The Physiognomy of Biometrics
The face of counterterrorism
III.
Although biometrics does make forging credentials more difficult, a person’s biometric data can still be stolen. A 2003 National Academies of Sciences report, for example, recommended that "biometrics should not be sent over a network" because the transmission of templates to a remote database presents the risk of theft. Yet, "the biggest reason biometrics are vulnerable to misuse," the NAS report warned, "is that, unlike computer passwords or bankcard PIN numbers, they’re not secret." "Collecting the data needed to compromise a person’s bioprint," David Hamilton observed in the Wall Street Journal, "may be no more complicated than spying on him for a day or two" before lifting a fingerprint from a glass. And "once someone steals your biometric," security expert Bruce Schneier explains, "it remains stolen for life." While the government can issue a new passport or a bank, a new PIN number, a person has only one face and ten fingers.
As one critic put it in the New Scientist, "I could give you my fingerprint and you still wouldn’t know who I am. Biometrics says nothing about whether I’m a terrorist or not."Even if biometric technology were infallible, critics maintain that it violates a person’s right to privacy and compromises our ability to live in a free society. Stephen Kent, committee chairman for the NAS report on biometrics, warned, "The ability to remain anonymous and have a choice about when and to whom one’s identity is disclosed is an essential aspect of a democracy." Others worry about what sociologists call "function creep," the process by which information is used beyond its initial intended and limited use. The ease with which facial recognition systems have been integrated with closed circuit television cameras or other third-party databases has alarmed civil liberties and human rights activists, who are concerned that biometrics would lead to the creation of a global surveillance infrastructure. "Without social agreement and legal restrictions on how the system could be deployed," George Washington law professor Jeffrey Rosen imagines, "it could create a kind of ubiquitous surveillance that the government could use to harass its political enemies or that citizens could use, with the help of subpoenas, to blackmail or embarrass each other."
If 9/11 sparked the biometric boom, there are doubts about how effectively the technology can identify future terrorists. As one critic put it in the New Scientist, "I could give you my fingerprint and you still wouldn’t know who I am. Biometrics says nothing about whether I’m a terrorist or not." Indeed, all nineteen of the 9/11 hijackers entered the country using valid visas, on their own passports. "Verifying their identities using biometric visas," the Economist recently argued, "would have made no difference." Even though photographs of known terrorists can be enrolled into facial recognition systems, only a few terrorists have ever been identified, and those images are often blurry and unreliable. Others contend that terrorists could exploit human error during the nontechnological process of enrollment. As technology specialist Keith Rhodes warned Congress, "[B]iometrics cannot necessarily link a person to his or her true identity . . . People who are not on the watchlist cannot be flagged as someone who is not eligible to receive a credential."
