Privacy International calls for new UN guidelines for biometrics in counter-terrorism
Privacy International is calling for new guidelines on biometrics from the UN to protect human rights in a new briefing on the implications of biometrics-based identification systems adoption.
In the 17-page “Briefing to the UN Counter-Terrorism Executive Directorate on the responsible use and sharing of biometric data to tackle terrorism”, the organization makes the case that the adoption of biometrics technology to identify terrorists has not been balanced by adoption of appropriate regulation and oversight.
The potential for biometrics to play a key role in investigating and preventing terrorism is acknowledged upfront, as well as the inclusion of biometrics in UN plans and principles. The briefing then surveys general trends in government use of biometrics, including increasing sophistication of the technology used, the increasingly broad range of sources for biometric data, and the development of centralized databases. These provide context for a human rights analysis of biometric identification systems. The UN Security Council demands the use of biometrics for counter-terrorism activities, and that the technology be used in accord with domestic and international human rights law, but does not elaborate on what laws apply, which Privacy International says leaves a significant gap.
The brief also notes that the UN 2018 Addenda to the 2015 Madrid Guiding Principles recognizes challenges to human rights potentially posed by biometric technology. Privacy International quotes the recommendation among the Principles that states adopt “privacy-impact assessments, or review or other oversight bodies, to anticipate and consider the potential impact of such new technologies or applications.”
Privacy International says national legal frameworks are inadequate in most countries, and that they do not effectively address the risks of biometric data misuse, particularly at scale. The advocacy group recommends greater roles for necessity and proportionality assessments, and says many centralized systems, which allow not just authentication but identification, would not pass such assessments. The brief also addresses the retention of and access to biometric data, database integration and interoperability, the risks of security breaches, involvement of foreign entities in biometric systems development, and international information sharing.
“Of particular concern to Privacy International is the almost unqualified support for ever expanding biometric databases (and the integration of existing ones) coupled with expanding access to the data to a wider range of law enforcement and security agencies,” the briefing concludes. The need for technical assistance across state lines without accompanying robust human rights safeguards is also identified as a major concern.
The UN Counter-Terrorism Executive Directorate (CTED) is called on to cooperate with the UN Special Rapporteur on counter-terrorism and human rights to develop “precise and comprehensive human rights guidelines on the implementation of the decision by the Security Council 2369(2017) demanding that states develop and implement systems to collect biometric data.”
The UNCTED and the Biometrics Institute launched a “Compendium of Recommended Practices for the Responsible Use & Sharing of Biometrics in Counter Terrorism” last year, and is actively promoting it to member states. Privacy International clearly feels these measures are not enough.