Focusing public attention on emerging privacy and civil liberties issues

Biometric Identifiers

Latest News/Events

  • EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques: Today EPIC, and several privacy organizations, filed a complaint with the Federal Trade Commission about Facebook's automated tagging of Facebook users. EPIC alleged that the service was unfair and deceptive and urged the FTC to require Facebook to suspend the program, pending a full investigation, the establishment of stronger privacy standards, and a requirement that automated identification, based on user photos, require opt-in consent. EPIC alleged that "Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook." EPIC warned that "absent injunctive relief by the Commission, Facebook will likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control." EPIC has previously filed two complaints with the Commission regarding Facebook. For more information see EPIC: Facebook Privacy. (Jun. 10, 2011)
  • National Academies Releases New Report on Biometrics: The National Academy of Sciences has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. See EPIC - Biometric Identifiers and EPIC - Iraqi Biometric Identification System. (Sep. 28, 2010)
  • US Withdrawal from Iraq Raises Questions about Future of Biometric Database: President Obama's address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices "contravene international treaties and could lead to potentially devastating consequences." EPIC, PI, and HRW urged the Defense Department to "adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information." For more information, see EPIC - Iraqi Biometric Identification System. (Sep. 1, 2010)
  • Busted Biometric Traveler ID May Return to US Airports: "Clear," the flawed airport security program that gathered biometric data on hundreds of thousands of travelers before the company went bankrupt, may return with a new operator. The assets of Verified Identity Pass -- including the fingerprints and iris patterns of previous customers -- have been sold at auction to AlClear, which intends to restart the program.  In Congressional testimony in 2005, EPIC warned that the Registered Traveler program should be subject to the federal Privacy Act. For more information, see EPIC Spotlight On Surveillance: Registered Traveler Card, EPIC "Clear" (May. 4, 2010)
  • Congressional Leaders Press Obama on Privacy Board: Chairman Bennie Thompson and twenty members of the House of Representatives sent a letter to President Obama seeking the immediate nomination of members to the Privacy and Civil Liberties Oversight Board. The Privacy Board was active during the Bush Administration, but the Obama administration has moved slowly to reconstitute the advisory body. No hearings have been held and no reports have been issued. The board is intended to provide advice on the civil liberty implications of programs that effect the rights of citizens, such as the use of Whole Body Scanners by the TSA, biometic identifiers, and cyber security policy. (Mar. 30, 2010)
  • Worker Biometric ID Under Consideration in US: Senators Charles Schumer and Lindsey Graham have proposed a new national identity card. The Senators would require that "all U.S. citizens and legal immigrants who want jobs" obtain a "high-tech, fraud-proof Social Security card" with a unique biometric identifier. The card, they say, would not contain private information, medical information, or tracking techniques, and the biometric identifiers would not be stored in a government database. EPIC has testified in Congress and commented to federal agencies on the privacy and security risks associated with national identification systems and biometric identifiers. For more information, see EPIC: National ID and the REAL ID Act, EPIC: Biometric Identifiers, and the Privacy Coalition’s Campaign Against REAL ID. (Mar. 24, 2010)
  • EPIC Urges Increased Privacy for "Global Entry" Registered Traveler Program: On January 19, EPIC filed comments with the US Customs and Border Protection (CBP), urging the agency to “to revise its establishment of the Global Entry program and to reconsider the privacy and security implications of the program.” CBP proposed to make permanent the Global Entry program, under which pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. EPIC urged CBP to ensure that Global Entry complied with the Privacy Act and to conduct a separate Privacy Impact Assessment. Those measures are particularly pressing in light of recent problems, including data breaches and bankruptcy, experienced by “Clear,” a similar registered traveler program. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for registered traveler programs would jeopardize air traveler privacy and security. For more information, see EPIC Global Entry, EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Jan. 28, 2010)
  • Congress Begins Hearings on the "Trouser Bomber" and Intelligence Reform: The Senate Judiciary Committee and the Senate Committee on Homeland Security opened hearings today on airline security and the intelligence failure on December 25. Questions about privacy and civil liberties were raised frequently by senators. Specifically, senators asked about the adequacy of privacy safeguards for the body scanners, database profiling, biometric identification, and the status of the President's Civil Liberties and Privacy Oversight Board. According to documents obtained by EPIC through a Freedom of Information Act request, the body scanners ordered by the TSA are designed to store and record images of American air travelers. EPIC has scheduled a press conference at the National Press Club on January 25 on "Body Scanners and Privacy.” (Jan. 20, 2010)
  • DHS Announces "Global Entry" Biometric Identification System for U.S. Airports: Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging. (Nov. 19, 2009)
  • Senate Judiciary Committee Considers National Biometric Identification System: Senator Schumer (D-NY) is proposing a new system to track all US workers to determine employment eligibility. The plan for the employment verifiability system involves the collection of biometric information. The Department of Homeland Security would approve or disapprove individuals for employment. Automated biometric identification systems raise questions about the scalability, reliability, accuracy, and security of the data collected. See EPIC Biometric Identification. (Jul. 22, 2009)
  • U.S. Now Collects All 10 Fingerprints of Foreign Visitors. Under border control system US-VISIT, the Department of Homeland Security will begin collecting a full set of fingerprints from foreign visitors to the U.S. Since 2004, US-VISIT has only required two-print collection. The database now includes 90 million sets of prints. EPIC has said that the system lacks adequate privacy and security safeguards. For more information, see EPIC's page on US-VISIT. (Feb. 27)
  • European Union to Fingerprint All Foreign Travelers. The European Union released a plan (pdf) to begin collecting the fingerprints of all foreign travelers when they cross the border of any EU country. The collection of the travelers' identity will be at both entry and exit of the Schengen border-free zone, which allows borderless travel among EU countries. Many privacy organizations have raised questions about this massive database of fingerprints, including Privacy International. Privacy groups explained that there have been numerous security breaches of government databases and adequate safeguards might not be created, making the information susceptible to loss or theft. (Feb. 15)
  • FBI Seeks to Build Massive Identification System. The Federal Bureau of Investigation awarded a $1B, 10-year contract to design, develop, document, integrate, test, and deploy the Next Generation Identification (NGI) System to Lockheed Martin. This new database will expand on the current fingerprint-based system; the FBI willincrease its collection and storage not only fingerprints but also iris scans, palm prints and facial images. The FBI is also in talks with the U.K. police to establish a unified database for the tracking of this biometric information. The U,K. has said that the new NGI System could easily be integrated with the U.K.'s current Ident1 database. Critics have highlighted the problems created by such massive system that would share data, includinginaccurate or fake information. (Feb. 14)
  • Airport Uses Iris Scans to Track Employees. For the first time in the UK 25,000 employees of the Manchester Airport are now required to use iris scan identification to access restricted areas. This new iris scan system is in addition to the current access control cards and Personal Identification Numbers already in use at the airport. When entering any checkpoint the staff will now need to swipe their ID card, enter their PIN before entering the iris scan booth. No mention of the method of data security has been released from the airport but assurances that the information will not be shared have been made. (Jan. 24, 2008)

Background

The tragic events of September 11, 2001, have led to a closer examination of security measures that might have foiled those devastating attacks and that might prevent similar attacks in the future. Prominent among the various measures being considered is the use of devices that check a person's identity using biometric identifiers such as fingerprints, iris/retina, or facial patterns. Soon after the attacks, Larry Ellison, head of California-based software company Oracle Corporation, advocated the deployment of mandatory national ID cards with fingerprint information to be matched against a national database of digital fingerprints to confirm the identity of the card's carrier. There have been recent discussions between the United States and the European Union concerning the creation of biometric passports.

Biometric identifiers are of course widely used by people to identify each other ñ one might recognize a friend by the sound of her voice, the color of her eyes, or the shape of her face. Devices using biometric identifiers attempt to automate this process by comparing the information scanned in real time against an "authentic" sample stored digitally in a database. The technology has had several teething problems, but now appears poised to become a common feature in the technological landscape.

The most widely used biometric is the fingerprint identifier. A June 2004 report by National Institute of Standards and Technology (NIST) showed that one-fingerprint identification systems had an accuracy rate of 98.6 percent, while the accuracy rate rose to 99.6 when two fingerprints were used and 99.9 when four, eight and ten fingerprints were used. The report also showed that the accuracy rate for fingerprint identification drops as the age of the person increases, especially for those more than 50 years old.

The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program marked its first anniversary in early January and extended its entry/exit biometric capturing system to 50 of the busiest land ports of entry. The system requires two digital index finger scans as well as a digital photograph of the visitor, which are intended to verify identity and are compared to a vast network of government databases.

There are significant privacy and civil liberties concerns regarding the use of such devices that must be addressed before any widespread deployment. Briefly there are six major areas of concern:

Storage. How is the data stored, centrally or dispersed? How should scanned data be retained?

Vulnerability. How vulnerable is the data to theft or abuse?

Confidence. How much of an error factor in the technology's authentication process is acceptable? What are the implications of false positives and false negatives created by a machine?

Authenticity. What constitutes authentic information? Can that information be tampered with?

Linking. Will the data gained from scanning be linked with other information about spending habits, etc.? What limits should be placed on the private use (as contrasted to government use) of such technology?

Ubiquity. What are the implications of having a electronic trail of our every movement if cameras and other devices become commonplace, used on every street corner and every means of transportation?

News Items

Resources

Previous Top News

  • Human Rights Organizations Urge US Secretary of Defense to Investigate Biometric Database of Iraqis. In a letter to Secretary of Defense Robert Gates, EPIC, Privacy International, and Human Rights Watch warn that a new system of biometric identification contravenes international privacy standards and could lead to further reprisals and killings. The groups cite the particular risk of identification requirements in regions of the world torn by ethnic and religious division. The groups also note a 2007 report from the Pentagon's Defense Science Board that said military use of biometric data raise substantial privacy concerns. For a discussion of identity systems and threats to privacy, see "Privacy and Human Rights Report 2005." See also Privacy International resources. (Jul. 27)
  • Britain Increasing Use of Biometrics on Schoolchildren. The British Educational Communications and Technology Agency (BECTA) released guidelines for UK schools, "BECTA Guidance on the Use of Biometric Systems in Schools." BECTA explained that the collection of schoolchildren's fingerprints is covered under the Data Protection Act of 1998, care must be taken if such data is collected, and "schools have a duty to ensure that all the personal data they hold is kept secure." At the same time, the UK Information Commissioner's Office also issued guidance (pdf) on biometrics collection from schoolchildren, who can be as young as five years old. The Office agreed that such data collection was covered by the Data Protection Act of 1998 and told schools that they "should explain the reasons for introducing the system, how personal information is used and how it is kept safe." It is not known if parents fully understand that, when investigating a crime, the UK police are allowed to access schools' biometric databases without parental permission. (Jul. 23)
  • U.S. Military Builds Biometric Database on Iraqis. USA Today reports that U.S. troops are using mobile scanners to capture fingerprints, eye scans, and input other personal data from hundreds of thousands of Iraqis. Although General Patraeus has indicated that the purpose is to identity insurgents, U.S. troops are stopping Iraqis at homes, checkpoints, workplaces, and "In several neighborhoods in and around Baghdad, troops have gone door to door collecting data." A March report (pdf) from the Pentagon's Defense Science Board said military use of biometric data raise substantial privacy concerns. For a discussion of identity systems and threats to privacy, see "Privacy and Human Rights Report 2005." See also Privacy International resources. (Jul. 18)
  • Federal Air Marshals to Surreptitiously Photograph Travelers. The US Department of Homeland Security is investing in face recognition technology so that federal marshals can surreptitiously photograph people in airports, bus and train stations, and elsewhere to check whether they are in terrorist databases. The Los Angeles police department already is using handheld facial recognition devices. See EPIC's Video Surveillance page. (May 10)
  • EPIC Recommends Against Use of Universal Identifiers. In comments (pdf) to the Federal Trade Commission, EPIC warned against using universal identifiers, such as biometrics, in authentication systems. EPIC explained that a biometric identifier cannot be changed by a victim once his or her identity has been breached -- a fingerprint is unalterable. "Any move toward universal identifiers, while potentially deterring amateur thieves, increases the potential for misuse once determined criminals steal that data," EPIC said. For more information, see EPIC's National ID Cards and REAL ID Act page. (Mar. 23)
  • Joint Paper on Biometric Encryption Released. Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, released a joint research paper with Dr. Alex Stoianov, an internationally recognized biometrics scientist. The paper, entitled, "Biometric Encryption: A Positive Sum Technology that Achieves Strong Authentication, Security AND Privacy," discussed how biometrics can be deployed in a privacy-enhanced way that minimizes the potential for surveillance and abuse, maximizes individual control, and ensures full functionality of the systems in which biometrics are used. The paper suggested that biometric encryption could address the privacy, security and trust problems of current biometric information systems. With biometric encryption, instead of storing a sample of one's fingerprint in a database, you can use the fingerprint to encrypt or code some other information, like a PIN or account number, or cryptographic key, and only store the biometrically encrypted code, removing the need to collect and store the biometric itself. (Mar. 14)
  • European Commission Plans Multinational 'Centralised Database of Fingerprints.' The European Commission has revealed (pdf) that one of its "key actions envisaged for 2008" is "implementing a centralised database of fingerprints." The proposal for a massive database of fingerprints from all 27 EU countries prompted accusations of "Big Brother Europe." The database would include fingerprints of suspects and people released without charge, as well as those convicted of crimes. The cost and scope of the massive EU-wide fingerprint database are being assessed, but the goal is to create the database by the end of 2008. Questions remain about whether the third-party countries, such as the United States, would have access to this centralized repository of EU citizens' fingerprints. (Feb. 21)
  • Prum Treaty Signatories Agree to Share Access to Fingerprint and Motor Vehicle Databases. Home Affairs ministers of signatories to the Prum Treaty agreed to share access to each nation's fingerprint and motor vehicle databases. Austria, Belgium, France, Germany, Luxembourg, Netherlands, and Spain signed the treaty in 2005. Italy, Finland, Portugal, Romania, Slovenia, and Sweden and Romania issued formal notification of their wish to sign, as well. This continues an expansion of international sharing of fingerprint data. The Philippines and the US are cooperating on a joint database. (Jan. 15, 2007)
  • UK to Gather Biometrics From Foreign Nationals. The UK Home Office today announced a plan to "record[] biometrics for everyone from the 169 nationalities outside the [European Economic Area] applying to work, study or stay in the UK for more than six months, and for people from 108 nationalities applying to visit the UK," to be implemented by 2008. The UK plans (pdf) to record fingerprints and facial images and also plans to begin issuing biometric ID documents to foreign nationals by 2008. (Dec. 19)
  • Police Increasingly Using Handheld Fingerprint Scanners. Traditionally, fingerprint biometrics have been used in law enforcement investigations of crimes; used in laboratories and courts to identify criminals. However, law enforcement has begun using fingerprint databases outside of these contexts. In Australia and the UK, police now carry handheld fingerprint scanners so that they can quickly identify people on the streets, such as drivers who are pulled over for a traffic violation or pedestrians "suspected" of criminal offenses. The police obtain "permission" from suspects, but the voluntariness of such permission is suspect, and then check for matches in a database containing 6.5 million fingerprints. The portable biometric devices used by Australian police are made by French electronics company Sagem and can hold up to 100,000 fingerprints. (Nov. 22)
  • European Data Protection Supervisor Says Biometrics Are Unreliable. European Data Protection Supervisor Peter Hustinx criticized (pdf) the increasing usage of biometric identifiers and databases by governments. He said that fingerprint and DNA identifiers are too inaccurate. He also called for stronger data protection legislation for these large databases. (Mar. 10)
  • Government to Test E-Passports in San Francisco. The Department of Homeland Security will begin testing e-Passports on Sunday at San Francisco International Airport. The e-Passports contain Radio Frequency Identification chips, which transmit information wirelessly. Testing conducted last year revealed that "contactless" passports impede the inspection process, according to documents (pdf) recently obtained by EPIC under the Freedom of Information Act. EPIC has urged (pdf) the agency to abandon the use of such technology in passports because of significant security and privacy issues. For more information, see EPIC's RFID page. (Jan. 13)
  • Minnesota Will Begin Using Face Recognition on Driver's Licenses. Minnesota Gov. Tim Pawlenty has announced plans to add facial recognition technology to driver's licenses as part of a plan protect consumers from identity theft. This plan includes stronger criminal penalties for hackers and others who abuse access to personal data on computers. The state will scan photos on current driver's licenses to create the new facial recognition files. (Jan. 9, 2006)
  • Australian Airport to Test Biometrics. The Australian Immigration minister announced a six-month biometrics trial at the Sydney airport. During the testing, fingerprints, iris scans, and facial data will be collected from selected travelers on a voluntary basis. About 9 million people per year enter and exit Australia. The trial is part of a four-year program of testing and implementing biometrics systems across different government departments. (Sept. 29)
  • Australian Police to Carry Portable Fingerprint Scanners. New South Wales Police will begin using portable, handheld fingerprint scanners by the end of 2006. These portable biometric devices, made by French electronics company Sagem, can be used during routine traffic stops for on-the-spot identity checks. They hold up to 100,000 fingerprints, according to Sagem. (Oct. 14)
  • More Biometric Information Gathered for US-VISIT. The Department of Homeland Security announced that it would expand the collection of biometric data from visitors entering the country through the US-VISIT program. From its inception in 2003, the US-VISIT program has used a two-fingerprint identification system, but Homeland Security now will begin collecting a full ten-fingerprint set from travelers. This expands the already vast amount of personal data accumulated by the program, including some data about U.S. citizens and legal permanent residents. This information includes complete name, date of birth, citizenship, country of residence, address while in the United States, and such other information. (July 13)
  • Germany Approves Plan to Add Biometric Data to Passports. The German Parliament has approved a proposal to introduce new electronic passports containing biometric data. A chip will contain a digital picture of the traveler's face, and store fingerprints starting in March 2007. These new "ePass" passports will be issued beginning in November. The ePass uses a Radio Frequency Identification chip to store and transmit information to specialized readers that will be installed in all border stations. Officials say the chip can only be read by calculating a special access code when the booklet is opened. The new passports will cost German citizens 59 Euros ($71) each, more than double their current cost of 23 Euros ($27). (July 8)
  • Lufthansa, Siemens Roll Out Biometric Ticketing System. Lufthansa, Germany's national airline and the third biggest in Europe, is testing biometric ticketing on 400 of its employees at Frankfurt Airport. The system, designed by Siemens, translates a thumbprint into a barcode at check-in. Then, before boarding, the barcode is scanned and matched with the passenger's thumbprint for verification. The pilot project is called "Trusted Traveler" and is expected to be widely implemented by 2006. Lufthansa says the program will be voluntary, but will encourage its frequent fliers to have the thumbprint barcode added to their frequent flier cards. (July 6)
  • Orlando Airport Debuts Biometric ID Traveler System. Orlando International Airport has begun test operations of a registered traveler program. In exchange for an exclusive security line and a guarantee against random secondary pat-down check, travelers offer their biometric information, fingerprints and iris scans, and undergo a background check by the Department of Homeland Security. Program participants, who must pay an $80 annual fee, still must have bags screened and go through a metal detector. (June 27)
  • US Backs Down on Biometric Passports for EU. Acknowledging international concerns, the United States will revamp its biometric passport requirements to make it easier for foreign travelers from friendly nations to enter the country without a visa. The new passport standards require digital photographs to match with a person's unique physical characteristics by October and an embedded identification chip later. However, the Department of Homeland Security still plans to require expanded biometric data in passports in the future. (June 14)
  • Congress Passes Controversial ID Bill Without Debate. The Senate yesterday approved the supplemental military spending bill to which the REAL ID Act had been attached. The legislation mandates federal identification standards and requires states DMVs, which have become the targets of identity thieves, to collect sensitive personal information. Legislators in both parties urged debate and more than 600 organizations opposed the legislation. The new licenses would have more personal information than current licenses, and may include biometric identifiers. (May 11)
  • EPIC Urges Privacy Review of Transportation Biometric ID. In comments filed today, EPIC urged the Transportation Security Administration to delay its test of biometric technology for transportation workers until it conducts a comprehensive Privacy Impact Assessment. The assessment should allow the agency "to ensure protection of the privacy rights of program members." EPIC said that the program must comply with the federal Privacy Act and noted that there are unique problems associated with biometric technologies, including the varying degrees of error, the risk of circumvention, and the likelihood of "mission creep." (Mar. 18, 2005)