Biometrics and the government

Have you seen movies about the future where the police easily identify criminals by checking with high-tech gadgets? Characters change their appearance to escape law enforcement (the movie "Minority Report") or try to get rid of the stigma of being "unfit" (the movie "Gattaca")?

In early 2022, a utopian future no longer seems implausible. We buy goods from marketplaces, interact with colleagues at work and in school remotely, and get help from the government with smart devices. Along with the obvious benefits, these processes are forcing us to face new challenges.

The state's sphere of influence is expanding. By integrating biometric technology, it is embracing the digital field and thus increasing its control over the population. Not everyone is willing to compromise privacy, which raises a number of questions:

  1. Should we fear "total surveillance," as in the movies "The Truman Show" and "Enemy of the State" (links would be placed here)?
  2. Is the sacrifice of personal freedom justified?
In this long-reading we will try to answer the questions and determine in whose favor the "scales are tipped" with regard to biometrics. Let's start with the concepts.

Let's start with the concepts.
What is biometrics?
Biometric data is a type of personal data which contains information about a person's physiological and biological characteristics. Your age, weight, sex, health status, facial photo, fingerprints - all this can be classified as biometric data as long as it is collected to identify the subject.

Not all biometric data is uniform - it can be static or dynamic. Some characteristics are determined by a person's physiology - iris, fingerprints and DNA - while others are behavioral - voice, handwriting and signature.
Let's start with the already well-known and innocuous technology
Case of the Italian mafia

How did you find me? I haven’t even called my family for the last 10 years!

The Google maps image shows a short man in a shirt talking to a vegetable shop clerk. At first glance, nothing remarkable: we see a provincial town, a small part of which was caught in the camera lens. At the same time, an inconspicuous shot captures the former head of a mafia group, who for 20 years hid from prosecution. Thanks to this image, the police were able to locate the suspect.

This case is a clear demonstration of how vulnerable you can be. Your geolocation could potentially be set using tools outside of your control.

In addition, recognition technology cannot guarantee a 100% result, so there is the potential for error. Under these circumstances, should you trust a system that can mistake a law-abiding citizen for a criminal?

Failures in the recognition system are known. They are referred to in foreign sources as false positive identification. This concept includes all those cases in which there is a possibility of erroneous facial recognition. For the second, Russian case, let's take a closer look at this topic.

Situation in Russia
Russian law has no requirements for the accuracy of recognized information when identifying a person.

It was the absence of this requirement that was associated with the incidents accompanied by human rights violations during the coronavirus pandemic.

The Rosmonitoring app tracked the geolocation of people in Moscow, and if they were absent from their place of isolation, citizens were automatically fined under the "covid" article of the Administrative Code. Importantly, the app often gave false positive identification, which led to violations of the rights of even those who could not physically leave their apartments. Subsequently, the Supreme Court provided clarification, correcting the errors of law enforcement.

The so-called "smart cameras," actively used in the Moscow subway, also often give erroneous results when recognizing faces. Despite the fact that the data received from "Sphere" cameras are used to detain almost 3 thousand suspects, the question arises: is it acceptable to record people in the Metro with the following transfer of their data to third parties?

Formally, the article 11 of the Federal Law "On the Protection of Personal Data" sets forth an explicit prohibition on transferring personal data to third parties. However, this rule can be interpreted broadly, allowing an exception to the law for the sake of security. And rightly so: the public interest in this case outweighs the private interest. For the sake of catching criminals, the state and part of the population consider the use of facial recognition technology legitimate, even if its use is likely to intrude on the sovereign's private sphere.

One can only guess where the boundaries of security lie. Can the state use facial recognition under the pretext of "security" in order to spy on the population? Let us examine this problem with the example of Singapore's widespread use of cameras.
Singapore model
Singapore is looking to expand the use of cameras and technology for more effective law enforcement and first responders. Currently, the police have installed nearly 90,000 cameras in public places such as parking lots and residential areas.
According to the Minister of Singapore, the installation of cameras has been a "game changer" in deterring and investigating crime. This is evidenced by the statistics. As of December 2020, smart cameras have helped police solve 4,900 cases.

The achievements in reducing crime are diluted by statements from researchers and the public, with one voice stating Singapore's transition to digital authoritarianism. In other words, collecting and processing so much data creates a situation of total control over citizens.

We do not live in Singapore, but it is important for us to understand that Singapore's policy of data privacy is welcomed by the Russian authorities. Collaboration based on adopting the experience of smart cameras could be the starting point on the way to forgetting the issue of privacy.

Of course, facial recognition technology poses threats. However, in addition to them, there are positive trends. Let's talk about them in more detail.

British and cheese

4. British police were able to find a drug dealer from a photo with a piece of cheese. How did they do it?

A picture of a piece of cheese clearly showed the fingerprints of an intruder named Stewart. Law enforcement in Britain gained access to the photo after the government hacked into the secretive EncroChat social network. This case reminds us that even fingerprints can be used to identify us. In most cases, we share our data ourselves, but in some cases, the government will find information about a person on its own, which is the subject of the following case study.

Australian police will determine the appearance of suspects by
The new technology, known as Massively Parallel Sequencing (MPS), allows investigators to predict person's gender, biogeographic origin, eye color and hair color. Technically, MPS allows any subject to be identified, making it especially dangerous in the hands of abusers. The government insists that the data system is secure and closed, denying the very possibility of hacking. Time will tell how accurate the authorities' assurances are.

To conclude, states around the world have become more active in collecting, storing and using biometric data on citizens. Biometric databases are becoming a trend, including in the Russian Federation.

In 2017, the Unified Biometric System (UBS) was announced, which should "increase the availability of digital services for citizens''. At the moment, registration in it is not mandatory, but the experience of the coronovirus pandemic may encourage authorities to actively fill the base with new users.

Ultimately, the main question facing the reader is whether a balance between privacy and security can be found. Different countries have taken different approaches, and many are still just finding them, but it is up to society to decide which way the scales are tipped.