Biometrics in counter-terrorism report raises human rights, ethical issues
A new report on extreme surveillance and biometric data collection in the process of countering terrorism, and how human rights and freedoms are affected by them, has been published by the Univeristy of Minnesota’s Human Rights Center and reviewed by Privacy International.
“In the absence of robust rights protections which are institutionally embedded to oversee collection, storage, and use of such evidence, relevant practices are likely to infringe international human rights law standards,” reads the report ‘Use of Biometric Data to Identify Terrorists: Best Practice or Risky Business?’, written by Professor Fionnuala Ní Aoláin, United Nations Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, and Dr. Krisztina Huszti-Orbán, senior legal advisor to the UN Special Rapporteur on counter-terrorism and human rights.
The privacy watchdog insists a human rights-centered approach is mandatory, having already disagreed with the obligations enforced by Security Council Resolution 2396 on UN Member States.
According to the Resolution, the states have to “develop and implement systems to collect biometric data, which could include fingerprints, photographs, facial recognition, and other relevant identifying biometric data, in order to responsibly and properly identify terrorists, including foreign terrorist fighters,” measures that have to be “in compliance with domestic and international law, including human rights law.”
However, the report points out that many countries do not have the right legislative framework and mechanisms to ensure data and privacy security, and that dialogue on this matter has been missing. It also argues that the UN report released in 2018 with the Biometrics Institute “falls short of comprehensively addressing human rights implications and providing granular guidance to Member States.”
Biometric data processing needs to be addressed in a national legal framework that the public can access and understand, to accurately see how it can be applied and the implications it may have on privacy, the Special Rapporteur writes. The report says biometric legislation has to address data use and sharing especially by law enforcement and intelligence agencies, who allegedly take advantage of counter-terrorism legislation “to bypass and ignore other obligations.”
If there is a need to breach privacy the action has “to comply with the principles of necessity and proportionality to ensure that the least intrusive means to achieve the relevant legitimate aim is adopted.”
The report points out the importance of regulating retention and access to biometric databases, due to a number of risks that may arise in a given timeframe, ultimately compromising data integrity. Biometric data should be deleted if it is no longer necessary, while biometric systems and databases must be secured to prevent unauthorized access.
Privacy International also discusses threats associated with automated personal data processing conducted through AI technologies, such as profiling, discrimination, and unconsented identification and tracking. International data sharing among Member States is not mandatory, but encouraged, therefore it should be regulated to prevent human rights violations or abuses, the organization says. Independent oversight systems are another suggestion to prevent unlawful implementation of measures.
The biometrics industry and surveillance companies should be more transparent with operations, involvement and interests, and abide by UN Guiding Principles on Business and Human Rights (UNGPs), Privacy International writes. Marginalized or discriminated communities could be more affected by biometrics and facial recognition use, as counter-terrorism has been used as justification in violating human rights.