Biometric Surveillance and the Right to Privacy

Defining Biometrics

Biometrics refers to a process of recording, measuring, and analyzing a range of human physiological features. The scope of features to which biometrics may be directed is “all encompassing, and includes appearance, behavior, and cognitive state” [1]. Certain physiological features are permanent, unique, and universal. They are known as “biometric characteristics.” Those characteristics are typically measured by a sensor array and stored on a database as a “template.” Subject to the purposes of the biometric system manager, a template enables the manager to identify a person, or to verify a person’s identity, at a later time.

Biometric Technology and Surveillance

Biometric technologies are increasingly being used for surveillance purposes. For example, United States military and intelligence agencies have increasingly implemented biometric technologies in their intelligence, surveillance, and reconnaissance (ISR) activities. Biometric technology is acquiring an increasingly important position in U.S. military and national security policy [2], [3]. Although the use of biometrics for identification is not novel, biometric technology has grown into a substantial industry, accelerated by the 9/11 terrorist attacks in New York City and Washington, DC, in 2001. Biometrics have expanded in complexity and usage since 9/11, extending to: “logical and physical access systems; surveillance operations to fight against fraud and organized crime; immigration control and border security systems; national identity programs; identity management systems; and the determination of friend or foe in military installations” [4]. The collaborative use of biometrics in a surveillance context has contributed to public counter-terrorism successes like the identification of Mohammed Emwazi, or “Jihadi John,” of the Islamic State [5]. The United States has reported other successes arising from the use of biometrics, such as gathering improvised explosive device intelligence [6] and counter-piracy operations [6, p. 31]. In Australia, biometrics have become a central feature of border security and identity management policy. (See, e.g., the recent expansion of authority to use and compel persons to submit to biometric identification in Australia in the Migration Amendment (Strengthening Biometrics) Act 2015(Cth).)

In short, biometric technologies are the subject of increasing adoption by military, intelligence, and national security institutions. These technologies are deployed in domestic and foreign contexts for a series of security-related purposes. A useful example is in the process known as Tagging, Tracking, and Locating (TTL). The U.S. military in particular is pursuing the combination of biometric technologies and unmanned vehicles for TTL [7], [8]. In this context, biometrics form part of a broader strategy that incorporates identification through biometric technologies with other ISR methods to identify, track, or profile a given person.

Unsurprisingly, biometric technologies raise privacy issues. More specifically, it is uncertain how those technologies interact with human rights relating to privacy. Depending on the nature and implementation of a given biometric technology, the use of such technology might violate a state’s international human rights obligations. The permissibility of a government measure is most commonly determined through a multi-stage analysis that requires the measure to have, among other things, a “legitimate aim.” Security, or national security and public safety, are often the legitimate aims that governments rely on when the human rights compliance of their surveillance programs is challenged. Surveillance is not a legitimate aim in itself; rather, surveillance is one method of pursuing the goal of regional, national, or international security.

It is important to appreciate the relationship between surveillance and security. David Lyon defines surveillance as “the focused, systematic, and routine attention to personal details for purposes of influence, management, protection, or direction” [9]. Lyon’s definition refers to a process that captures individuals’ personal details, in an organized or targeted manner, that also “occurs as part of everyday life” [9]. Since 9/11, domestic security arrangements have increased in complexity to match the perceived threat of terrorism [10]. The problem is, however, that in response to threats such as terrorism, “the perception of which counterterrorism tools would be most effective is shaped less by objective or rational discussions of efficacy or efficiency than by … vested interests and the culture of risk mitigation” [10, p. 558]. Biometrics can be a form of “security theater” that creates a visual and dramatic perception of security to maintain public confidence [10].

The criticisms of increased implementation of biometrics become less valid as biometric technology improves. For present purposes, it suffices that the human rights implications of a biometric system used for surveillance purposes will necessarily depend on the security outcomes or “dividends” of such a system. That is because compliance with human rights law will also depend on a proportionality assessment that, in essence, weighs the intrusion upon a human right against the achievement of a legitimate government aim.

Introducing the Right to Privacy

Article 17 of the International Covenant on Civil and Political Rights is one source of the right to privacy. Most states engaging in advanced surveillance are parties to that treaty [11]. The scope and content of the right to privacy, in the context of surveillance, is not well defined. This is problematic, given the Human Rights Committee’s (HRC) view that “governmental mass surveillance is emerging as a dangerous habit rather than an exceptional measure” [12]. Three principal aspects of biometric surveillance engage article 17: first, its character as a form of surveillance; second, its character as a form of medical examination; and third, the data retention that it requires. Given the limited practice of the HRC, this paper draws on the scholarship and jurisprudence on article 8 of the European Convention on Human Rights and Fundamental Freedoms (ECHR). Although the literal terms of article 8 of the ECHR and article 17 of the ICCPR differ, article 8 is a useful guide to interpreting article 17.

The terms of article 17 are “broad and vague” [11, p. 83]. The European Court of Human Rights (ECtHR), when considering the right to privacy under the European Convention, has observed that that “the concept of ‘private life’ is a broad term not susceptible to exhaustive definition. It covers the physical and psychological integrity of a person … (embracing) multiple aspects of the person’s physical and social identity…” [13]. The “interference with… privacy” under article 17 of the ICCPR can likewise include a spectrum of activities. Importantly, privacy is regarded as a “fundamental precondition to, and guarantor of, other rights” [14]. Fernando Volio argues that the reference to “no one” in article 17 emphasizes the fundamental character of the right, which may not be denied to any person [15].

Right to Privacy Challenges: Surveillance

Foremost, biometric surveillance is a species of surveillance. Surveillance of persons who are owed obligations under the ICCPR typically engages article 17. This article does not prohibit states from conducting surveillance; rather, the lawfulness of a given surveillance program will depend on its specific circumstances.

In its resolution The Right to Privacy in the Digital Age, the United Nations General Assembly acknowledged that technological developments have enhanced states’ capacities to engage in surveillance that could breach article 17. Addressing the issue of metadata surveillance, the resolution identified the risk that certain personal information may be captured, including “(insights) into an individual’s behavior, social relationships, private preferences, and identity.” In its 2014 report, the HRC echoed the concerns about metadata surveillance, given that it “allows very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained” [14]. That logic applies to biometric surveillance. Biometric surveillance is capable of revealing personal information. Once a person has been identified, an integrated biometric system could use that person’s identity to monitor their activities. Moreover, an integrated biometric surveillance system, including public CCTV systems, could readily establish information about a person’s travel, employment, social, and cultural habits. Further, such a system could also reveal certain health information, for example by way of iris scan [16]. It is uncontroversial that health information is personal information, for the purposes of the right to privacy [13]. More advanced biometric systems, such as the ECG or X-Ray biometric systems [7], would provide even more information about a person’s health.

The ‘menace of surveillance’ is an additional issue that surveillance programs pose to the right to privacy [18]. For example the ECtHR considered the lawfulness of a German surveillance program during the Cold War [18]. In that case, the Court observed that even where surveillance is not directed at a specific person, the existence of large-scale surveillance programs has a chilling effect on the exercise of other fundamental rights, like freedom of expression [18, p. 16]. In a later case the ECtHR connected the surveillance of communication to an inhibition of the exercise of free expression [19]. Biometric surveillance could enable a state to identify and track a person, and also record their activities in locations where they are identified. Applying the logic evident in the ECtHR’s jurisprudence, the mere threat of widespread biometric surveillance could interfere with rights beyond privacy, such as the right to political expression or association. (The ECtHR in Klass vGermany [18] observed that a “menace of surveillance” could discourage subjects of that surveillance from engaging in certain forms of speech, contrary to the right of freedom of expression. Abstracting that reasoning, one could reasonably argue that surveillance can discourage the exercise of certain rights where the surveillance might capture or record the relevant activity. In the context of biometrics, surveillance could interfere with the association of certain individuals if they are subject to program of biometric identification that might capture or record their activities.)

Right to Privacy Challenges: Medical Examination

Biometric surveillance raises an additional issue under article 17 of the ICCPR given that the processes involved in biometric analysis may constitute medical examinations. Biometric processes analyze physiological data, and may also reveal certain health conditions (16, p. 650. Irma van de Ploeg characterizes biometric analysis as a form of medical examination [20]. She considers biometrics to be a “fundamental philosophical and normative challenge posed by (the) informatisation of the body,” and ties that challenge to “concepts of informational privacy and personal data protection” [20, p. 180].

Biometric technologies applied in the surveillance context are not entirely analogous to the typical human rights conception of medical treatment. However, the key common ground with biometrics in surveillance is compulsory medical examination. In a surveillance context, a person’s consent to the acquisition of their biometric data is almost always moot. The medical examination jurisprudence provides a set of principles that can inform an evaluation of biometric technologies’ interaction with human rights standards. In particular, that jurisprudence considers the particular value inherent in information pertaining to a person’s body. Reliance only on cases concerning surveillance directly would fail to capture the issues peculiar to health and bodily information.

Article 17 encompasses compulsory, or non-consensual. medical examinations. The HRC has observed that that “under article 17… to subject a person to an order to undergo medical treatment or examination without the consent or against the will of that person constitutes an interference with privacy…” [21]. Compulsory medical examination also constitutes an interference with the right to private life under the ECHR. The ECHR has held that “any medical intervention against the subject’s will, or without the free, informed and express consent of the subject, constitutes an interference with his or her private life” [22]. The notion of consent to examination for the purposes of a biometric system is not clear. In certain contexts people are deemed to have provided their consent to submit to biometric examination, such as in airports when passing through an ePassport Gate. (ePassport Gates are a variety of automated identity verification system used by the United Kingdom’s Border Force: https://www.nidirect.gov.uk/articles/using-epassport-gates-airport-border-control.) One could question the quality of that consent, since a person in that context will be forced to choose between consenting to biometric examination and not traveling. In the case of covert biometric systems, no such consent would be obtained.

The HRC has considered the issue of compulsory medical examinations, in the context of mental health testing [21]. The key feature of the decision for present purposes is that the Committee observed that the compulsory measure must be “reasonable in the particular circumstances of the case” [21]. In essence, that involves a consideration of the facts or circumstances that have prompted the compulsory examination. One case before the HRC concerned the question of whether a person’s conduct in court proceedings was a sufficient basis to compel them to submit to a mental health assessment. The HRC held that that conduct was an insufficient basis [21]. The ECtHR has made similar observations about the requirement of a sufficient basis to intrude on a person’s right to privacy [19]. Determining whether there is such a sufficient basis will also take account of the degree of intrusion: as the intrusion becomes more severe, so too does the burden on the state to show a sufficient basis.

These conclusions are similarly problematic for biometric surveillance. For a biometric system to identify people, it requires the enrolment of a large number of people onto a database to be able to subsequently identify people. In essence, a biometric system captures personal health information and stores it. Once operating, the system performs subsequent examinations of people and analyzes the information it collects. Consequently, the collection and retention of personal information is not based on specific facts relating to individuals, but is based on biometric systems’ need for a library of unique biometric data. That runs counter to the idea that a person’s circumstances might warrant the capture of their specific biometric data. Instead, a biometric surveillance system is in part predicated on the idea that a person may do something in the future that makes their future identification desirable. Moreover, the motivation to have a more reliable system goes hand in hand with capturing more biometric data. As more biometric data is recorded, the possibility of falling short of human rights standards increases.

The ECtHR has addressed the issue of compulsory collection and retention of fingerprint, DNA, and cellular samples for persons arrested for, but not convicted of, a crime [13]. Ultimately, the ECtHR concluded that “the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences … fails to strike a balance between the competing public and private interests” [13]. The case indicates that the compulsory acquisition and retention of biometric data of non-criminals may violate the right to privacy. The ECtHR’s conclusion was influenced by the period of retention of that data, and also by its character as health information. Importantly, the ECtHR gave greater weight to DNA information than fingerprint information. This indicates that where more significant health information is collected by a biometric system, there is a greater burden of demonstrating that the interference is proportionate. Data collected by ECG, EKG, or DNA samples, for example, may interfere more substantially with the right to privacy than the mere collection of fingerprints.

In addition to these limits, the ECtHR has held that if private information, like biometric data, is collected for one valid purpose, then that information cannot be shared and used for other purposes [23]. That would restrict states from validly collecting biometric data by consent at, say, a border control point and then sharing that data for the purposes of covert surveillance.

Right to Privacy Challenges: Data Retention

Personal data retention is integral to the operation of a biometric system. Some systems, such as a smart-phone, require no data beyond a specific user’s information. In a larger, multi-user system however, multiple personal data sets will obviously be required. Moreover, in the surveillance context where TTL is an objective, the subjects of a given system will necessarily have their personal data stored. A biometric template, as defined above, is the means by which a biometric system identifies people. The HRC has affirmed that data retention is an issue within the scope of the right to privacy [24]. Retaining personal information can amount to an interference with the right to privacy under article 17 [13].

Consequently, the data retention aspect of biometric systems poses an additional challenge to the right to privacy [25]. The more information a biometric system has, the more reliable it is [26]. There is an incentive to capture as much biometric data as possible. That incentive can threaten individual privacy through “potential data misuse, function creep, and linkage of databases via biometric databases” [27]. The ECtHR has observed that personal data retention has “a direct impact on the private-life interests of an individual … irrespective of whether subsequent use is made of the data” [13]. In particular, the ECtHR took issue with the “blanket and indiscriminate nature of the power of (data) retention” [13]. That conclusion is at odds with the need for a comprehensive database in a biometric system. The type of biometric information, and the duration for which it is held, are factors that will affect the permissibility of a given biometric surveillance program.