The Identity We Can't Change
This guest piece was written by Leandro Ucciferri of the Association for Civil Rights (Asociación por los Derechos Civiles). It does not necessarily reflect the views or position of Privacy International.
We look at our smartphone first thing in the morning to check the weather, and our to-do list for the day. During breakfast, we read the news and learn about what is going on in the rest of the world. In our commute to work or college, we scroll through our social media feeds to check on our friends, family, and acquaintances. We might download a new app, or listen to a new song.
We can do all of this, quickly and easily - we just press our finger on the smartphone's fingerprint reader to unlock it, to purchase an app or check our bank balance. Without realizing our biometric personal identity has become fused with our most personal electronic device.
The introduction of biometrics in consumer technologies has taken massive leaps forward in the last few years, which has led to its normalisation.
Biometrics is the process by which one seeks to recognize, authenticate, and identify a person, based on their biological (DNA and blood), morphological (shape of hand, palm print, fingerprint, vein pattern, face, iris, voice, and ears) or behavioural (the way of walking, posture, signature, typing) characteristics. That is to say, attributes that are irrevocably related to the identity of a person.
The market for biometric technology has become one of the most lucrative in the world, not only because of its application on mobile devices (smartphones with fingerprint, iris and facial readers), but also because of its increasing use in web services (mainly facial and voice recognition). Despite being presented on occasion as an infallible technology, biometrics are not free of weaknesses and vulnerabilities.
The report "The Identity We Can't Change" seeks to explore this issue and raises some of the questions about the role of this type of technology in society, and fundamentally how it can become a tool capable of affecting human rights.
The title of the report emerged from two key problems of biometrics. Firstly, our biometric information, except our DNA, is not secret. Secondly, biometric data is practically impossible to change. How do we get a new set of fingerprints? A new face? A new voice?
Experts from diverse fields have carried out studies that address the vulnerabilities of certain biometric identification technologies, such as the extraction of fingerprints from photographs and objects we touch, and subsequent falsification of those fingerprints; or the accuracy problems of facial recognition systems, which may lead to discriminatory practices on ethnic and racial grounds.
Biometric data is not used solely by private companies in order to make a profit. States are one of the main actors in biometrics, with large scale biometric databases of their citizens. In light of this, what are the safeguards in place to avoid manipulation and adulteration of such stored data? What type of guarantees should be established to ensure the integrity of the data obtained?
In Argentina, the recognition of biometric data as sensitive data, within the genre of personal data, is a debate that is still pending. In this sense, it is worth asking ourselves: What are the new challenges posed by the identification of people from biometric data? How can we prevent discriminatory practices based on that biometric data? What are the guarantees put forward by the state to prevent biometric data being used as a tool for segregation or against particular social groups?
One of the goals of our research is to shed some light on one of the less debated subjects in Argentina's society, but which presents great concerns for the exercise and development of individual freedoms of people - The Federal Biometric Identification System for Security (known as SIBIOS, which is its acronym in Spanish), introduced in 2011, based on a security and crime prevention logic.
Through our report we resume the work started by ADC in previous years, deepening and updating the information, exploring what data is being collected by SIBIOS, what is the collection process, which organisms and provinces are part of the System, what is the technology used by the Ministry of Security and the Ministry of Interior, and some of the uses of the System in practice.
The report shows that, despite the lack of publicly available information on this matter, SIBIOS has been in constant expansion, being implemented practically in all the provinces of the country, and recently with expectations of being extended to agencies dependent on the Executive and Judicial Branch in all the jurisdictions of the country.
The use of biometric identification systems, and particularly SIBIOS in Argentina, are cloaked in secrecy, characteristic of traditional intelligence and military institutions. SIBIOS is rooted in the development of the policies of identification of citizens, often related to former authoritarian regimes, as is the case in Argentina. The lack of transparency in how the State uses these systems, how the biometric data stored in the databases are safeguarded, and what the limits to the use of biometric technologies by governments should be, what were the parameters of consideration for the acquisition of technological solutions, are all questions that are yet to be answered.
All responses to these questions should take into account the elements provided for in the Constitution and the main international human rights treaties. Any interference by the State must be based on strong grounds, supported by hard data and evidence, as well as serious and independent diagnoses. These are all essential, to meet the conditions of necessity and proportionality for any measures that seek to restrict our fundamental rights.