DHS expanding national biometrics database to hold details on over 500 million people, including many US citizens
We’ve just written about China’s ambitious plans to add voiceprints to its existing national biometrics databases. Given the country’s long record of keeping a close watch on its citizens, it’s easy to see this as part of China’s surveillance exceptionalism – the common belief that it is “different”, and that its experiences don’t have much relevance for Western nations. But that would be a mistake.
In many ways, China is not different, just in the vanguard. Ideas that are tried out first in China, where there is little hope of organizing resistance to them, have a habit of turning up later in Western countries, despite local and vocal protests. The main difference is that China is generally not shy about announcing ever-more surveillance of its people, on the grounds that it will supposedly make society safer, whereas Western governments do it surreptitiously, for example by gradually extending the reach of systems that they initially present as mainly aimed at foreigners. That’s been the case for the mass surveillance revealed by Edward Snowden, where local laws were sidestepped on the grounds that the spying took place abroad, or only targeted those in other countries. Something similar now seems to be happening with the main biometrics database in the US:
“The United States Department of Homeland Security (DHS) has contracted one of the world’s largest arms companies to manage a huge expansion of its biometric surveillance programme.
According to a presentation seen by Privacy International, the new system, known as Homeland Advanced Recognition Technology (HART), will scoop up a whopping 180 million new biometric transactions per year by 2022.”
The $95 million contract awarded to Northrop Grumman envisages two stages of implementation, reported here by Defense Daily:
“Increment 1 of HART is scheduled to take 18 months to complete and includes migrating the current biometric capabilities of IDENT [the current Automated Biometric Identification System used by the DHS]. These include storage and matching of fingerprint, face and iris images, as well as latent fingerprint matching, a new data architecture, and a new system development and testing environment. IDENT has limited face and iris matching capabilities.”
The second phase will also last 18 months, and requires improvements in the system’s face and iris matching capabilities, as well as “a biometric fusion element that will produce stronger matching results when multiple biometrics are used in a search query”. Future development may introduce additional biometrics such as DNA and voice recognition, as well as distinctive features, including scars and tattoos.
The chief architect of the earlier IDENT system, Mark Crego, says it was designed to store the fingerprints of up to 200 million people, and support up to 250,000 identification transactions per day. But the system now has over 240 million identities and is conducting over 300,000 transactions per day, while simultaneously adding in face and iris biometric matching technologies. As a result, he says:
“DHS must upgrade how the system manages and makes identity determinations that include face, iris and fingerprints simultaneously while scaling to at least 500 million identities in its database. In addition, the system must support at least 500,000 daily transactions, most in less than 10 seconds, to support border processing.”
Many of those half a billion identities are likely to belong to US citizens. An earlier post on Privacy News Online explained how the proposed Building America’s Trust Act would require facial recognition to be deployed at US airports “to the greatest extent practicable”, while a “biometric exit system” would be established at the busiest airports, seaports and land crossings. The bill would also allocate $125 million to upgrade the automatic license plate readers used by US Customs and Border Protection. These systems will inevitably capture information about millions of Americans.
The huge holdings of the new HART database will be widely available to US government agencies. The DHS, which is responsible for Customs and Border Protection, Immigration and Customs Enforcement, and the Transport Security Administration, can share this data with other US agencies including the FBI and Department of Defense. Perhaps even more troubling is the sharing of highly-personal biometric data about citizens between governments. Privacy International points out that the US exchanges biometric data with authorities in the other ‘Five Eyes‘ countries – the UK, Australia, Canada, and New Zealand. Other regions too are increasing the sharing of sensitive information:
“The EU is also planning to centralise its biometrics verification system in order to easier share data across the Union, while Russia and China also share biometric data through regional security cooperation agreements. Biometrics and behaviour data amassed by industry will also continue to be an irresistible intelligence target for government agencies through sharing requirements and surveillance programmes.”
We are fast approaching a world where vast national biometrics databases are the norm. A post by Edin Omanovic, head of Privacy International’s state surveillance program warns where this could take us:
“Soon, it could be a requirement to verify your identity using biometrics to go into a government building, take public transport, set foot in a shopping centre, or go into an upmarket area of town. For public health reasons, it will be possible to track, stop, or punish people buying fast food, putting on a bet, or buying alcohol and cigarettes.
Automated analysis techniques can be used to identify suspicious movements and patterns, assign risk ratings to people, and add people to watchlists - some of which already contain more than a million people – without any significant human intervention.”
The use of biometrics for purposes such as securing a nation’s border is certainly legitimate. The problem, once again, arises from moving beyond the proportionate use of targeted, small-scale biometrics databases, to massive, nationwide systems that encompass a large proportion of the population. The shift is happening in part because digital technology has advanced so much that such systems are not just possible, but relatively affordable. When it comes to routine mass surveillance by the state, we are all in China now.
Featured image by Gerald Nino/CPB.