Should the public trust claims that National Identity Schemes (and facial biometric passports) can help make us terrorist attack proof? : Should the public trust claims that National Identity Schemes (and facial biometric passports) can help make us terrorist attack proof? Andrew Clement and Krista Boa
with Joseph Ferenbok
Information Policy Research Program
Faculty of Information Studies
University of Toronto
4S-EASST conference
Paris
August 28, 2004
Overview : Overview NIDS promotion A post-9/11 revival
Facial biometric passports On their way
‘Proving’ personal ID Not easy, not enough!
Effective against terrorist threat? No!
Why the push, with no proof? Opportunism+
Civil liberties tradeoffs? Premature at best
Needed now? An informed public debate!
Post 9/11, a flurry of activity… : Post 9/11, a flurry of activity… NIDS “gifts”
Larry Ellison, Oracle
Scott McNealy, Sun
Am. Assoc. of Motor Vehicle Administrators
De facto national ID card proposal
US military biometric ID card underway
Public hearings
US Congress, California State Assembly, Canada, UK
…and public opinion shifts : …and public opinion shifts 80% of Canadians would submit themselves “to providing fingerprints for a national identity card that would be carried on your person at all times to show police or security officials on request” (Globe & Mail, Oct. 6, 2001).
86% in the UK backed the introduction of some form of ID card
A (temporary?) window of political opportunity?
Not so fast! : Not so fast! “Serious and sustained analysis and discussion of the complex issues presented by national identity systems are needed. Understanding the goals of such a system is a primary consideration.”
IDs – Not That Easy
U.S. National Academy of Sciences Committee on Authentication Technologies and Their Privacy Implications (2002)
Biometric travel documents : Biometric travel documents ICAO (International Civil Aviation Organization)
“... If a state is putting biometrics on its travel documents, the incorporation of a facial image is mandatory …”( May 19, 2003)
US-VISIT (based on USA PATRIOT act)
Digital scans of both index fingers and facial image are required of non-Americans (January 5, 2004)
Smart Borders (Canada-US) + 30 point action plan
Common standards for (multiple) biometric identifiers (Dec 2001)
Canadian Biometric Passport (proposed for 2005)
Facial image stored on an embedded chip
Enhanced ‘security’ is the principal rationale. But will this work?
Can a biometric passport meet its (implied) promises? : Can a biometric passport meet its (implied) promises? Securely and reliably identify everyone?
Intercept ‘9/11’ attackers?
Identification Processes : Identification Processes Registration
Biometric sample taken, stored and compared
ID token issued, based on existing records
Data-matching and profiling
Ongoing, behind the scenes
Data gathering + database linkages
Authentication (at control points)
Identity match between body and ID token
Database checks (personal data, watch list)
Request denied or approved
1. Securely and reliably identify everyone? : 1. Securely and reliably identify everyone? Immature technology
e.g. Automated facial recognition’s inadequate performance (see FRVT using FERET database)
Inherent biometric limits
False positives versus false negatives
Varying or missing bio features
Masquerade, deceptions…
Unreliable, inscrutable, vulnerable systems
e.g. Ted Kennedy
Insecure, unreliable base documentation
The weakest link?
What about Ahmed Ressam? : What about Ahmed Ressam?
What about Maher Arar? : What about Maher Arar?
Slide12 : American Airlines #11 American Airlines #77 United Airlines #93 United Airlines #175 Who among the 9/11 attackers would be stopped?
2. Intercept ‘9/11’ attackers? : 2. Intercept ‘9/11’ attackers? Everyone with a ‘clean’ record passes
Most 9/11 attackers had NO record of suspicion
Terrorist training manual: “fit in” as “normal”
Can repeatedly test screening system, then only need to pass once!
“The positive identification of individuals does not equate to trustworthiness or lack of criminal intent.” (emphasis in original)
(Ben Shneiderman, USACM testimony at the Congressional Hearings on National Identification Card Systems, Nov 2001)
It is NOT mainly about identification!��A NIDS/biometric passport would NOT be effective.� + risks false sense of security � + incurs great costs� : It is NOT mainly about identification! A NIDS/biometric passport would NOT be effective. + risks false sense of security + incurs great costs
The Canadian ‘public proof’ so far: : The Canadian ‘public proof’ so far: National ID card proposal:
Proposed (Fall 2002)
Parliamentary committee
Recommended against (Fall 2003)
Cabinet cancels (March 2004)
Biometric passport:
‘Strategy’ proposal (April 2004)
Vague assertions only
No press release, or public documentation
Bids requested (obtained via FOI)
The ‘absence of evidence’ (of a proof) : The ‘absence of evidence’ (of a proof)
Do we need to give up our civil liberties? : Do we need to give up our civil liberties? Myriad threats to civil liberties from such schemes
In the absence of a convincing case that the ‘security’ measures would be effective, the burden of proof should be on scheme promoters, not civil liberty advocates
Discussing pre-maturely possible civil liberty tradeoffs, concedes a fundamental point, and may unnecessarily weakens liberties.
In the absence (impossibility) of a ‘public proof’, why the push to NIDS/biometric passports? : In the absence (impossibility) of a ‘public proof’, why the push to NIDS/biometric passports? A combination of:
Frightened, willing, uniformed public
Superficial comfort of high tech identity proof
Shared ‘security’ worldview on mass ‘identity management (IT experts, public safety,, administrative apparatus)
Imperial manipulative reach
Political expediency
Compliant news media
Dis-connected academic research
Fledgling civil soceity advocacy movement
We do need a public debate! : We do need a public debate! “Proponents of such a (NIDS) system should be required to present a very compelling case.”
(National Academy of Science, 2002)
Very high stakes, but
No clear explication of any proposed scheme
No political interest
Limited opportunity for public input
Slide20 : What should a public proof NIDS/biometric passports look like? Full public disclosure
Honest discussion of threats and risks
Identify clear purposes and justification
Distinction between “security”, administrative and “entitlement” purposes
Background studies accessible to public, including alternatives and privacy impact assessments
Burden of proof resting with the promoter
Removal of civil liberties tradeoff threat
Adequate time frames (years, not weeks)
Transparent, accountable, facilitated process
See recent UK ID card consultation and environmental impact regulations
What do we* do now? : What do we* do now? * We = Professionals/Associations + citizens
Convene and participate in public forums
CPSR, ACM, NAS, IEEE, IFIP, 4S-EASST?
Resist emphasis on overly costly, unreliable, narrowly technological approaches
What are the purposes? Would it be effective?
Who is being served? Disadvantaged?
What are the alternatives?
Demand social and political accountability from NIDS/biometric promoters
Promote more socially sophisticated approaches to anti-terrorism
Address causes, social dynamics of terrorism
Further information: : Further information: Computer Professionals for Social Responsibility (CPSR) http://www.cpsr.org
Electronic Privacy Information Centre (EPIC)
Privacy International
+++
Information Policy Research Program (IPRP)
http://www.fis.utoronto.ca/research/iprp
Reference : Reference Clement, A., Guerra, R, Johnson, J., & Stalder, F. “National Identification Schemes (NIDS): A Remedy Against Terrorist Attack?” Proceedings of the Sixth Conference on Human Choice and Computers HCC6, IFIP World Computer Congress, Kluwer, Dordrecht, Netherlands, pp 195-205
Slide24 : Level of Public
Dialogue
Risk:
Lack of control of process
Exposure to high profile public debate in media
Time Required Option 3 - Written Submissions Plus Public Meetings/Hearings
Option 2 - Written Submissions Plus
Sectoral/Stakeholder Focus Groups Option 1 - Written Submissions Only 4 Weeks 6 Weeks 8 Weeks Release of Consultation Paper Taken from: Communications Strategy, Ontario Smart Card Project, March 16, 2001 Not this (Ontario Smart Card Project )
Slide25 : Nor this: Canadian government response to cross border travel restrictions based on USA PATRIOT Act (Section 414) (October 2002)
(b) Development of the System.--In the development of the integrated entry and exit data system … (under section 110 of the Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (8 U.S.C. 1365a), ) the Attorney General and the Secretary of State shall particularly focus on–
(1) the utilization of biometric technology; and
(2) the development of tamper-resistant documents readable at ports of entry.
Canadian House of Commons Standing Committee on Citizenship and Immigration Hearings on : C-18 An Act respecting Canadian Citizenship, Provincial/Territorial Nominee Program, Immigration Settlement Programs in Canada and a National Identity Card
Little notice, low public profile, no clear focus, very little public information, short duration