House hearings are in progress today on biometric ID's, which would be used for Social Security cards. The plan is part of Congress' comprehensive immigration reform plan which would tighten border security and create a pathway to citizenship for the 11 million undocumented immigrants currently here in this country. The plan is being pushed by Senators Chuck Schumer and McCain.
Pro:
The website Biometric Update, one of the leading news sites for the industry, published an opinion piece supporting the use of biometric ID's for Social Security cards.
McCain and Schumer discussed their position in a roundtable with Politico. The biometric ID component would replace voluntary programs like e-verify. McCain and Schumer say that this would ensure that employers only hire people who are legally entitled to be here in the US.
The Biometric Update site continues:
Currently, Social Security is subjected to a wide range of fraud, due to the ease of obtaining a forged driver’s license in order to receive a fraudulent Social Security number. Social Security numbers can also be obtained and used illegally through identity theft. Senator Schumer acknowledged that the only way to combat fraudulent use is if the government issues a non-forgeable card, leveraging technologies such as biometrics.
However, the Supreme Court ruled unanimously in 2009 that prosecutors cannot use identity theft laws to prosecute immigrants who use false Social Security numbers to get jobs.
The question in the case was whether workers who use fake identification numbers to commit some other crimes must know they belong to a real person to be subject to a two-year sentence extension for “aggravated identity theft.”
Justice Samuel A. Alito Jr. said in a concurring opinion that a central flaw in the interpretation of the law urged by the government was that it made criminal liability turn on chance. Consider, Justice Alito said, a defendant who chooses a Social Security number at random.
“If it turns out that the number belongs to a real person,” Justice Alito wrote, “two years will be added to the defendant’s sentence, but if the defendant is lucky and the number does not belong to another person, the statute is not violated.”
This, the Times article notes, was used in the Postville (IA) case to imprison hundreds of people the government says were here illegally for five months under plea deals before deporting them.
Justice Stephen G. Breyer, in his opinion for the court, said the case should be decided by applying “ordinary English grammar” to the text of the law, which applies when an offender “knowingly transfers, possesses or uses, without lawful authority, a means of identification of another person.”
The government had argued that the “knowingly” requirement applied only to the verbs in question. Justice Breyer rejected that interpretation, saying that “it seems natural to read the statute’s word ‘knowingly’ as applying to all the subsequently listed elements of the crime.”
He gave examples from everyday life to support this view. “If we say that someone knowingly ate a sandwich with cheese,” Justice Breyer wrote, “we normally assume that the person knew both that he was eating a sandwich and that it contained cheese.”
Since prosecutors can no longer use identity theft laws to prosecute immigrants who obtain fictitious Social Security cards except when they belong to a real person, this is why our legislators are proposing biometric ID as a way of getting around the Supreme Court roadblock.
This is a position that is also shared by the President.
There are three critical flaws in the e-verify system that is presently used to determine whether someone is authorized to work here in the US. First of all, it is voluntary and not required by law. Secondly of all, according to the Huffington Post, it is riddled with errors; 54% of the time, the system wrongly stated that immigrants were authorized to work here in the US. And only 20 states require its use while there are many municipalities in California which ban its use.
Con:
The Biometric ID site acknowledges that the balance of power currently resides in the hands of the states. The Federal Government tried to pass the Real ID Act in 2005, only to have 13 states comply with it. Currently, Missouri is in an uproar over its Department of Revenue sharing data with the Federal Government in an effort to comply with the mandate and the legislature threatening to withhold all funding. And any Biometric ID provisions of comprehensive immigration reform will likely have trouble passing Supreme Court muster since this is a court that is concerned both with states' rights and privacy rights.
Another problem is privacy rights. The Electronic Frontier Foundation has a dated link that nonetheless still has a good overview of the case against biometric ID's. The link is entitled "Who is watching you?" implying that passing Biometric ID's is akin to bringing about a real-life version of Orwell's book 1984.
The first concern is that privacy violations would be easier and more damaging.
Biometric technology is inherently individuating and interfaces easily to database technology, making privacy violations easier and more damaging. If we are to deploy such systems, privacy must be designed into them from the beginning, as it is hard to retrofit complex systems for privacy.
This is one of the reasons why it would have such a hard time passing Supreme Court muster.
In an April ruling, Missouri vs. McNeely, one that was supported by Scalia, the court ruled that due to the intrusive nature of conducting blood tests on DWI suspects, police officers were required to get a warrant and that the totality of the circumstances must be considered. Although the circumstances are different and a warrant would obviously not be required to provide a Biometric ID, the principle is the same -- obtaining bodily characteristics of people in this manner is highly intrusive and such a provision would have a hard time passing muster.
Among other objections raised by the EFF:
Biometric systems are useless without a well-considered threat model. Before deploying any such system on the national stage, we must have a realistic threat model, specifying the categories of people such systems are supposed to target, and the threat they pose in light of their abilities, resources, motivations and goals. Any such system will also need to map out clearly in advance how the system is to work, in both in its successes and in its failures.
This is what the current hearings are trying to address.
Biometrics are no substitute for quality data about potential risks. No matter how accurately a person is identified, identification alone reveals nothing about whether a person is a terrorist. Such information is completely external to any biometric ID system.
The Boston bombers, for instance, came here legally. Therefore, they would have slipped through these requirements had they been in place.
Biometric identification is only as good as the initial ID. The quality of the initial "enrollment" or "registration" is crucial. Biometric systems are only as good as the initial identification, which in any foreseeable system will be based on exactly the document-based methods of identification upon which biometrics are supposed to be an improvement. A terrorist with a fake passport would be issued a US visa with his own biometric attached to the name on the phony passport. Unless the terrorist A) has already entered his biometrics into the database, and B) has garnered enough suspicion at the border to merit a full database search, biometrics won't stop him at the border.
For instance, when the 9/11 bombers came to this country, they were not on anyone's radar screens that we are aware of. They came here legally and did not appear on anyone's radar screens until it was too late.
Biometric identification is often overkill for the task at hand. It is not necessary to identify a person (and to create a record of their presence at a certain place and time) if all you really want to know is whether they're entitled to do something or be somewhere. When in a bar, customers use IDs to prove they're old enough to drink, not to prove who they are, or to create a record of their presence.
Would requiring people to prove citizenship or legal authorization be better? That would have its own privacy concerns and compliance issues. Another alternative might be to fix the e-verify system and require its use nationally.
Some biometric technologies are discriminatory.A nontrivial percentage of the population cannot present suitable features to participate in certain biometric systems. Many people have fingers that simply do not "print well." Even if people with "bad prints" represent 1% of the population, this would mean massive inconvenience and suspicion for that minority. And scale matters. The INS, for example, handles about 1 billion distinct entries and exits every year. Even a seemingly low error rate of 0.1% means 1 million errors, each of which translates to INS resources lost following a false lead.
This was written in 2003. So have we progressed to the point where we have reduced the error rate? And what are the contingency plans in the event of a false positive in the system?
Biometric systems' accuracy is impossible to assess before deployment Accuracy and error rates published by biometric technology vendors are not trustworthy, as biometric error rates are intrinsically manipulable. Biometric systems fail in two ways: false match (incorrectly matching a subject with someone else's reference sample) and false non-match (failing to match a subject with her own reference sample). There's a trade-off between these two types of error, and biometric systems may be "tuned" to favor one error type over another. When subjected to real-world testing in the proposed operating environment, biometric systems frequently fall short of the performance promised by vendors.
So any Biometric ID system that is passed would have to have independent verification of its accuracy. This is similar to the FDA, which requires independent verification of safety and effectiveness for new drugs on the market.
The cost of failure is high. If you lose a credit card, you can cancel it and get a new one. If you lose a biometric, you've lost it for life. Any biometric system must be built to the highest levels of data security, including transmission that prevents interception, storage that prevents theft, and system-wide architecture to prevent both intrusion and compromise by corrupt or deceitful agents within the organization.
One passage in Revelation is eerily relevant to this discussion. It envisioned a time in which all people were required to receive the Mark of the Beast; all persons who did not do so could not legally buy and sell. If done right, a Biometric ID law would enhance border security and help protect ID's. If done wrong, it could create a nightmare similar to the Great Tribulation of Revelation.