Biometric data blows up

EFF's Jennifer Lynch discusses the expansion of biometric data collection and the growth of databases

Published June 28, 2012 3:02PM (EDT)

This article originally appeared on AlterNet.

The next time you get pulled over, watch for a blocky, black gadget attached to the officer's iPhone. That's the MORIS device, one of many mobile fingerprint and biometric scanners proliferating in police departments around the country. MORIS is designed to ascertain identity and dig up an unsavory past, but that's not all: the device can also gather iris scans, fingerprints, and photos searchable with face recognition technology.


Mobile scanners like MORIS are just one of the many ways biometric data (unique, identifying physical features including fingerprints, DNA or iris scans) is collected and potentially fed into government and private biometric databases that have swelled in both size and sophistication in the decade after 9/11.

The Department of Justice is expanding its fingerprint database to include iris scans, photos searchable with face recognition technology, scars, tattoos, and measures of voice and gait. The DoD collects iris scans, prints and face recognition photos from anyone coming in and out of Afghanistan; Department of Homeland Security gathers face recognition photos and fingerprints from people entering the U.S. Even motor vehicle departments in many states use face recognition technology to ID people when they get their licenses, and they tend to be cooperative with criminal investigations. The big agencies are also increasingly making their databases interoperable, so an immigrant's print that lands in the DHS database (IDENT) can be accessed by the FBI. Information is also shared with foreign governments and private companies.

In a recent EFF (Electronic Frontier Foundation) report, Jennifer Lynch chronicles the growth of biometric databases that contain everything from fingerprints to DNA to iris scans and face recognition images. Unsurprisingly, immigrants are one of the likeliest targets; Lynch talks about the LAPD's habit of cruising streets where day laborers gather and picking up their fingerprints with mobile scanners. The Secure Communities program, a more large-scale and catastrophic example, lets police send fingerprints to the FBI, which can share the information with DHS, which then deploys ICE to detain and deport undocumented immigrants.

AlterNet spoke with Lynch about the expansion of biometric data collection, the growth of databases and the impact on increased surveillance on citizens and immigrants alike.

Tana Ganeva: The scope of this data collection is so overwhelming. What are they trying to collect and why?

Jennifer Lynch: I totally agree that the scope of data collection is overwhelming. There's just so much that the federal government collects at this point. And there's so much data sharing going on between agencies, so many points of interaction with the government where data is collected. The data is pretty massive at this point.

Some of the key places the government collects data are at any kind of border crossing, if you're not a US citizen -- or what they call a "non-US person" -- or if you interact with the criminal justice system. And those are the two main ways that your data can be collected by the government.

TG: By "interact" with the criminal justice system, you don't mean just a conviction, but any encounter with police, like getting pulled over, right? You don't actually have to be guilty of something?

JL: Yes, any sort of arrest, and at this point, it could be as minimal as being stopped for a moving violation, because lots of police officers carry mobile fingerprint scanners. As I talked about in the report, even if you're just standing in the street corner in Los Angeles, trying to get a job, you can get your fingerprints scanned. So there are a number of ways even just the common citizen could have their fingerprints collected by the federal government.

Another example that happens pretty frequently is in a domestic violence situation. Let's say someone calls the cops because he or she is being abused, and the cops get there and they're not sure who instigated it and they pick up both parties. And so even in that situation the victim could have their fingerprints collected.

The same thing happens at border crossings for people who are non-US citizens: fingerprints are collected. At this point it's a 10 print scan -- it used to be your index finger or thumb but now it's all 10 fingerprints. It's also a photo, and the FBI now has a facial recognition database and the DHS is building out their facial recognition database as well.

TG: So it's not just fingerprints -- that's sort of a holdover from the '90s -- they're also expanding what they collect, like face recognition photos and iris scans.

JL: It's interesting because those of us in the civil liberties world have two main arguments. One is that this is an infringement of our privacy rights and our right to have certain things kept private from the government. But another argument is that this data isn't accurate, and this is especially true of immigration databases -- the data is notoriously inaccurate, but also DNA collection. There have been lots of cases where DNA has been thrown out. So what the federal government is saying now is that because the data can be inaccurate, or let's say someone doesn't have fingerprints anymore if they're a laborer or something, the government can collect more data to make the database more accurate.

The problem with that is that it just increases the ability of the federal government to track people. Once facial recognition becomes more accurate -- you know, there are cameras everywhere in our world -- not just ones controlled by the government, there are also private cameras and street corner cameras.

TG: And face recognition also presents the danger of people's identifying information being scooped up and logged without any interaction with law enforcement -- for example, during a political protest.

JL: There's a great example of this from the Stanley Cup in British Columbia. There's this photo you can find online that's a gigapixel photograph from a bunch of security cameras that were already in place and the image was stitched together so you could look down the street and see what looks like 100,000 people. If you look at the original picture, you think, "How could I ever identify people in that picture?" But you can drill down to where you can identify people. And when the Stanley Cup riots happened in British Columbia there was a lot of looting and the government tried to match the pictures of the looters to photographs the DMV had already collected in their facial recognition database.

Of course, we don't want to condone the destruction of property, but it's interesting that just anybody on the street can take your picture and give it to the cops and the picture can correlate with another picture in a database thanks to facial recognition.

TG: Law enforcement will often argue that in public privacy protections don't really apply since anyone can technically see what you're doing.

JL: We've always had a level of anonymity through obscurity, because people are not taking photographs wherever they go -- and we rely on that in how we interact with the world and I think that's key to a democratic society, that we don't have somebody watching over us all the time. And that's true even if you're in a public place. When people are in a public place they recognize people can see what they're doing -- but not that they're being tracked, that they're being monitored, watched from place to place as they move about their lives.

TG: How have things evolved since 9/11?

JL: One of the things that came out in the 9/11 commission report is just how siloed the government was when it came to data sharing and how that contributed to several parts of the federal government having pieces of the puzzle before 9/11 and not talking to each other. And so after 9/11, we had several executive orders and some changes in the law that required data sharing and required federal government databases to be interoperable. and there's very good reasons for this -- if the DHS has somebody's records on their immigration status and there's something in there about their border crossing and we suspect them of being a terrorist and we actually have probable cause for that, you want the FBI to get access to that information.

The problem is, for the most part we're just talking about regular people, very small-time criminals or even people most people wouldn't consider criminals, like people who've been charged with a tail-light violation or for driving too fast, or domestic violence victims. And the data is being swept up and collected by the federal government. That's what happened in the years after 9/11.

And the whole reason we never had data-sharing before is purely because we have very different standards for criminal justice investigations and terrorism investigations. And if you combine all that data, share all that information, then you may be collecting information using a very low standard of suspicion and then using that data for criminal justice purposes, which is what we see with some of the National Security letters.

TG: One example of the potential problems that arise with data-sharing is Secure Communities.

JL: Secure Communities is a perfect example of that because states, as part of their data-sharing with the federal government, send all their fingerprints to federal agencies and that's a good thing for states because they know if somebody they pick up has been charged with a crime in a different jurisdiction. But what the states didn't agree to or didn't understand was this backend sharing between the FBI and DHS and that was what Secure Communities became, because the FBI sent fingerprints to the DHS database and they were matched for suspected immigration infractions, then DHS, or ICE, put a detainer or a hold on that person and just came and picked them up and had a lot of people deported -- and something like 3,000 people deported who were actually US citizens -- because the immigration databases are so inaccurate.

TG: And that was also another instance where domestic violence victims were getting picked up right?

JL: There were examples of that, where a victim would call in to report domestic violence, and as is common they wouldn't be able to figure out who was a victim and who was the abuser and they would just pick up both people and that's especially problematic if you're talking about families. I have a son and I think about it from that perspective. A lot of times parents would get picked up, by LAPD or whoever the local police department is, and have a detainer put on them by ICE and get deported even though they have kids living in this country. I just can't imagine having to deal with that, having to know your kids don't have somebody waiting for them at school. It seems tragic to me.

TG: What are some other ways these data-collection efforts dovetail with other surveillance initiatives like the monitoring of social networks or location tracking?

JL: In this scenario we don't know much about what the data-sharing is. We do know that several branches of federal agencies have what they call open source databases, so they're collecting publicly available information on Facebook, or on comments on the New York Times Web site, or whatever is publicly available. So they have databases that are designed to collect and sift through data and try and find threats.

They used this during President Obama's inauguration four years ago, they've used it to try to determine threats at the Olympics, so there are some good uses for this, but it's also not clear where this data is going and what it's being used for, especially since if you use Facebook there's a certain amount of data they will allow to be public, so, your name and a photograph. There's a lot of other data people will share in the world that they don't think is going to be sniffed up by the federal government.

TG: I think the standard, law-enforcement argument here is that if you're not a bad guy, you've got nothing to worry about. How would you answer that?

JL: That's the government's line, but I think we come back to the fact that we live in a democratic society and that's never been accepted as the way we want to live. If you go back in history and look at people who were surveilled by the FBI over the past century -- they're people like MLK, like the nuns who were activists in the politics of Central and South America. There are people accused of being communists for no other reason than they attended a meeting or they were friends with somebody.

All those people were surveilled, and it was determined that that's not the way we want to live and because of that the attorney general issued specific guidelines that restricted when the FBI could infiltrate meetings surreptitiously, when they could collect information on people, and I think that's really important for the society in which we live and it's a slippery slope. The more that we accept that we need to give up our civil liberties to protect ourselves, the less we live in a society that is the one that we want to live in.

By Tana Ganeva

MORE FROM Tana Ganeva

Related Topics ------------------------------------------

Alternet Crime Privacy Technology