Challenging biometrics use in 4 not-at-all-easy steps
Acknowledging history is running against anyone opposing national biometric identity systems, a partisan privacy nonprofit has published a sizable guide for lawyers working to stake out individual rights.
In its guide, published this month, Privacy International seeks to give pro-privacy organizations useful background for court fights. Its members are intent on pushing against what they feel is never-ending encroachment on the individual’s preference (if not universal right) to go digitally unnoticed by governments, data profiteers and data thieves.
Privacy International has perhaps the most direct mission statements ever published: Members seek to “protect democracy, defend people’s dignity, and demand accountability” from governments and businesses that abuse freedoms “and the very things that make us human.”
In writing the report, the organization enlisted the help of Harvard Law School’s International Human Rights Clinic.
The report’s biometrics portion cites battles that went to the top courts in India, Mauritius, Kenya and Jamaica. Pro-privacy arguments have won the day only in Jamaica. Of all of the examples, India’s dogged buildout of and defense of it biometric system, Aadhaar, has been most thoroughly analyzed globally.
Basing their guidance on cases litigated in the four nations, the report’s authors recommend attorneys attacking the use of biometrics include four arguments in their strategy.
The arguments are designed to get judges to question how effective and necessary biometric data is and how collection, use and storage of the data poses unique threats to the rights of people.
Attorneys should challenge the fallibility and accuracy of biometric systems, which have been demonstrated with some regularity to disadvantage anyone who is not a light-skinned middle-aged male.
In arguments before the Jamaican Supreme Court, attorneys said that probability undergirds the entire premise of biometrics. Authors of the report quoted written statements from the High Court:
“The differences in sensitivity of the devices executing the initial data collection and subsequent comparison affect the reliability of biometric identity systems and increase the risk of false positives and false negatives.”
Challenges to India’s Aadhaar ID card and biometric system cited error rates that varied remarkably by state. Failures reached 49 percent in the state of Jharkhand and 37 percent in Rajasthan. Yet according to documents cited by Privacy International, Gujarat recorded a six percent error rate and the Krishna district five percent.
The organization also recommends the “better tools exist” argument, though it is hard to deny that this tactic is less than robust. Indeed, this is the skimpiest section. It notes that jurors and litigants have made the point, but nothing specific came up in cases, and is not mentioned in the report.
The authors are on firmer ground with their recommended intrusiveness argument.
Mauritius, which affords a constitutional freedom from unlawful search and seizure, goes a step further, requiring the government to prove any search conducted is justifiable “in a democratic society.”
Mauritian opponents to over-reaching biometric systems have argued that the data sought is not justification enough. Indian opponents have argued that collecting, much less storing and using, biometric data is offensive to some cultures and religions.
Kenya has heard arguments that trade on common concerns of people here, according to Privacy International.
Collection when the subject is unaware is an assault on a person’s human dignity. And the phrase secure storage is becoming an unfillable promise. That raises the question: Is even the chance that their personal data will be disclosed a price people should pay for living in a society managed by systems with a measurable probability of failure?
Which leads to the group’s recommended permanence argument.
In Jamaica, Supreme Court justices heard the undeniable fact that the longer personal data is held, the more likely it is that it will be stolen, and stolen is forever.
Indian courts addressed this concept from a different, European-influenced angle. According to the report, the courts have restricted how long government data can be stored in order to protect a person’s right to be forgotten.