The biometric passport as an unintended privacy gift

Le cadeau de César (Caesar's Gift)  © Dargaud Le cadeau de César (Caesar's Gift) © Dargaud

The following article by Privacy First employee Vincent Böhre was published this month in the periodical De Filosoof (‘The Philosopher’, University of Utrecht). Tomorrow the Dutch Passport Act will be high on the Dutch political agenda: in a debate with the Minister of the Interior Liesbeth Spies the compulsory taking of fingerprints for Dutch passports and ID cards will be discussed. Privacy First has recently (again) emphasized to all political parties in the Dutch House of Representatives to have passports without fingerprints introduced as soon as possible and to make a request to the government to have the Passport Regulation revised at the European level. This in order for the compulsory taking of fingerprints to be done away with also for passports, or at least to become of a voluntarily nature. The text below offers a quick recap with a positive twist. A pdf version of the original article in Dutch can be found HERE (pp. 6-7).

The biometric passport as an unintended privacy gift

‘‘Late 2001, the Christian-democratic political party CDA proposed storing the fingerprints of every Dutch citizen through passports for criminal investigation purposes. However, this proposal was immediately scrapped by other political parties because it would lead to a Big Brother society. Nonetheless, an even more far-reaching proposal became law seven years later almost inconspicuously. Under the new Dutch Passport Act, apart from criminal investigation and prosecution, everyone’s fingerprints and facial scan (biometric data) could also be used for counter-terrorism, domestic and foreign State security, disaster control and personal identification. However, none of these legal purposes had been discussed in Parliament.[1] In fact, the new Passport Act was accepted by the Senate even without a vote. The media merely stood by and watched how it happened. How could things have gotten this far?

‘Bystander syndrome’

In a certain way the Passport Act was (and is) emblematic for the Dutch era after '9/11'. An era in which (presupposed) anti-terrorism measures could be steered through Parliament with the greatest of ease. After all, such measures would enhance our security, we were continuously told. By nature people are inclined to believe the authorities and to accept the status quo. From a human rights point of view, one could consider the post-9/11 era as a huge Milgram experiment: without too much resistance many human rights have for years been put to the rack of society. The realization of the new Passport Act is no exception. Every Member of the Senate could at least have made a request for a parliamentary vote. Journalists and scientists could have blown the whistle on time. Instead, they all stood there and watched since, of course, the law would make the Netherlands a ‘more secure’ place. But what was this assumption based on? Wasn’t the Netherlands actually going to be less secure by the massive storage of fingerprints in travel documents and affiliated databases? This question has never been asked in public, let alone discussed and answered.

Disproportionate

The prime argument by the Dutch government for the introduction of fingerprints in passports and ID cards has, since the late 90s, been the following: it would prevent look-alike fraud with travel documents. Look-alike fraud is a form of abuse whereby someone uses an authentic travel document of someone else to whom his or her appearance resembles. Questions about the scale of this type of fraud have hardly ever been asked in Parliament. From a recent FOIA-request filed by Privacy First, it appeared that we’re dealing with only a few dozen cases each year (with Dutch travel documents on Dutch territory).[2] In light thereof the introduction of fingerprints in travel documents of 17 million Dutch citizens is completely disproportionate. Not to mention the dozens, if not hundreds of millions of Euros that the government has spent on this project.

Risks

With the introduction of a ‘biometric identity infrastructure’ a new form of fraud comes to life that is extremely difficult to trace and combat: biometric identity fraud, for instance through hacking. Not just with guileless citizens and companies, but also in the public sphere (espionage). Moreover, it has been pointed out that in 21-25% of cases the biometric data in the chip of Dutch travel documents cannot be read (verified). So in the event of passport control, there is a high risk that citizens become unjustly suspected of fraud. The biometric passport is no good for combating terrorism either: terrorists generally use their own, authentic travel documents. Unfortunately, little is publicly known about the way security and intelligence agencies use biometrics, even though some purposes are easy to predict: identification of suspects unwilling to speak and ‘interesting’ persons in public space, the recognition of emotions, lie detection and the recognition or use of doubles. The same applies to the domain of criminal investigation and prosecution, also in conjunction with camera surveillance and automatic facial recognition. In addition, the RFID (Radio Frequency Identification)-aspect of the chip in the document enables it to be read from a distance: citizens can be identified and tracked without it being noticed. With regard to personal identification, one could think of the possible introduction of fingerprints at banks, social services, the internet, etc. (Since the end of last year, a Dutch pilot project with mobile finger scanners for the police is ongoing.) Finally, there’s the domain of fighting disasters: biometrics used for the identification of casualties in the event of large-scale disasters or as a logistic means. All in all these possibilities for the use of biometrics go dozens, if not a hundred steps beyond the mere combating of look-alike fraud with travel documents. One ought to realize that all of these possibilities will sooner or later be put into practice. In jargon this is called ‘function creep’; historically seen it’s inevitable. Scientific research into future applications of biometrics continuously takes place. What’s more, even in our part of the world a democratic constitutional State is no invariable matter of fact. It is therefore very dubious whether our world will become ‘more secure’ by the large-scale use of biometrics.  

Positive change

It is exactly this concern which brought about a small Dutch revolution in the summer of 2009: at the time, the enactment of the new Passport Act led to a torrent of criticism and to the coming into being of the current Dutch privacy movement. New privacy organizations such as Privacy First proliferated, social coalitions were forged and lawsuits against the new Passport Act were filed.[3] This boomerang effect within society continues to this day. Since that time the right to privacy is ever higher on the societal and political agenda. In that sense the biometric passport has so far proved to be an unintended gift from heaven.''



[1]
See Vincent Böhre, Happy Landings? Het biometrische paspoort als zwarte doos (Happy landings? The biometric passport as a black box), Wetenschappelijke Raad voor het Regeringsbeleid, WRR (Scientific Council for Government Policy) October 2010, http://www.wrr.nl/publicaties/publicatie/article/happy-landings-het-biometrische-paspoort-als-zwarte-doos-46/.
[2]
See Privacy First, Revealing figures about look-alike fraud with Dutch travel documents (20 March 2012).
[3]
See Böhre supra footnote 1, p. 111 ff.

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
IIR banner

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon