registers and responses

This page considers biometric databases or collections - such as networked national fingerprint databases - and responses by civil society advocates and ordinary consumers.

It covers -

• introduction
• registers - scope and scale of fingerprint, DNA and other biometric databases
• integration or exchange -
• studies - what do we know about attitudes to biometrics?
• awareness and exposure - how many people have used biometric systems
• concerns - what do people think about biometrics?

    introduction

[under development]

    registers

Most biometric schemes involve reference databases - collections of 'legitimate' identifiers (in image or other formats) for authentication matching or for screening. Routinisation of data collection means that although some databases are small, for example restricted to people accessing a particular building, others have grown to cover much of the population.

The Australian AFIS database, for example, contains around 2.6 million fingerprint records from individual State and Territory Police Agencies, including what are claimed to be records from all people arrested since 1941 and records from a range of official probity checks (eg police applicants for appointment as a police officer).

In the US the Federal Bureau of Investigation's Integrated Automated Fingerprint Identification System (IAFIS), promoted as the world's the largest biometric database, holds prints of over 47 million subjects in a Criminal Master File (with prints and associated criminal history data being "submitted voluntarily by state, local, and federal law enforcement agencies", several of which contribute from discrete databases). Prints are acquired as a result of an arrest at the city, county, state or federal level; they are not expunged if prosecution does not proceed or the individual is pronounced not guilty. IAFIS also features 'civil' prints, acquired as part of background checks for "employment, licensing, and other non-criminal justice purposes where authorized by federal and state law and in compliance with appropriate regulations". That checking encompasses everything from the bullet-catchers at the Whitehouse to local dog catchers and health inspectors.

LArge-scale DNA databases are more recent - the first national DNA criminal database for example was established in the UK in 1995, almost one hundred years after initial fingerprint databases - but have grown rapidly. As at 2002 the UK national DNA database
held over 1.5 million DNA profiles collected from suspects and convicted criminals. New Zealand's national DNA databank, launched in 1996, held a more modest 16,000 profiles as at 2003 but was growing at around 25% pa. The FBI Combined DNA Index System (CODIS), dating from 1998, held a mere 600,000 convicted offender profiles but is forms part of that organisation's National DNA Index System enabling city, county, state and federal law enforcement agencies to compare DNA profiles electronically.

    integration or exchange

Concerns about a single, integrated database are misplaced and the exchange of information between dabases that use different biometrics is inhibited by the lack of standardisation discussed earlier in this note.

What we are seeing instead is the transmission of information between 'sister' databases (eg one fingerprint collection to another) - an extension of past practice in faxing or even using the post to disseminate details - and use of electronic gateways.

The so-called Schengen III agreement in Europe in mid-2005 thus provides that officials will for the pursuit of criminal offences have access (via 'contact points') to fingerprint and DNA databases maintained signatory countries, with access to fingerprint data also permitted for prevention of criminal offences. A suspect's identity will typically only be revealed once a formal legal request has been made, following awareness that a match has been made.

Civil liberties advocates have perceptively commented that although large-scale automated data mining across different databases (especially across those in several jurisdictions) may be impeded by technical constraints and administrative or legal protocols, in practice it is quite easy for 'one-off' searching to be done ... simply supply details to each human contact point in a government agency's peers. There are also concerns about 'leakage' and 'precautionary data collection', with for example concerns about trans-border exchange of passport information (or data about suspected terrorists, paedophiles and other offenders) with that information percolating into other systems in a way that is outside frameworks for accountability and correction.

    studies

What do people think about biometrics?

The answers are unclear, given the apparent range of opinions (and the intensity of some perceptions), the narrowness of most research and the tendency of some solution vendors/buyers to release conclusions without providing meaningful information about sample sizes/characteristics or questionnaire structure.

It is thus common to encounter claims that consumers welcome particular biometric applications (particularly if the application affects someone else, such as a refugee or recipient of welfare services) or that they are widely and deeply opposed to biometrics per se and are strongly concerned about potential misuses of biometric registers.

One of the few surveys specific to biometrics was a small US survey in 2001-2 for SEARCH on Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector (PDF).

It suggested that around 82% of respondents considered that fingerprint imaging was "somewhat acceptable" - post 9/11 in obtaining a passport, 84% to obtain entry into official buildings, 82% at airport check-ins, 77% to obtain a drivers license and 60% to rent a car.

91% were comfortable with officials creating a 'biometric database' of everyone convicted of a serious crime, "for use in later criminal investigations". 86% would supposedly allow biometric screening of welfare recipients, 87% would allow security guards to screen people entering a school (with a biometric database of convicted child molesters) and 90% would allow biometric checking of applicants for occupational licenses such as teachers, private security guards or nursing home staff.

Around 80% indicated that it was important that -

• biometric IDs only be used in ways known of and approved of by the individual
• people (including the stigmatised?) should be fully informed about how their ID is being used and why it is needed
• data should not be shared with other organisations
  Biometric IDs be collected knowingly, except in cases of national security
• there should be restrictions on combining biometric data and being and tracking people using biometric identification.

The figures are broadly consistent with conclusions in the 2001 RAND Army Biometric Applications: Identifying and Addressing Sociocultural Concerns study by John Woodward et al.

A 2004 US survey for solutions vendor EDS concluded that

• over 69% of respondents are "open to the idea of using biometrics" for identity management. ("Only 12 percent said no to biometrics, while 19 percent are unsure")
• 88% of the respondents willing to accept biometrics are in favor "because it is convenient and does not require them to remember passwords"
• 85% preferred finger prints, 84% chose voice recognition "for convenience and speed".

A 2006 US survey sponsored by vendor AuthenTec similarly claimed that "63% of consumers would pay extra to add fingerprint biometrics to their PC and notebook computers, while 71% would pay more for this feature in their cellular phones" and that "43% are most interested in using fingerprint sensors to replace their computer or internet passwords. ... 29% said they would be willing to pay more than $25 for the additional feature". It remains to be seen whether consumers would be prepared to match survey responses to action, and whether the sample is representative.

    awareness and exposure

In Australia and overseas attitudes to biometrics appear to reflect exposure to the technology (familiarity is generally associated with lower levels of anxiety) and sensitisation to privacy or other issues. Focus group and other mechanisms for teasing out attitudes suggest that the stance of some policymakers is in fact quite nuanced, with an appreciation of particular technologies but considerable skepticism about effectiveness - eg biometrics potentially 'authenticating' bad data - and wariness about misuse.

That wariness was reflected in the Australian Biometrics Institute draft Biometrics Privacy Code (PDF) - "to ensure that Australian citizens have a greater level of privacy protection than currently exists" - and in documents such as the Australian Law Reform Commission's 2003 Essentially Yours: The Protection of Human Genetic Information in Australia report and 2004 European Commission Biometrics at the Frontiers report (PDF).

The SEARCH survey suggested that among the small group of respondents who had provided identifiers, fingerprint scanning was the most commonly experienced technique (experienced by 82% in 2002), followed by signature dynamics (46%), hand geometry (19%), facial recognition (supposedly up from 4% in 2001 to 22% in 2002), voice recognition (27%) and 'eye recognition' (20%). oward fingerprinting may serve as some indication of attitudes toward identification. Around two in three US adults in the survey (69% in 2001 but down to 66% in 2002) reported having been fingerprinted for identification purposes, with roughly 90% feeling it was an appropriate requirement (although around 20% of the cohort indicated that "finger-imaging treats people like presumed criminals").

    concerns

Consumer concerns about databases reflect where people are standing.

Privacy International, in criticising ICAO standards for biometric-based passports, warned (PDF) in 2004 that

This is a potentially perilous plan. The ICAO must go back to the drawing board or hold itself responsible for creating the first truly global biometric database.

A spokesperson commented that

Governments may claim that they are under an international obligation to create national databases of fingerprints and face scans but we will soon see nations with appalling human rights records generating massive databases, and then requiring our own fingerprints and face-scans as we travel.

   next part  (culture)