In George Orwell’s 1984, all of the people living in Oceania are watched by giant two-way TV screens wherever they go. Whether they’re at work, at home or out on the streets, they are watched by Big Brother through the ever-present screens. But the surveillance technology of the not-so-distant future may be much more surreptitious than that. We might not know when Big Brother is watching.
Instead of the omni-present Big Brother who makes his presence felt, privacy advocates fear that we might be watched by those who wish to hide the fact that they are keeping close tabs on who is doing what, where. We might be scanned from afar as we make our way to a ball game, enter a mall or visit a public monument. Everywhere we go, our movements might be tracked, unbeknownst to us, and all of that information may be pooled together.
Biometric technology may play a big part in such a society.
Privacy experts say the technology has its place — but companies that deploy it must learn how to use it properly so that their worst fears aren’t realized.
Peter Hope-Tindall, a Toronto-based privacy consultant, is among those who think biometric technology has its use while still urging the need for caution. But he worries about function creep, the need for consent and transparency, and the creation of a ubiquitous infrastructure.
While biometrics might be the right solution for a company looking to safeguard its doors and control access, it may be the wrong path to go down for governments looking to safeguard their borders and keep terrorists out, he says.
In the first instance, a company is registering a finite number of workers and comparing those who go in and out with a small, carefully protected database. In the second instance, a government could be comparing thousands of travellers going to and from its country each day using different types of biometrics, such as facial and gait recognition. In the latter, the chances of getting false negatives and false positives — in which someone is mistakenly identified as being on a watch list — rises significantly. Such a project on a large scale may create a false sense of security or may cause so many rejections that no one can travel anywhere, Hope-Tindall says.
“We shouldn’t be fooled into thinking that merely using biometrics increases security,” he says. “You may find it causes more chaos than it solves.”
In short, it’s a lot easier to operate a system that validates 5,000 employees than one that checks five million travellers.
Ann Cavoukian, the information and privacy commissioner of Ontario, also has concerns about such programs.
“Most people think that as a privacy commissioner, I would by necessity be opposed to biometrics. That’s not necessarily true,” she says. There’s a difference between biometric programs that do one-to-one comparisons and those that do one-to-many comparisons, she says.
The first — in which an employee walks up to a machine, presents a finger or eye for scanning and then slides a card into a reader for comparison — doesn’t require the retention of a centralized database. Such databases can later be used for unintended and undisclosed purposes, Cavoukian says.
There is no reason for organizations in the private sector to keep such databases, she says. “The temptation to use it for other purposes is very strong.”
The case for one-to-many comparisons is much stronger in the public sector, she says, but stresses the need for caution.
But such programs are going ahead.
Under the U.S. Visitor and Immigrant Status Indicator Technology program, the American government has begun collecting two index finger scans and a digital photograph of all foreigners crossing into its border, with the exception of Canadians (at least for the present).
Individuals are checked against FBI terrorist watch lists. And the bigger the database against which they are checked, the greater the chance of false positives and false negatives, Cavoukian says. There needs to be a secondary screening program to identify false positives, she says.
“There’s a practical concern as well as to what happens to the lives of people who are identified in false positives.”
Biometric technology is being used on a much smaller scale at Canadian borders. Frequent travellers can register for Canpass so that they can bypass the sometimes lengthy lineups at customs.
The self-service iris scanning kiosks are currently available at the Edmonton, Winnipeg, Calgary, Halifax, Montreal, Toronto and Vancouver airports. Pre-approved travellers walk up to the machines and have their irises scanned for verification.
Those who sign up must first pay a registration fee and pass what the Canada Border Services Agency (CBSA) calls a “rigorous background check,” though it wouldn’t provide any details on what the check entails. And when asked how the Canpass program would protect against those who are a part of a terrorist sleeper cell and living seemingly normal lives, CBSA media relations person Cara Prest would only say that the rationale of the program was to pre-approve low-risk people so that it could “concentrate its efforts on high-risk, unknown travellers.”
Failure to enrol
Other Canadian organizations are also beginning to use biometrics technology. The Canadian Air Transport Security Authority (CATSA), a Crown corporation in charge of screening air travellers, is using biometric technology to allow its workers access to restricted areas through the Restricted Area Identification Card (RAIC).
The RAIC program relies on two different types of biometric technologies — finger and iris scanning.
This addresses one of the concerns raised by privacy advocates — that biometric technology isn’t always reliable and that not all people can be enrolled in certain biometric programs.
Fingerprint scans, for example, are notorious for excluding certain groups from registration. Elderly people, whose skin is sometimes thin, artists or workers who use their hands and whose finger ridges have rubbed off and Asian people who may have small ridges, have a harder time registering for fingerprint scans.
However, Colin Soutar, chief technology officer for Markham, Ont.-based biometric technology vendor Rycom, says such concerns are over-stated and based on older technology. The actual number of failures to enrol are less than the stated four per cent, he says.
“Typically, there are alternate means set up so that individuals can access what they need to access,” he says.
Personal info guarded
Though CATSA makes it possible for airports to use two different kinds of biometrics to control access, typically, most entry points only use one. Airports determine which biometric to use at which entry point, depending on what makes sense.
In certain areas, where workers are handling a lot of materials, for example, their hands may be dirty, making iris scanners more desirable. High travelled areas, on the other hand, might require dual verification.
“Part of what we’re proud of is it’s a dual biometric stored on a single card,” says Rob Durward, CATSA’s Ottawa-based director of technical programs.
When someone registers, a unique signature is created and CATSA checks it against a centralized template to ensure that it isn’t a duplication of another worker’s.
However, none of the information stored nationally or at individual airports is personally identifiable, he says. This is another of CATSA’s efforts to address the concerns of privacy advocates. Only numerical data is stored in the database and the information on the card is encrypted.
The finger or iris scan is used to create a numerical algorithm that is stored on the card and can’t be reverse-engineered if the card is lost or stolen, Durward says. Airport personnel still undergo random screening everyday, to make sure restricted material isn’t brought in.
The default technology
Though in many cases, organizations like to try to make technology as unobtrusive as possible, Hope-Tindall much prefers technology that gets in his face. Those that work at a distance can work without his knowledge.
“Iris (scanning) is much more invasive, but I know when it’s being used,” he says. Facial and gait scanning can be used surreptitiously, at a distance, eliminating transparency and consent.
Hope-Tindall also worries about the creation of a ubiquitous infrastructure in which biometric scanning is used for everything from large bank transactions to small purchases, such as buying a tube of toothpaste at a local corner store. The first, says Hope-Tindall, is justifiable, the second doesn’t make sense, but might still one day become a reality.
The technology might become so ubiquitous that organizations will use it as the default, thereby creating an underclass of people who can’t get access to anything because they can’t or won’t register.
The key, says Hope-Tindall, is to evaluate each case as it arises and remain cautious.
“There’s some tendency on the part of privacy people to think a technology is either all good or all bad. We don’t want to react too emotionally. Instead, we want to see how the technology is being used,” he says. “The biggest threat to us is apathy. Demand to know how technology is going to be used.”