Informed consent with a human-rights-minded perspective can lead to a better way of handling other people’s data through fairness, transparency, limitations, and accountability on the part of the law.
In a world ruled by technology, biometric authentication — using unique biological data to verify a person’s identity — is an everyday occurrence. Most people own multiple devices that collect and analyze their biometric information. For example, smartphones use biometric features like facial identification scanning, fingerprints, and multi-factor authentication to grant access. Despite the conveniences of biometric data, this issue is fraught with fear and controversy, especially regarding its use by law enforcement.
Biometric Data in Law Enforcement
Biometric data involves using technologies to identify people in various scenarios, particularly in criminal justice. It has long been a law enforcement tool as far back as the Civil Rights movement when political figures such as Malcolm X and Martin Luther King, Jr. were under surveillance by the FBI.
Modern technologies such as retinal scans, fingerprints, hormone mapping, voice mapping, DNA analysis, and facial recognition may allow law enforcement to emphasize higher security rates and combat terrorism. Unfortunately, there are ethical concerns about the accuracy of biometric data and its potential misuse. For example, facial recognition technology affects personal privacy and can endanger minorities for whom this technology appears negatively biased.
In addition, employee credentials and biometric data can easily be stolen and then used to access networks illegally. As such, the public sector must address these concerns by implementing different digital security measures, such as firewalls, multi-factor authentication, and cloud protections, to protect biometric data.
The government and law enforcement agencies can address both of these concerns by using digital compliance and security measures to protect employees’ and consumers’ information from identity theft.
Law enforcement agencies are groups dedicated to ensuring that laws are followed and that anyone who breaks those laws is brought to justice. That justice can only occur if the accused criminal’s identity is known and evidence of their crime exists. Sometimes, criminals try to avoid the law by changing their names, identities, and physical appearances. Biometric data makes that line of criminality much more challenging to accomplish today.
Law enforcement uses biometric data for the following purposes:
- Investigate crime, especially with forensics at crime scenes
- Surveillance, security, and intelligence gathering
- Identification of known terrorists, criminals, or suspects
Ultimately, law enforcement members use biometric data when facing wrongdoers.
While biometric data usage by law enforcement has made identifying criminals faster, it is not without its ethical concerns. Significant ethical problems exist regarding individual privacy, ownership of the data, and its potential use by authoritarian states, such as China, to remove democratic rights from its citizens.
The most pressing ethical concerns are:
- Technical: If biometric data is lost, stolen, or hacked, not only can that stolen identity lead to various forms of theft, but it is lost forever and is impossible to replace;
- Risk of misuse: Selling consumer data is a lucrative business, and an individual’s biometric data can be misused and stolen for commercial gain;
- Human rights violations: Law enforcement members use biometrics for identification; however, unethical biases toward race, gender, and creed, amongst other personal identifiers, may influence an officer’s use of this data.
These issues are at the heart of proposed laws and lawsuits around the United States. A recent example is Illinois’ Biometric Privacy Information Act. This law, passed in 2008, was prompted by overwhelming litigation concerning the lack of individual consent for using one’s data.
In the Act, any private entity collecting, processing, disclosing, or securing Illinois citizens’ biometric information must follow this law, which requires a written policy, informing individuals, obtaining consent from individuals, and refraining from selling or otherwise profiting from other people’s biometric data.
Transparency and Accountability
The data of most concern is facial recognition information. In 2019, Kimberly J. Del Greco, the deputy assistant director of the FBI, informed the House Oversight and Reform Committee that the FBI had enacted clear, transparent policies regarding the use of facial recognition technology. Strictly enforcing facial recognition software usage and regularly testing, evaluating, and improving the technology is essential to this policy.
However, some entities, such as the Georgetown Law Center on Privacy & Technology, claim there has been little accountability for law enforcement members’ misuse of facial recognition data. They argue that the agencies with the most advanced facial recognition programs are often the least transparent in data use.
Unfortunately, except for Illinois, California, Colorado, Utah, Virginia, and Connecticut laws, most police policies are not subject to public or legislative review. Georgetown’s research found a Seattle regional system that uses the ACLU as a consultant and the Michigan State Police, who initiated an informal review of their facial recognition policy with both the ACLU and a state legislator.
While law enforcement agencies do not want to tip their hands and allow criminals to game the system successfully, the ethical concerns about the misuse of biometric data require far more transparency and accountability than is currently in existence.
Potential Legal Reforms
With growing concern about law enforcement’s use of biometric data, some potential legal reforms are on the horizon. In 2022, the Electronic Privacy Information Center (EPIC) petitioned Congress to acknowledge the data privacy crisis the country now faces. The organization notes that new legislation should cover the following issues:
- Private sector data collection and use
- Comprehensive state privacy laws
- Limits on the collection and use of personal and biometric data
- Ban discriminatory uses of data
- Require fairness and accountability with algorithms
- Prevent unfair marketing practices
- Limit government access to personal and biometric data
- Provide a private right of action
EPIC also calls for a U.S. Data Protection Agency to enforce and regulate data protection policies nationwide.
To ensure data security and protect data privacy, law enforcement agencies should establish data privacy policies for their departments. These policies can also help detect sensitive information and prevent hacks and leaks of an individual’s biometric data.
Facing the Future of Biometric Data Usage
As biometric data and usage expand, the law needs to grow and develop legal means to control how the law uses an individual’s biometrics. Voice recognition and behavioral biometrics are already developing, and if the law does not catch up, it may fall behind permanently in the race to protect private data.
Every person’s biometric information will be endangered, and governments must be proactive rather than wait for another ethical or social disruption. Informed consent with a human-rights-minded perspective can lead to a better way of handling other people’s data through fairness, transparency, limitations, and accountability on the part of the law.