WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Privacy Topics >Identity Systems

Identity Systems

Identity (ID) cards

Identity (ID) cards are in use in one form or another in virtually all countries of the world. The type of card, its functions, and integrity vary enormously. While several countries have official, compulsory, national ID cards that are used for a variety of purposes, many countries do not. These include Australia, Canada, Mexico, New Zealand, and the United States. Those that do have such a card include Argentina, Belgium, Egypt, France, Germany, Greece, Hong Kong, and Malaysia.[83]


Nationwide ID systems are established for a variety of reasons. Race, politics and religion often drive the deployment of ID cards.[84] The fear of insurgence, religious differences, immigration, or political extremism have been all too common motivators for the establishment of ID systems that aim to force undesirables in a State to register with the government, or make them vulnerable in the open without proper documents.


In recent years technology has rapidly evolved to enable electronic record creation and the construction of large commercial and state databases. A national identifier contained in an ID card enables disparate information about a person that is stored in different databases to be easily linked and analyzed through data mining techniques. ID cards are also becoming "smarter" – the technology to build microprocessors the size of postage stamps and put them on wallet-sized cards has become more affordable. This technology enables multiple applications such as a credit card, library card, health care card, driver's license and government benefit program information to be all stored on the same national ID along with a password or a biometric identifier. Governments in Finland, Malaysia, and Singapore have experimented with such "Smart" ID cards.


Proposals to establish national identity cards have invariably sparked protests in many countries. Currently, the UK government seeks to create a biometric national identification card linking together a variety of databases filled with personal data.[85] Although several expert reports have been released explaining the perils of such a national identity system, including some from the London School of Economics, the UK government is implementing the National Identity Register (NIR).[86] The UK also plans to create biometric visas and ID cards for non-citizens.[87] Groups such as the No2ID Campaign and Privacy International have been fighting the national identification system.[88]


Massive protests against the Australia Card in 1987 resulted in the near collapse of the government.[89] Australia is now debating legislation to implement the Access Card, which is supposed to replace 17 different identity cards used for a variety of government applications, including disability, unemployment, Medicare and veterans, but critics call it a national ID card.[90] Groups such as the Australian Privacy Foundation and Electronic Frontiers Australia are fighting implementation of the Access Card.[91] Australia is also compiling a massive database, including biometric data, linked to identity documents for non-citizens.[92]


In several countries, these systems have also been successfully challenged on constitutional privacy grounds. In 1998, the Philippine Supreme Court ruled that a national ID system violated the constitutional right to privacy.[93] In 1991, the Hungarian Constitutional Court ruled that a law creating a multi-use personal identification number violated the constitutional right of privacy.[94] The 1997 Portuguese Constitution states "Citizens shall not be given an all-purpose national identity number."[95]


In other countries, opposition to the cards combined with the high economic cost and other logistical difficulties of implementing the systems has led to their withdrawal. Card projects in South Korea and Taiwan were also stopped after widespread protests. In the United States, plans to convert the state driver's license into a nationwide system of identification have stalled because of the stiff resistance from a broad coalition of civil society groups.[96] Although the REAL ID Act was passed in the United States in May 2005,[97] states and public organizations have rebelled against the scheme.[98] Sixteen states have passed legislation rejecting REAL ID and there are also bills in both US legislative houses that would repeal the Act creating the national identification system.[99] At this time, it seems unlikely that Real ID will be implemented in the United States.

Biometrics

Biometrics is the identification or verification of someone's identity on the basis of physiological or behavioral characteristics.[100] Biometrics involves comparing a previously captured unique characteristic of a person to a new sample provided by the person. This information is used to authenticate or verify that a person is who they said they were (a one-to-one match) by comparing the previously stored characteristic to the fresh characteristic provided. It can also be used for identification purposes where the fresh characteristic is compared against all the stored characteristics (a one-to-many match). New biometric technology attempts to automate the identification or verification process by converting the provided biometric into an algorithm, which is then used for matching purposes. The computer matching technique necessarily produces either false positives, where a person is incorrectly identified as someone else, or false negatives, where a person who is meant to be identified by the system is not correctly identified. The two error rates are dependent, so for example reducing the number of false positives increases the number of false negatives. The tolerance level is adjusted depending on the need for security in the application.


The most popular forms of biometric ID are fingerprints, retina/iris scans, hand geometry (also called "palm prints"), and voice and face recognition, and digitized (electronically stored) images. The technology is gaining interest from governments and companies because, unlike other forms of ID such as cards or papers, it can be more difficult to alter or tamper with one's own physical or behavior characteristics. Important questions remain, however, about the effectiveness of the automated biometric matching techniques, particularly for large-scale applications.[101] Critics also argue that widespread deployment of biometric identification technology could remove the veil of anonymity or pseudo-anonymity in most daily transactions through the creation of an electronic trail of people's movements and habits.[102]


Biometrics schemes are being implemented across the world. The technology is widely used in small settings for access control to secure locations such a nuclear facility or bank vault. It is increasingly being used for broader applications such as retail outlets, government agencies, childcare centers, police forces and automated-teller machines.[103] A number of countries have created biometric RFID-enabled passports, as well. Spain has commenced a national fingerprint system for unemployment benefits and healthcare entitlements. Russia has announced plans for a national electronic fingerprint system for banks. Jamaicans are required to scan their thumbs into a database before qualifying to vote in elections. In France and Germany, tests are under way with equipment that puts fingerprint information onto credit cards. Many computer manufacturers are considering including biometric readers on their systems for security purposes.


Privacy officials and advocates have increasingly raised objections to the unfettered use of biometrics for identification. In March 2006, European Data Protection Supervisor Peter Hustinx criticized the increasing usage of biometric identifiers and databases by governments.[104] He said that fingerprint and DNA identifiers are too inaccurate. He also called for stronger data protection legislation for these large databases. In comments to the Federal Trade Commission during a 2007 consultation on "New Directions for ID Authentication," EPIC reiterated these risks, recommending the Commission review possible solutions to or ways to mitigate these problems.[105] Information and Privacy Commissioner of Ontario Dr. Ann Cavoukian has suggested that biometrics can be deployed in a privacy-enhanced way that minimizes the potential for surveillance and abuse, maximizes individual control, and ensures full functionality of the systems in which biometrics are used.[106]


Privacy issues also arise in the use of biometric systems during wartime. In July 2007, media reports revealed that U.S. troops are using mobile scanners to capture fingerprints, eye scans, and input other personal data from hundreds of thousands of Iraqis. Although General David Petraeus, commander of the Multi-National Force – Iraq, said the purpose is to identity insurgents, U.S. troops are stopping Iraqis at homes, checkpoints, workplaces, and "in several neighborhoods in and around Baghdad, troops have gone door to door collecting data."[107] In a July 2007 letter to Secretary of Defense Robert Gates, EPIC, Privacy International, and Human Rights Watch warned that a new system of biometric identification contravenes international privacy standards and could lead to further reprisals and killings.[108] The groups cite the particular risk of identification requirements in regions of the world torn by ethnic and religious division.[109] A year earlier, in July 2006, Shiite militiamen established a fake checkpoint and killed up to 50 Sunnis after examining their identification documents. The groups also noted a March 2007 report from the Pentagon's Defense Science Board that said military use of biometric data raise substantial privacy concerns.[110] The report categorized as particularly invasive mandatory systems in which the records include physiological data of citizens and employees, are collected by a public sector institution, and are held in database storage for an indefinite period. This is, however, precisely the sort of identification system now operating in Iraq. In its January 2007 report to the Human Rights Council, the Special Rapporteur of the United Nations noted that broad anti-terrorism profiling, particularly those that include data on ethnic origin, are prone to abuse in violation of non-discrimination and numerous other human rights norms.[111]


The most controversial form of biometrics – DNA identification – is benefiting from new scanning technology that can automatically match DNA samples against a large database in minutes. Police forces in several countries including Canada, Germany, and the United States have created national DNA databases. Samples are being routinely taken from a larger group of people. Initially, it was only individuals convicted of sexual crimes. Then it was expanded to people convicted of other violent crimes and then to arrests. Now, many jurisdictions are collecting samples from all individuals arrested, even for the most minor offenses. Former New York City Mayor Rudolf Giuliani even proposed that all children have a DNA sample collected at birth. In Australia, the United Kingdom, and the United States, police have been demanding that all individuals in a particular area voluntarily provide samples or face being considered a suspect. United States Attorney General Ashcroft has testified that he has asked the FBI to increase the capacity of its database from 1.5 million to 50 million profiles.[112]


At the same time, DNA data has been used as exculpatory evidence in many criminal trials. More than 200 people on death row in the United States have been exonerated as a result of DNA evidence.[113] Key policy questions in the criminal justice system concern the availability of funding to enable testing to prove innocence.

Biometric Passports

The USA PATRIOT Act, passed by the US Congress after the events of September 11, 2001 included the requirement that the President certify a biometric technology standard for use in identifying aliens seeking admission into the US, within two years. The schedule for its implementation was accelerated by another piece of legislation, the little known Enhanced Border Security and Visa Entry Reform Act 2002. Part of this second law included seeking international co-operation with this standard. The incentive to international co-operation was made clear: "By October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization (ICAO).


These laws gave momentum to the standards that were being considered at the ICAO by requiring visa waiver countries (which include many EU countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand, Norway, Singapore, and Slovenia) to implement biometrics into their Machine-Readable Travel Documents (MRTDs), i.e. passports. Failure to do so, presumably, means a removal from the program.


Moving the decision to the ICAO pushes the policy well beyond the Visa Waiver Program countries. The ICAO is the international standard-setter for passports already and the ICAO has been researching biometric passports since 1995. Since then the technologies have changed sufficiently to allow for facial recognition, fingerprints and iris scans to be considered for implementation in passports standards.


The primary purposes of biometric use, according to the ICAO, is to allow for verification ("confirming identity by comparing identity details of the person claiming to be a specific living individual against details previously recorded on that individual") and identification ("determining possible identity by comparing identity details of the presenting person against details previously recorded on a number of living individuals"). Beneficial side effects include advanced passenger information to ports of entry, and electronic tracking of passport use.


In May 2003, the facial recognition emerged as the primary candidate. Intellectual Property issues prevented iris scans from being accepted; while it was felt that the facial recognition is more socially acceptable. Multiple applications of biometrics are also considered, and permitted. Although the use of a single biometric technology by all States is preferred by the ICAO to ensure interoperability, "[h]owever, it is also recognized that some States may conclude it desirable to deploy two biometrics on the same document." Already the EU is discussing requiring fingerprints in passports.


The ICAO is aware, however, that there are contentious legal issues involved with the infrastructure for these passports, including the collisions between the goals of centralizing citizens' biometrics and protecting privacy laws, and with "cultural practices." Not only does this involve a central data store of fingerprints and photos (and face scans) that can be scanned against other databases for other purposes, but this sensitive information may be transferred to other countries when verification is required at border controls. The ICAO foresees that these other countries may retain this information. In essence, this may turn into a global distributed database of personal information.


Something that may be important to remember at the time of national implementation is that there is some flexibility permitted by the ICAO. Some states may interpret the ICAO standards to require centralised databases.[114]


The ICAO calls for central databases that allow for additional security confirmation checks, but does not go so far as to require such systems. It may be interesting to see if national governments recall this option, or if they rather change their national laws to allow for centralized storage, as allowed in other ICAO documents. Already the EU is moving towards a centralized registry of biometrics from the passport enrolment process.

Fingerprints

Fingerprints are the most widely used biometric identifier worldwide. Electronics manufacturers have begun adding fingerprint scanners to computers, hard drives, USB keys, and others, as a security device.[115] In fall 2006, Sweden tested a system that matches air travelers to their luggage through the use of fingerprints.[116] In January 2005, Walt Disney World properties began using fingerprint scans as a means to track customers entering their theme parks.[117] Fingerprints are increasingly used on identity cards.[118]


The fingerprinting of schoolchildren has been proliferating in the United Kingdom, amidst much debate. The UK's widespread use is in contrast to Hong Kong and China, which have both banned the fingerprinting of schoolchildren.[119] In July 2007, the British Educational Communications and Technology Agency (BECTA) released guidelines for UK schools, "BECTA Guidance on the Use of Biometric Systems in Schools."[120] BECTA explained that the collection of schoolchildren's fingerprints is covered under the Data Protection Act of 1998, care must be taken if such data is collected, and "schools have a duty to ensure that all the personal data they hold is kept secure."[121] At the same time, the UK Information Commissioner's Office also issued guidance on biometrics collection from schoolchildren, who can be as young as five years old. The Office agreed that such data collection was covered by the Data Protection Act of 1998 and told schools that they "should explain the reasons for introducing the system, how personal information is used and how it is kept safe."[122] Because some children will not be able to understand the implications of fingerprint collection, in such cases the school must fully inform and obtain consent from parents; otherwise, the school would breach the Data Protection Act.[123] It is not known if parents fully understand that, when investigating a crime, the UK police are allowed to access schools' biometric databases without parental permission.[124]


Traditionally, fingerprint biometrics have been used in law enforcement investigations of crimes; used in laboratories and courts to identify criminals. However, law enforcement has begun using fingerprint databases outside of these contexts. In Australia and the UK, police now carry handheld fingerprint scanners so that they can quickly identify people on the streets, such as drivers who are pulled over for a traffic violation or pedestrians "suspected" of criminal offenses.[125] The police obtain "permission" from suspects, but the voluntariness of such permission is suspect, and then check for matches in a database containing 6.5 million fingerprints. The portable biometric devices used by Australian police are made by French electronics company Sagem and can hold up to 100,000 fingerprints.[126]


There has also been an expansion of international sharing of fingerprint data. The Philippines and the US are cooperating on a joint database.[127] In January 2007, Home Affairs ministers of signatories to the Prüm Treaty agreed to share access to each nation's fingerprint and motor vehicle databases.[128] Austria, Belgium, France, Germany, Luxembourg, Netherlands, and Spain signed the treaty in 2005. Italy, Finland, Portugal, Romania, Slovenia, and Sweden and Romania issued formal notification of their wish to sign, as well.


In February 2007, the European Commission revealed that one of its "key actions envisaged for 2008" was "implementing a centralised database of fingerprints."[129] The proposal for a massive database of fingerprints from all 27 EU countries prompted accusations of "Big Brother Europe." The database would include fingerprints of suspects and people released without charge, as well as those convicted of crimes.[130] The cost and scope of the massive EU-wide fingerprint database are being assessed, but the goal is to create the database by the end of 2008. Questions remain about whether the third-party countries, such as the United States, would have access to this centralized repository of EU citizens' fingerprints.


In June 2007, European Data Protection Supervisor Peter Hustinx sent a letter to the Portuguese Ministers for Justice and Interior criticizing these recent measures.[131] (Portugal took Presidency of the Council of the European Union on July 1, 2007.) He offered his assistance, stating "It seems that a number of agreements on new antiterrorist measures have been concluded without fully considering the impact on fundamental rights." Supervisor Hustinx also said, "I fear that messages such as 'no right to privacy until life and security are guaranteed' are developing into a mantra suggesting that fundamental rights and freedoms are a luxury that security can not afford. I very much challenge that view and stress that there should be no doubt that effective anti-terror measures can be framed within the boundaries of data protection."


Countries are increasingly using fingerprints for border security. Australia, Malaysia, Singapore, US, UK, among others, all collect fingerprint collection at their borders.[132] The US's border security program US-VISIT requires foreign nationals entering or exiting the country to submit detailed biographical information, all 10 fingerprints, and a digital photograph; it is one of the largest biometric collection programs in the world.[133] In December 2006, the UK Home Office announced a plan to "[record] biometrics for everyone from the 169 nationalities outside the [European Economic Area] applying to work, study or stay in the UK for more than six months, and for people from 108 nationalities applying to visit the UK," to be implemented by 2008.[134] The UK plans to record fingerprints and facial images and also plans to begin issuing biometric ID documents to foreign nationals by 2008.

Retinal and Iris Scans

Retinal and iris scans are different technologies, though they are often thought to be the same. With retinal scans, an infrared beam is shown through the pupil and the reflected light and pattern of blood vessels in the eye is measured and captured by a camera.[135] No two patterns are the same, even between the right and left eye, or identical twins, and they do not change with age. However, critics have cited the invasive data capture process and the technology's susceptibility to diseases, such as glaucoma or cataracts.[136] Also, critics have pointed out that retinal scans contain a wealth of personal health data. "Many health problems show up in your eyes, potentially creating non-invasive tests for everything from cocaine to sickle cell anemia. Cocaine, alcohol, and other drugs can make the OSI a non-invasive drug test. Infectious diseases such as malaria, AIDS, syphilis, Lyme disease, and chicken pox all show up in your eyes. Interestingly enough so does pregnancy."[137]


With iris scans, a video camera is used to take a picture of the iris.[138] Drawbacks are that movement, glasses and colored contact lenses can change the template created from a single individual; eyelids and eyelashes obscure part of the surface of the iris; and, because the scan is based on the size of the pupil, drugs dilating the eye could defeat an iris scan.


Iris scans are increasingly being used in traveler programs. Frequent traveler programs involving the collection and use of iris scans include: Amsterdam's Privium,[139] the US's Registered Traveler,[140] the UK's miSenseplus.[141] Australia,[142] Germany,[143] and the UK[144] are collecting iris scans from visitors and the US is considering adding iris scans to its US-VISIT border security program.[145] Iris scans are used in a plethora of other environments, as well. Schools in the US and the UK are collecting iris scans.[146] Doctors in South Australia may soon be required to submit iris and fingerprint scans to access hospital records.[147] US officials have created the Sex Offender Registry and Identification System (SORIS), which stores images of sex offenders' irises.[148]

Hand Geometry (Palm Prints)

Hand geometry or "palm print" biometrics are increasing in popularity. "Palm print textures like principle lines, wrinkles and ridges contain discriminative information which can be extracted for verification purpose."[149] In Japan, people can withdraw cash from ATMs by using palm-print scanners.[150] Japanese libraries use palm scanners to check out books.[151] In 2006, UK police created a national palm-print database.[152] Canadian police also are looking to create such a database.[153] At Israel's Ben Guiron Airport, the country's only international airport, travelers can identify themselves by hand print at more than 20 kiosks.[154]

Voice Recognition

Voice recognition technology identifies individuals through their distinctive vocal patterns. Dutch International Bank ABN Amro's four million customers can now access automated telephone banking services through the bank's biometric voice verification system.[155] Credit card companies are considering using voice recognition technology to allow customers to make payments.[156] In February 2007, Microsoft Corporation had to fix a hole in its Vista operating system where the speech recognition features could be used by others to maliciously delete files.[157] The technology has its weak points. "Voice recognition is skewed by background noise, and whether an analog or cell phone is used. While it is impossible to fool a voice recognition system through impersonation or mimicry, it is possible to use a tape recorder to commit fraud," EPIC has said.[158]



[83] Julia Scheeres, "ID Cards Are de Rigueur Worldwide," Wired News, September 25, 2001 <http://www.wired.com/politics/law/news/2001/09/47073>; Sun Microsystems, Press Release, "Belgium E-Government Initiative Starts 1st Phase of Deployment of Sun's Java-Technology Enabled Smart Cards," Apriil 10, 2003, available at <http://www.sun.com/smi/Press/sunflash/2003-04/sunflash.20030410.2.xml>; Raja M, "Smart Cards Make Inroads into Asia," Asia Times, October 2, 2004, available at <http://www.atimes.com/atimes/South_Asia/FJ02Df03.html>.

[84] Richard Sobel, The Degradation of Political Identity Under a National Identification System, 8 Boston University Journal of Science & Technology Law, 37, 48 (2002), available at <http://www.bu.edu/law/scitech/volume8/Sobel.pdf>. See also National Research Council, "IDs - Not that Easy: Questions about Nationwide Identity Systems," 2002, available at <http://www.nap.edu/catalog.php?record_id=10346>.

[85] Identity Cards Act (2006) <http://www.opsi.gov.uk/ACTS/acts2006/ukpga_20060015_en.pdf>; Christopher Adams, "Brown Battles Cameron at First PMQs," Financial Times, July 4 2007, available at <http://www.ft.com/cms/s/4f22eb54-2a23-11dc-9208-000b5df10621.html>; "Brown Announces Unified Border Force," Telegraph, July 27, 2007 <http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/07/25/nterror325.xml>.
[86] London School of Economics & Political Science, "The Identity Project: An Assessment of the UK Identity Cards Bill & Its Implications," March 21, 2005, available at <http://www.lse.ac.uk/collections/pressAndInformationOffice/PDF/IDreport.pdf>; London School of Economics & Political Science, "Update: The Identity Project: An Assessment of the UK Identity Cards Bill and Its Implications," June 27, 2005 available at <http://is.lse.ac.uk/idcard/identityreport.pdf>.
[87] UK Home Office, Identity & Passport Service, webpage "Foreign Nationals" <http://www.identitycards.gov.uk/faqs-other-foreign-apply.asp>.
[88] Privacy International <http://www.privacyinternational.org/>; No2ID Campaign <http://www.no2id.net/>.

[89] Graham Greenleaf, "The Australia Card: Towards a National Surveillance System," Law Society Journal of New South Wales, Volume 25, Number 9 (October 1987), available at <http://www2.austlii.edu.au/itlaw/articles/GGozcard.html>.
[90] Australian Government's Access Card website <http://www.accesscard.gov.au/>; Sandra Rossi, "Future Uncertain for Australia's Smartcard," Computerworld Australia, March 27, 2007 <http://www.intergovworld.com/article/8fa94cc90a01040800f483b45a3b2b3c/pg0.htm>.
[91] Australian Privacy Foundation <http://www.privacy.org.au/Campaigns/ID_cards/HSAC.html>; Electronic Frontiers Australia <http://www.efa.org.au/Issues/Privacy/>.
[92] Darren Pauli, "Aussies to Stockpile Kiwi Biometrics in Central Database," Computerworld, July 25, 2007 <http://computerworld.co.nz/news.nsf/news/4C244AE1ED29925CCC25731E000055D0>.

[93] Ople v. Torres, G.R. 127685, July 23, 1998, available at <http://www.supremecourt.gov.ph/jurisprudence/1998/jul1998/127685.htm> (Philippine Supreme Court Decision about the National ID System).
[94] "Constitutional Court Decision No. 15-AB of 13 April 1991," available at
<http://www.privacy.org/pi/countries/hungary/hungarian_id_decision_1991.html>.
[95] Article 35 (5), Constitution Of The Portuguese Republic 1976 (as amended), available at <http://www.trybunal.gov.pl/constit/constitu/constit/portugal/portug-e.htm>.

[96] See generally EPIC's National ID Cards and REAL ID Act webpage <http://www.epic.org/privacy/id_cards/>.
[97] REAL ID Act, Public Law Number 109-13, 119 Stat. 231 (2005), available at <http://www.epic.org/privacy/id_cards/real_id_act.pdf>.
[98] Stop REAL ID Campaign website <http://www.privacycoalition.org/stoprealid>; EPIC and 24 Experts in Privacy and Technology, Comments on the REAL ID Draft Regulations, May 8, 2009, available at <http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf>; American Civil Liberties Union <http://realnightmare.org/>.
[99] See generally, EPIC's National ID Cards and REAL ID Act webpage section on State Anti-REAL ID Legislation <http://www.epic.org/privacy/id_cards/#state>.

[100] See generally EPIC's Biometric Identifiers webpage <http://www.epic.org/privacy/biometrics/>.

[101] Deutsche Bank Research, "Biometrics – Hype and Reality," May 22, 2002, available at <http://www.dbresearchaptercom/PROD/999/PROD0000000000043270.pdf>
[102] Roger Clarke, "Biometrics and Privacy," April 15, 2001, available at <http://www.anu.edu.au/people/Roger.Clarke/DV/Biometrics.html>.

[103] Peralte C. Paul, "Not Your Father's ATMs," Palm Beach Post, July 01, 2007.
<http://www.palmbeachpost.com/business/content/business/epaper/2007/07/01/a4f_techmain_0701.html>; Jeremy Kirk, "Government Tests Biometrics at Border Control Points," IDG News Service, May 3, 2007 <http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsid=2864>; Declan McCullagh, "Interpol chief wants databases to track criminals," CNET News.com, July 12, 2007 <http://news.com.com/Interpol+chief+wants+databases+to+track+criminals/2100-1028_3-6196190.html>.

[104] Peter Hustinx, European Data Protection Supervisor, "Comments on the Communication of the Commission on Interoperability of European Databases" March 10, 2006, available at <http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2006/06-03-10_Interoperability_EN.pdf>; Jo Best, Biometrics Unreliable, Says EU Privacy Head," CNET News.com, March 15, 2006 <http://news.com.com/2102-1029_3-6050024.html>.
[105] US Federal Trade Commission, "Proof Positive: New Directions for ID Authentication,” April 23-24, 2007 <http://www.ftc.gov/bcp/workshops/proofpositive/index.shtml>; EPIC, Comments to the Federal Trade Commission, March 23, 2007, available at <http://www.epic.org/privacy/id_cards/epic_ftc_032307.pdf>.
[106] Ann Cavoukian & Alex Stoianov, "Biometric Encryption: A Positive Sum Technology that Achieves Strong Authentication, Security AND Privacy," Information and Privacy Commissioner of Ontario, March 14, 2007, available at <http://www.ipc.on.ca/index.asp?navid=46&fid1=608>.

[107] Thomas Frank, "U.S. is Building Database on Iraqis," USA Today, July 12, 2007, at A1, available at <http://www.usatoday.com/news/world/iraq/2007-07-12-iraq-database_N.htm>.
[108] Letter from EPIC, Human Rights Watch & Privacy International to US Secretary of Defense Robert Gates, July 27, 2007, available at <http://www.epic.org/privacy/biometrics/epic_iraq_dtbs.pdf>.
[109] Hussein Kadhim & Jenan Hussein, "Iraqis' Phony IDs Mask Links to Shiites, Sunni. McClatchy Newspapers, June 24, 2007, available at <http://www.star-telegram.com/279/v-print/story/147519.html>.
[110] US Defense Science Board Task Force, "Report on Defense Biometrics," March 2007, available at <http://www.epic.org/privacy/biometrics/defscibd_0307.pdf>.
[111] Martin Scheinin, UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, "Report to the UN Human Rights Council," January 2007, available at <http://www.ohchr.org/english/issues/terrorism/rapporteur/reports.htm>.

[112] Attorney General Transcript, News Conference - DNA Initiatives, Monday, March 4, 2002, DOJ Conference Center.

[113] The Innocence Project <http://www.innocenceproject.org/>.

[114] See generally ICAO - Biometrics Deployment of Machine Readable Travel Documents ICAO TAG MRTD/NTWG Technical Report: Development and Specification of Globally Interoperable Biometric Standards for Machine Assisted Identity Confirmation using Machine Readable Travel Documents, Montreal: ICAO, May 12, 2003.

[115] Agam Shah, "Keeping Data Secure with Biometrics," PC World, June 22, 2007, available at <http://www.washingtonpost.com/wp-dyn/content/article/2007/06/22/AR2007062201584.html>.
[116] "New Tricks with Biometrics," CNN, September 28, 2006, available at
<http://www.cnn.com/2006/TRAVEL/09/27/biometrics.SAS/index.html>.
[117] See generally EPIC's Theme Parks and Privacy webpage <http://www.epic.org/privacy/themepark/>.
[118] See generally EPIC's National ID Cards and REAL ID Act webpage <http://www.epic.org/privacy/id_cards/> and Privacy International's National ID Cards webpage <http://www.privacy.org/pi/activities/idcard/>.

[119] Mark Magnier, "Campaign of Shame Falls Flat in China," Los Angeles Times, December 18, 2006; Mark Ballard, "Halt to School Fingerprinting," Register, November 9, 2006 <http://www.theregister.co.uk/2006/11/09/hongkong_kiddyprinting/>.
[120] British Educational Communications and Technology Agency, "BECTA Guidance on the Use of Biometric Systems in Schools," July 2007, available at <http://schools.becta.org.uk/upload-dir/downloads/becta_guidance_on_biometric_technologies_in_schools.doc>.
[121] Id. at 8; Data Protection Act of 1998, available at <http://www.opsi.gov.uk/acts/acts1998/19980029.htm>.
[122] UK Information Commissioner's Office, "The Use of Biometrics in Schools," July 2007, available at <http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/fingerprinting_final_view.pdf>.
[123] Id.
[124] David Smith, Deputy Commissioner, UK Information Commissioner's Office, Testimony at a Hearing on the Surveillance Society Before the Home Affairs Committee of the House of Commons, May 1, 2007, available at <http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhaff/uc508-i/uc50802.htm>.

[125] "Motorists to Give Fingerprints," BBC News, November 22, 2006 <http://news.bbc.co.uk/1/hi/uk/6170070.stm>.
[126] Michael Crawford, "Australian State Police Eye Fingerprint Biometrics," Computerworld Australia, October 14, 2005, available at <http://www.computerworld.com/securitytopics/security/story/0,10801,105427,00.html>.

[127] "Philippine, U.S. Police Cooperate in Fingerprint Database," People's Daily Online, June 7, 2006 <http://english.peopledaily.com.cn/200606/07/eng20060607_271844.htmlv>.
[128] Germany Federal Minister of the Interior, Press Release, "Informal Meeting of Ministers for Justice and Home Affairs: Home Affairs Ministers Back Initiative to Create a Pan-European Network of Police Databases for More Effective Crime Control," January 15, 2007, available at <http://www.eu2007.de/en/News/Press_Releases/January/0115JIRatPK1.html>; Letter from the Presidency to the Council of the European Union, "Integration of the Prüm Treaty into the Union Legal Order," February 9, 2007, available at <http://www.statewatch.org/news/2007/feb/eu-prum-6220-07.pdf>.

[129] Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, "Annual Policy Strategy for 2008," at 12, February 21, 2007, available at <http://ec.europa.eu/atwork/synthesis/doc/aps_2008_en.pdf>.
[130] David Charter, "Central Fingerprint Database Plan Draws Fire from All Over EU," Times Online, March 16, 2007 <http://www.timesonline.co.uk/tol/news/world/europe/article1522577.ece>.

[131] Letter from European Data Protection Supervisor Peter Hustinx to Portugal Minister for Justice Alberto Costa, "Presidency Work Programme and the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data," June 12, 2007, available at <http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2007/07-06-11_Letters_portuguese_presidency_EN.pdf>.

[132] Vivian Yeo, "Singapore Unveils Biometric Passport," CNet News.com, March 31, 2006 <http://news.com.com/2100-1029_3-6056746.html>; "Singapore Advocates Using Biometrics in Border Control," People's Daily Online, March 26, 2007 <http://english.people.com.cn/200703/26/eng20070326_361093.html>; Darren Pauli, "Aussies to Stockpile Kiwi Biometrics in Central Database," Computerworld, July 25, 2007 <http://computerworld.co.nz/news.nsf/news/4C244AE1ED29925CCC25731E000055D0>; UK Home Office, Press Release, "New Powers to Capture Foreign Nationals' Biometrics," December 19, 2006, <http://press.homeoffice.gov.uk/press-releases/foreign-nationals-biometrics>; Dewan Rakyat, "Biometric Way to Monitor Foreign Workers," Star Online.com, June 26, 2007 <http://star-techcentral.com/tech/story.asp?file=/2007/6/26/technology/20070626115333&sec=technology>.
[133] See generally EPIC's US-VISIT Program webpage <http://www.epic.org/privacy/us-visit/>.
[134] UK Home Office, "Strategic Action Plan for the National Identity Scheme - Safeguarding Your Identity," December 19, 2006, available at <http://www.homeoffice.gov.uk/documents/strategic-action-plan.pdf>; UK Home Office, Press Release, "New Powers to Capture Foreign Nationals' Biometrics," December 19, 2006, <http://press.homeoffice.gov.uk/press-releases/foreign-nationals-biometrics>.

[135] See generally EPIC's Biometric Identifiers webpage <http://www.epic.org/privacy/biometrics/>.
[136] "The Identity Project: An Assessment of the UK Identity Cards Bill & Its Implications," (London School of Economics & Political Science, March 21, 2005, available at <http://www.lse.ac.uk/collections/pressAndInformationOffice/PDF/IDreport.pdf%CA>.
[137] Courtney Ostaff, "Retinal Scans Do More Than Let You In the Door," Physorg.com, August 31, 2005 <http://www.physorg.com/news6134.html>.

[138] Id.

[139] "New Tricks with Biometrics," CNN, September 28, 2006, available at
<http://www.cnn.com/2006/TRAVEL/09/27/biometrics.SAS/index.html>.
[140] See generally EPIC, Spotlight on Surveillance, "Registered Traveler Card: A Privatized Passenger ID," October 2005 <http://www.epic.org/privacy/surveillance/spotlight/1005/>.
[141] Dean Irvine, "Heathrow Tests Biometrics," CNN, December 6, 2006 <http://www.cnn.com/2006/TRAVEL/12/06/heathrow.fingerprints/index.html>.
[142] Darren Pauli, "Aussies to Stockpile Kiwi Biometrics in Central Database," Computerworld, July 25, 2007 <http://computerworld.co.nz/news.nsf/news/4C244AE1ED29925CCC25731E000055D0>.
[143] "Look Me in the Eye," Deutsche Welle, February 13, 2004 <http://www.dw-world.de/dw/article/0,,1113690,00.html>.
[144] Jeremy Kirk, "Government Tests Biometrics at Border Control Points," IDG News Service, May 3, 2007 <http://www.computerworlduk.com/management/government-law/public-sector/news/index.cfm?newsid=2864>.
[145] Michael Arnone, "US-VISIT Chief Wants Tougher Border Security," FCW.com, April 18, 2006 <http://www.fcw.com/article94113-04-18-06-Web>; see also EPIC’ US-VISIT webpage <http://www.epic.org/privacy/us-visit/> (documents obtained by EPIC under Freedom of Information Act show US government considered iris scans, voice recognition for border security).
[146] Laura Clark, "Children as Young as Five To Be Fingerprinted in Schools," Daily Mail, July 23, 2007 <http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=470344&in_page_id=1770&ct=5>; "Eye Scan Technology Comes to Schools," ABC News, January 25, 2006 <http://abcnews.go.com/GMA/story?id=1539275>; "Eye Scan To Order School Dinners," BBC News, July 8, 2003 <http://news.bbc.co.uk/1/hi/england/wear/3056162.stm>.
[147] Ben Woodhead, "Fingerprints and Iris Scans As Hospitals Tighten Security," Australian, July 3, 2007 <http://www.prisonplanet.com/articles/july2007/030707_b_Fingerprints.htm>.
[148] Lynn Waddell & Arian Campo-Flores, "Iris Scans: Keeping an Eye on Sex Offenders," Newsweek, July 24, 2006, available at <http://www.msnbc.msn.com/id/13880045/site/newsweek/>.

[149] Michael KO Goh, Tee Connie, et al, Multimedia University, Malaysia. "A Fast Palm Print Verification System," International Conference on Computer Graphics, Imaging and Visualisation, 2006, available at <http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/proceedings/&toc=comp/proceedings/cgiv/2006/2606/00/2606toc.xml&DOI=10.1109/CGIV.2006.7>.
[150] Kenji Hall, "Biometrics: Vein Scanners Show Promise," BusinessWeek.com, February 6, 2007 <http://www.businessweek.com/globalbiz/content/feb2007/gb20070206_099354.htm?chan=search>.
[151] Martyn Williams, "Japanese Library to Use Palm-Vein for Book Check-Out," IDG News Service, December 26, 2005, available at <http://www.infoworld.com/article/05/12/26/HNjapaneselibrary_1.html>.
[152] Andy McCue, "Police Get National Biometric Palm Print Database," Silicon.com, March 23, 2006
<http://www.silicon.com/publicsector/0,3800010409,39157511,00.htm>.
[153] "Winnipeg Police Angling for Palm-Print Software," CBC News, January 15, 2007 available at <http://www.cbc.ca/canada/manitoba/story/2007/01/15/palm-print.html>.
[154] Brian Robinson, "Israel Uses Hands-on Approach for Trusted Travelers,” FCW.com, August 29, 2005 <http://www.fcw.com/article90469-08-29-05-Print>.

[155] Linda More, "Dutch International Bank ABN Amro Is Using Biometric Voice Verification Security for Its Customers," April 19, 2007, Computing <http://www.vnunet.com/articles/print/2188010>.
[156] “Now pay your credit card bills the secure way with your voiceprint," Malaysia Sun, July 20, 2007 <http://story.malaysiasun.com/index.php/ct/9/cid/d805653303cbbba8/id/266566/cs/1/>.
[157] "Vista Has Speech Recognition Hole," BBC News, February 1, 2007 <http://news.bbc.co.uk/1/hi/technology/6320865.stm>.
[158] Statement of Marc Rotenberg, Executive Director, Electronic Privacy Information Center, and Carla Meninsky, EPIC IPIOP Fellow, at a Joint Hearing on Identity Theft Involving Elderly Victims Before the Special Committee on Aging (July 18, 2002), available at <http://www.epic.org/privacy/biometrics/testimony_071802.html>.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICPrivHR/2006/