Friday, 21 May 2004

USA Congressional hearing on biometric identification of travellers

The Subcommittee on Aviation of the Committee on Transportation and Infrastructure of the USA House of Representatives (a mouthful, yes?) held a hearing this Wednesday, 19 May 2004, on "The Use Of Biometrics To Improve Aviation Security" and for other travel-related purposes.

The witnesses included government representatives of the Border and Transportation Security Directorate of the Department of Homeland Security and the General Accounting Office, as well as representatives of companies and industries hoping to sell biometric technology to the DHS.

The clearest contrast was between the testimony of the GAO and that of Martin Huddart, Chairman of the Board of Directors of the International Biometrics Industry Association.

In testimony that made no mention of the potential civil liberties or privacy costs of biometric identification, Huddart told the Subcommittee that, "The need to deploy biometrics to help ensure aviation security is no longer a matter of real debate."

It may be true that real debate isn't happening, and that biometrics vendors want the government to rush out and buy their products without real debate, but that doesn't mean debate isn't necessary, as the GAO report presented at the hearing made very clear:

Because there is no general agreement on the appropriate balance of security and privacy to build into a system using biometrics, further policy decisions are required. The range of unresolved policy issues suggests that questions surrounding the use of biometric technology center as much on management policies as on technical issues....

We have found that three key considerations need to be addressed before a decision is made to design, develop, and implement biometrics into a security system:

  1. Decisions must be made on how the technology will be used.
  2. A detailed cost-benefit analysis must be conducted to determine that the benefits gained from a system outweigh the costs.
  3. A trade-off analysis must be conducted between the increased
    security, which the use of biometrics would provide, and the effect on areas such as privacy and convenience.

There were no big surprises in the testimony of Stewart Verdery, Assistant Secretary for Policy of the Border and Transportation Security Directorate, USA Department of Homeland Security. But this was perhaps the first time that the DHS has explicitly and publicly linked many of its traveller identification initiatives -- the Transportation Worker Identification Credential (TWIC), US-VISIT, Airport Access Control, and Registered Traveler programs -- as part of a common plan for identification and monitoring of international and domestic travelers and travel industry workers.

CAPPS-II wasn't mentioned, even though it would also include an identification credential requirement, probably because CAPPS-II is so discredited that the DHS didn't want to be questioned about it or have its bad reputation rub off on the other programs.

The proposed ICAO biometric/RFID passport standards weren't mentioned either, despite being under discussion this week in Montréal by ICAO's Working Group on Machine Readable Travel Documents. That's a disturbing sign that the DHS is still hoping to avoid having public or Congressional attention fall on the ICAO process until the biometric/RFID standards are a fait accompli with which the DHS can claim that the USA "must" comply -- even if they've been determined solely by criteria of efficiency and have never really been debated on policy or civil liberties grounds.

As I focused on at last week's seminar at Harvard on traveller identification, most of such debate as has occurred on these proposals has focused on their short-term effects: the humiliation of subjecting people to fingerprinting or mug shots; the nature and information contents of the ID cards or credentials; the requirement that they be carried, displayed, or exposed to remote reading; and their use in making decisions on who will be allowed to travel across borders, board airplanes, be subjected to more or less intrusive searches, and so forth.

But as the repeated linked references in the DHS's latest testimony to "biometric and biographic" data and databases made clear, the more important reason the government wants to identify each traveller is not to decide whether to let you travel today, but to ensure that -- whether or not you are now considered dangerous or under any suspicion, and even if you are now allowed to proceed without delay -- your movements today, and each other time you travel, will be recorded and can readily be indexed into a lifetime dossier of your travel "history" (retained for up to 100 years, i.e for life, in the case of US-VISIT, and for as long as CRS's or other companies consider it profitable to do so in the case of CAPPS-II), available for whatever future use may later be decided, by whomever may in the future gain access to it, in the USA or abroad.

As I said a few weeks ago:

The reality is that these "ID" programs will have great utility for both government and commerical surveillance, but little if any real security value. It's critical, therefor, that they be debated and evaluated as what they are: surveillance measures.

The fundamental goal of these schemes is the ability to know, at all times, the identity and location of each person in an airport or other transportation facility, or in an airplane or other vehicle. The logs generated by that surveillance are much more likely to be used in unrelated investigations and inquiries, after the fact, as part of permanent files recording our movements, than as part of any program that will actually prevent future terrorism.

Consumers and citizens have a well-founded fear that, despite the most unequivocal government promises, databases of personal information will be subject to misuse, sometimes decades later, for purposes completely different from those for which they were ostensibly or actually created. In the USA, we need look no further than the broken promise of President Roosevelt that, "only you and the Social Security administration will ever know your private Social Security number," the abuse of IRS tax files by President Nixon (and, some have also accused, President Kennedy) against their political "enemies", or the use of census data to facilitate the roundup and "internment" in what the USA government itself described as "concentration camps" of natural-born American citizens of Japanese ancestry during World War II.

The most important thing isn't the ID cards, the fingerprints, or the other uses of biometrics -- although secretly and remotely-readable RFID chips in mandatory travel documents are, everyone at the Harvard seminar agreed, a worst-case scenario. The key issue is the databases and dossiers whose creation and automated compilation they would enable, and the uses to which those might eventually be put.

Link | Posted by Edward on Friday, 21 May 2004, 10:29 (10:29 AM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?