics for access control. Government Computing News, November 15, 2005.
• Smiling Germans ruin biometric passport system. VNUNet, November 10, 2005.
• First biometric passports issued to diplomats. Silicon.com, November 8, 2005.
• Thousands of businesses to be authorised to make biometric checks on customers. Computer Weekly, November 1, 2005.
• Chief scientist to put ID biometrics under the microscope. Telegraph, October 26, 2005.
• Biometrics beyond borders. ZDNet News, October 25, 2005.
• Experts call for global biometrics agency. ZDNet News, October 21, 2005.
• 2,500 people to test ID card biometrics. Silicon.com, October 20. 2005.
• Cashing in on security. Washington Times, October 19, 2005.
• Government plans to test biometrics at the border. Globe and Mail, October 17, 2005.
• ID card technology 'difficulties.' Scotsman, October 16, 2005.
• Exclusive: NSW Police eye roadside fingerprint biometrics. Computerworld, October 14, 2005.
• Sticky fingers could scupper UK ID card biometrics, warn experts. Computer Weekly, October 13, 2005.
• Alaska-Canada border policy changed. Fairbanks Daily News-Miner, October 11, 2005.
• Biometrics not ready for prime time, says Europe. Silicon.com, October 7, 2005.
• Australia Tests Biometrics at Airports as Part of Immigration Program. Associated Press, September 29, 2005.
• Sydney airport to trial biometrics. ABC News, September 29, 2005.
• Biometrics curing password headaches. Silicon.com, September 28, 2005.
• Biometric Imaging Faces a Reality Check. Advanced Imaging, September 26, 2005.
• Smart ID Cards Debated. IDG News Service, September 14, 2005.
• Rutgers Turns to Biometrics For Lab Acces. InformationWeek, September 13, 2005.
• Biometrics roadshow kicks off ID cards charm offensive. Silicon.com, September 12, 2005.
• Fingerprint scans to be used at Canadian airports. Canadian Press, August 30, 2005.
• UK to incorporate new biometric standards. ZDNet, August 29, 2005.
• Israel uses hands-on approach for trusted travelers. FCW, August 29, 2005.
• IBM works toward replacable biometrics. IDG News Service, August 17, 2005.
• New border program gets mixed reviews. Daily Bulletin, August 10, 2005.
• The State Of Surveillance. Business Week, August 8, 2005.
• Surveillance Society: The Experts Speak. Business Week, August 8, 2005.
• Biometrics make people wary. Globe and Mail, August 2, 2005.
• Soft-drink giant deploys biometrics. ITWeb, July 28, 2005.
• GSA wants specifics on smart cards, fingerprint biometrics. Government Computing News, July 27, 2005.
• Justice seeks faster fingerprint tech. FCW, July 19, 2005.
• Labor concerned at fingerprint ID plan. ABC News, July 19, 2005.
• Transit group seeks $6B to bolster transportation security. Computerworld, July 14, 2005.
• UK Wins Push for Anti-Terrorism Information Sharing. EGov Monitor, July 14, 2005.
• UK EU presidency aims for Europe-wide biometric ID card. Register, July 13, 2005.
• Banks to establish standard system for biometrics identification. Asahi, July 12, 2005.
• Biometrics puts security at a user's fingertips. San Francisco Chronicle, July 11, 2005.
• Police back system, despite the results. Virginian-Pilot, July 10, 2005.
• Germany moves forward with e-passports. Government Computing News, July 8, 2005.
• German Airline Tests Biometric Tickets. Associated Press, July 6, 2005.
• Biometrics won't deter passport fraudsters chief admits. Register, July 1, 2005.
• Forget fingerprints and eye scans; the latest in biometrics is in vein. ComputerWorld, June 29, 2005.
• Interview transcript: Head of UK Passport Service. Financial Times, June 29, 2005.
• UK to outsource biometric visa checks to Mumbai. Register, June 27, 2005.
• Biometrics companies scan a lucrative market. Financial Times, June 27, 2005.
• Biometrics get handheld with laptops. Arkansas Democrat-Gazette, June 27, 2005.
• Chicago Libraries to Require ID Check for Internet Use. NPR, June 26, 2005.
• Airport to test pilot program for screening of passengers. Miami Herald, June 26, 2005.
• Registered-traveler program works out its kinks. Orlando Sentinel, June 24, 2005.
• State tells lawmakers biometrics will ensure identity. Government Computing News, June 23, 2005.
• Biometrics ID system debuts at Orlando International Airport. Associated Press, June 22, 2005.
• Pay By Touch sees biometrics as key to secure transaction. Business Journal, June 17, 2005.
• US delays biometric passports for 27 countries until 2006. EU Business, June 16, 2005.
• ID Cards on Trial: Police chief questions biometrics. Silicon.com, June 16, 2005.
• US delays use of biometric passports for EU travelers to 2006. Agence France-Presse, June 15, 2005.
• Airport to Adopt Biometrics Security System. Korea Times, June 15, 2005.
• Finger-scan systems coming to Carolinas. Charlotte Observer, June 15, 2005.
• U.S. to scale back passport standards. Associated Press, June 14, 2005.
• British opposition to identity cards growing. New Zealand Herald, June 14, 2005.
• Iris Pushes e-Passport to Combat Terrorism. Nikkei Electronics Asia, June 14, 2005.
• Job seekers increasingly fingerprinted. Wall Street Journal, June 13, 2005.
• US expected to abandon Biometric passport plan. ElectricNews.Net, June 13, 2005.
• Secret rhythms: Firm finds security in keystrokes. Puget Sound Business Journal, June 12, 2005.
• Finger all some retailers need for payment. Washington Post, June 12, 2005.
• Ireland shelves biometric chip passport plans. Sunday Times, June 12, 2005.
• Customers Touched by Biometric Payments. Newsfactor Technology News, June 10, 2005.
• Fingerprinting for ID cards halted. Taipei Times, June 10, 2005.
• Costs Emerge for Biometric Visa Rollout. EGov monitor Newsdesk, June 9, 2005
• Plan For Voluntary Biometric ID Gets First Taker. Associated Press, June 8, 2005
• Biometrics: getting back to business, Computerworld, June 8, 2005.
• Traveler's card might just pave the way for a national ID card. USA Today, June 8, 2005.
• ID Cards on Trial: Minister defends "robust" biometrics. Silicon.com, June 7, 2005.
• Nature's barcode: Your fingerprints are increasingly being used for more than identification. Journal Times Online, May 27, 2005.
• Iowa passes child fingerprint act. Science Daily, May 21, 2005.
• DHS warns on passport upgrades. United Press International, May 13, 2005.
• US sets passport deadline. Australian IT, May 13, 2005.
• Cub Foods to pilot fingerprint payment system. Twin Cities Business Journal, May 13, 2005.
• U.S. bill sets tight driver's license rules. Chicago Tribune, May 11, 2005.
• Senate Backs Measure to Tighten ID Requirements. Washington Post, May 11, 2005.
• Senate approves electronic ID card bill. ZDNet News, May 10, 2005.
• States May Disobey Driver's License Rules. Associated Press, May 10, 2005.
• Controversial terror database closing down. Associated Press, April 15, 2005.
• MATRIX Pilot Project Concludes. News Release, April 15, 2005.
• French may have to buy compulsory biometric ID cards. IDG News Service, April 12, 2005.
• Fingerprint passports will be 'ID card by stealth.' Telegraph, April 12, 2005.
• Passport applicants must give fingerprints. Guardian, April 12, 2005.
• U.K. biometric ID cards bill shelved before election. IDG News Service, April 6, 2005.
• EU wants biometric passports delayed. Cnet News, April 1, 2005.
• Security and interop issues cause EU biometric passport delays. Register, April 1, 2005.
• Privacy International forges coalition calling on European Parliament to stop mass fingerprinting proposal. Privacy International, November 30, 2004.
• Concern over Biometric Passports. BBC News, March 30, 2004.
• Biometrics Benched for Super Bowl. Wired News, December 31, 2002.
• Privacy Still a Priority, Officials Say. Federal Computer Week, July 29, 2002.
• Biometric Passports Planned. Australian IT, May 15, 2002.
• Criminal Line-Ups Use Drivers' Photos: Senator wants state practice stopped as invasion of privacy. Denver Post, Mar. 6, 2002.
• A Surge in Demand to Use Biometrics.New York Times, Dec. 17, 2001.
• A Cautionary Tale for a New Age of Surveillance. New York Times, Oct. 7, 2001.
• Technology That Stands Out From The Crowd. Financial Times, Sept. 25, 2001.
• Terrorist Attacks Have Inspired Nationwide Interest In Surveillance. San Francisco Chronicle, Sept. 24, 2001.
• Databases May Be Used to Screen Air Travelers. Los Angeles Times, Sept. 20, 2001.
• Securing the Future. Los Angeles Times, Sept. 20, 2001.
• Biometrics; Exploring Technology to Protect Passengers With Fingerprint or Retina Scans. New York Times, Sept. 19, 2001.
• The Social Cost of Safety: Technology Can Help to Trap Terrorists But the Impact on Privacy is being Questioned. Financial Times, Sept. 19, 2001.
• No Silver Bullets: Giving Up Privacy for Security Will Leave Us With Neither. SF Gate, Sept. 18, 2001.
• Tech vs. Terrorism: Airports Look to New Technologies to Beef up Security. San Francisco Chronicle, Sept. 17, 2001.
• The Positive Side of Biometrics. Wired News, Sept. 5, 2001.

Resources

• U.S. Department of State Fact Sheet About Visa Waiver Program, Biometrics, and Machine-Readable Passports. April 7, 2005.
• EPIC's April Spotlight on Surveillance about ID cards with biometrics. April 1, 2005.
• EPIC's comments to the TSA's request for biometric guidance, March 17, 2005.
• Technical report (PDF) to the Council of European Union saying proposed biometric visa scheme is not feasible, November 11, 2004.
• EPIC's comments before the Department of the Treasury in the Matter of
  FACT Act Biometric Study, April 1, 2004.
• Letter (PDF) from civil liberties groups to International Civil Aviation Organization regarding their plans to include biometric identifiers such as fingerprints and facial scans on all newly issued electronic passports, March 30, 2004.
• EPIC's Face Recognition page.
• EPIC's National ID page.
• EPIC's July 2002 Congressional testimony concerning ID theft and biometrics, July 18, 2002.
• Use Of Biometric Identification Technology To Reduce Fraud In The Food Stamp Program: Final Report (PDF) ñ U.S. Department of Agriculture, December 1999.
• New Jersey State Assemblywoman Joan Quigley has introduced a bill to regulate biometric identifiers."
• Biometric Access Devices Put to the Test." From Heise Online.
• Connecticut Department of Social Services Biometric ID project (see their newsletter for latest biometric industry news).
• Analysis of biometric technologies from Deutsche Bank Research: "Biometrics-Hype and Reality" (PDF)
• Information on fingerprinting from onin.com.
• San Jose State University National Biometrics Test Center.
• Roger Clarke, an Australian privacy expert, has an excellent guide to the issues involved in the use of biometric identifiers. The guide also contains many useful links.
• Phil Agre, Associate Professor of Information Studies at UCLA, has put together an interesting collection of arguments and news stories about ubiquitous use of biometric identifiers, specifically face recognition cameras. Your Face is Not a Bar Code: Arguments Against Automatic Face Recognition in Public Places. Sept. 7, 2001.
• The Biometric Consortium serves as the US Government's focal point for research, development, test, evaluation, and application of biometric-based personal identification/verification technology. They also have a good collection of links to articles and other publications.
• The International Biometric Industry Association maintains a FAQ and links to other resources on biometric technology.Erik Bowman of Identix, a leading developer of biometric technology, describes biometrics from the industry perspective.
• The RAND Corporation published a short issue paper in mid-2001, entitled "Super Bowl Surveillance: Facing Up to Biometrics".
• The International Biometric Group, a leading integration and consulting firm in the biometric industry, has put together a brief in response to the terrorist attacks in which they caution against thinking of biometric devices as silver bullets and point out various limitations to the use of the technology. IBG's BioPrivacy Initiative.

Previous Top News

• Human Rights Organizations Urge US Secretary of Defense to Investigate Biometric Database of Iraqis. In a letter to Secretary of Defense Robert Gates, EPIC, Privacy International, and Human Rights Watch warn that a new system of biometric identification contravenes international privacy standards and could lead to further reprisals and killings. The groups cite the particular risk of identification requirements in regions of the world torn by ethnic and religious division. The groups also note a 2007 report from the Pentagon's Defense Science Board that said military use of biometric data raise substantial privacy concerns. For a discussion of identity systems and threats to privacy, see "Privacy and Human Rights Report 2005." See also Privacy International resources. (Jul. 27)
• Britain Increasing Use of Biometrics on Schoolchildren. The British Educational Communications and Technology Agency (BECTA) released guidelines for UK schools, "BECTA Guidance on the Use of Biometric Systems in Schools." BECTA explained that the collection of schoolchildren's fingerprints is covered under the Data Protection Act of 1998, care must be taken if such data is collected, and "schools have a duty to ensure that all the personal data they hold is kept secure." At the same time, the UK Information Commissioner's Office also issued guidance (pdf) on biometrics collection from schoolchildren, who can be as young as five years old. The Office agreed that such data collection was covered by the Data Protection Act of 1998 and told schools that they "should explain the reasons for introducing the system, how personal information is used and how it is kept safe." It is not known if parents fully understand that, when investigating a crime, the UK police are allowed to access schools' biometric databases without parental permission. (Jul. 23)
• U.S. Military Builds Biometric Database on Iraqis. USA Today reports that U.S. troops are using mobile scanners to capture fingerprints, eye scans, and input other personal data from hundreds of thousands of Iraqis. Although General Patraeus has indicated that the purpose is to identity insurgents, U.S. troops are stopping Iraqis at homes, checkpoints, workplaces, and "In several neighborhoods in and around Baghdad, troops have gone door to door collecting data." A March report (pdf) from the Pentagon's Defense Science Board said military use of biometric data raise substantial privacy concerns. For a discussion of identity systems and threats to privacy, see "Privacy and Human Rights Report 2005." See also Privacy International resources. (Jul. 18)
• Federal Air Marshals to Surreptitiously Photograph Travelers. The US Department of Homeland Security is investing in face recognition technology so that federal marshals can surreptitiously photograph people in airports, bus and train stations, and elsewhere to check whether they are in terrorist databases. The Los Angeles police department already is using handheld facial recognition devices. See EPIC's Video Surveillance page. (May 10)
• EPIC Recommends Against Use of Universal Identifiers. In comments (pdf) to the Federal Trade Commission, EPIC warned against using universal identifiers, such as biometrics, in authentication systems. EPIC explained that a biometric identifier cannot be changed by a victim once his or her identity has been breached -- a fingerprint is unalterable. "Any move toward universal identifiers, while potentially deterring amateur thieves, increases the potential for misuse once determined criminals steal that data," EPIC said. For more information, see EPIC's National ID Cards and REAL ID Act page. (Mar. 23)
• Joint Paper on Biometric Encryption Released. Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, released a joint research paper with Dr. Alex Stoianov, an internationally recognized biometrics scientist. The paper, entitled, "Biometric Encryption: A Positive Sum Technology that Achieves Strong Authentication, Security AND Privacy," discussed how biometrics can be deployed in a privacy-enhanced way that minimizes the potential for surveillance and abuse, maximizes individual control, and ensures full functionality of the systems in which biometrics are used. The paper suggested that biometric encryption could address the privacy, security and trust problems of current biometric information systems. With biometric encryption, instead of storing a sample of one's fingerprint in a database, you can use the fingerprint to encrypt or code some other information, like a PIN or account number, or cryptographic key, and only store the biometrically encrypted code, removing the need to collect and store the biometric itself. (Mar. 14)
• European Commission Plans Multinational 'Centralised Database of Fingerprints.' The European Commission has revealed (pdf) that one of its "key actions envisaged for 2008" is "implementing a centralised database of fingerprints." The proposal for a massive database of fingerprints from all 27 EU countries prompted accusations of "Big Brother Europe." The database would include fingerprints of suspects and people released without charge, as well as those convicted of crimes. The cost and scope of the massive EU-wide fingerprint database are being assessed, but the goal is to create the database by the end of 2008. Questions remain about whether the third-party countries, such as the United States, would have access to this centralized repository of EU citizens' fingerprints. (Feb. 21)
• Prum Treaty Signatories Agree to Share Access to Fingerprint and Motor Vehicle Databases. Home Affairs ministers of signatories to the Prum Treaty agreed to share access to each nation's fingerprint and motor vehicle databases. Austria, Belgium, France, Germany, Luxembourg, Netherlands, and Spain signed the treaty in 2005. Italy, Finland, Portugal, Romania, Slovenia, and Sweden and Romania issued formal notification of their wish to sign, as well. This continues an expansion of international sharing of fingerprint data. The Philippines and the US are cooperating on a joint database. (Jan. 15, 2007)
• UK to Gather Biometrics From Foreign Nationals. The UK Home Office today announced a plan to "record[] biometrics for everyone from the 169 nationalities outside the [European Economic Area] applying to work, study or stay in the UK for more than six months, and for people from 108 nationalities applying to visit the UK," to be implemented by 2008. The UK plans (pdf) to record fingerprints and facial images and also plans to begin issuing biometric ID documents to foreign nationals by 2008. (Dec. 19)
• Police Increasingly Using Handheld Fingerprint Scanners. Traditionally, fingerprint biometrics have been used in law enforcement investigations of crimes; used in laboratories and courts to identify criminals. However, law enforcement has begun using fingerprint databases outside of these contexts. In Australia and the UK, police now carry handheld fingerprint scanners so that they can quickly identify people on the streets, such as drivers who are pulled over for a traffic violation or pedestrians "suspected" of criminal offenses. The police obtain "permission" from suspects, but the voluntariness of such permission is suspect, and then check for matches in a database containing 6.5 million fingerprints. The portable biometric devices used by Australian police are made by French electronics company Sagem and can hold up to 100,000 fingerprints. (Nov. 22)
• European Data Protection Supervisor Says Biometrics Are Unreliable. European Data Protection Supervisor Peter Hustinx criticized (pdf) the increasing usage of biometric identifiers and databases by governments. He said that fingerprint and DNA identifiers are too inaccurate. He also called for stronger data protection legislation for these large databases. (Mar. 10)
• Government to Test E-Passports in San Francisco. The Department of Homeland Security will begin testing e-Passports on Sunday at San Francisco International Airport. The e-Passports contain Radio Frequency Identification chips, which transmit information wirelessly. Testing conducted last year revealed that "contactless" passports impede the inspection process, according to documents (pdf) recently obtained by EPIC under the Freedom of Information Act. EPIC has urged (pdf) the agency to abandon the use of such technology in passports because of significant security and privacy issues. For more information, see EPIC's RFID page. (Jan. 13)
• Minnesota Will Begin Using Face Recognition on Driver's Licenses. Minnesota Gov. Tim Pawlenty has announced plans to add facial recognition technology to driver's licenses as part of a plan protect consumers from identity theft. This plan includes stronger criminal penalties for hackers and others who abuse access to personal data on computers. The state will scan photos on current driver's licenses to create the new facial recognition files. (Jan. 9, 2006)
  
• Australian Airport to Test Biometrics. The Australian Immigration minister announced a six-month biometrics trial at the Sydney airport. During the testing, fingerprints, iris scans, and facial data will be collected from selected travelers on a voluntary basis. About 9 million people per year enter and exit Australia. The trial is part of a four-year program of testing and implementing biometrics systems across different government departments. (Sept. 29)
• Australian Police to Carry Portable Fingerprint Scanners. New South Wales Police will begin using portable, handheld fingerprint scanners by the end of 2006. These portable biometric devices, made by French electronics company Sagem, can be used during routine traffic stops for on-the-spot identity checks. They hold up to 100,000 fingerprints, according to Sagem. (Oct. 14)
• More Biometric Information Gathered for US-VISIT. The Department of Homeland Security announced that it would expand the collection of biometric data from visitors entering the country through the US-VISIT program. From its inception in 2003, the US-VISIT program has used a two-fingerprint identification system, but Homeland Security now will begin collecting a full ten-fingerprint set from travelers. This expands the already vast amount of personal data accumulated by the program, including some data about U.S. citizens and legal permanent residents. This information includes complete name, date of birth, citizenship, country of residence, address while in the United States, and such other information. (July 13)
• Germany Approves Plan to Add Biometric Data to Passports. The German Parliament has approved a proposal to introduce new electronic passports containing biometric data. A chip will contain a digital picture of the traveler's face, and store fingerprints starting in March 2007. These new "ePass" passports will be issued beginning in November. The ePass uses a Radio Frequency Identification chip to store and transmit information to specialized readers that will be installed in all border stations. Officials say the chip can only be read by calculating a special access code when the booklet is opened. The new passports will cost German citizens 59 Euros ($71) each, more than double their current cost of 23 Euros ($27). (July 8)
• Lufthansa, Siemens Roll Out Biometric Ticketing System. Lufthansa, Germany's national airline and the third biggest in Europe, is testing biometric ticketing on 400 of its employees at Frankfurt Airport. The system, designed by Siemens, translates a thumbprint into a barcode at check-in. Then, before boarding, the barcode is scanned and matched with the passenger's thumbprint for verification. The pilot project is called "Trusted Traveler" and is expected to be widely implemented by 2006. Lufthansa says the program will be voluntary, but will encourage its frequent fliers to have the thumbprint barcode added to their frequent flier cards. (July 6)
• Orlando Airport Debuts Biometric ID Traveler System. Orlando International Airport has begun test operations of a registered traveler program. In exchange for an exclusive security line and a guarantee against random secondary pat-down check, travelers offer their biometric information, fingerprints and iris scans, and undergo a background check by the Department of Homeland Security. Program participants, who must pay an $80 annual fee, still must have bags screened and go through a metal detector. (June 27)
• US Backs Down on Biometric Passports for EU. Acknowledging international concerns, the United States will revamp its biometric passport requirements to make it easier for foreign travelers from friendly nations to enter the country without a visa. The new passport standards require digital photographs to match with a person's unique physical characteristics by October and an embedded identification chip later. However, the Department of Homeland Security still plans to require expanded biometric data in passports in the future. (June 14)
• Congress Passes Controversial ID Bill Without Debate. The Senate yesterday approved the supplemental military spending bill to which the REAL ID Act had been attached. The legislation mandates federal identification standards and requires states DMVs, which have become the targets of identity thieves, to collect sensitive personal information. Legislators in both parties urged debate and more than 600 organizations opposed the legislation. The new licenses would have more personal information than current licenses, and may include biometric identifiers. (May 11)
• EPIC Urges Privacy Review of Transportation Biometric ID. In comments filed today, EPIC urged the Transportation Security Administration to delay its test of biometric technology for transportation workers until it conducts a comprehensive Privacy Impact Assessment. The assessment should allow the agency "to ensure protection of the privacy rights of program members." EPIC said that the program must comply with the federal Privacy Act and noted that there are unique problems associated with biometric technologies, including the varying degrees of error, the risk of circumvention, and the likelihood of "mission creep." (Mar. 18, 2005)