[Read more session reports and live updates from the 12th Internet Governance Forum]
Biometrics as a means of delivering social and economic rights is gaining ground in the global south, with several countries requiring their citizens’ biometrics to access services. This panel discussed the different aspects of the implementation of biometric systems including the lack of adequate safeguards for human rights. Ms Marianne Díaz, lawyer and Public Policy Analyst with Derechos Digitales who moderated the panel, explained how governments in Latin America and the global south were introducing biometric systems within public security frameworks. She noted that implementation of these systems affects privacy, autonomy, the body.
Mr Leandro Ucciferri, a researcher at Asociación por los Derechos Civiles, Argentina described the biometric system in Argentina. The use of biometrics was introduced through executive power without a legal framework or public input. Data from citizens and foreigners who enter the country is collected for use by the immigration office, citizens’ office, law enforcement, and sub-national agencies with corporate agreements with the national database. In 2017, this was also extended to other bodies in the executive and judiciary branches.
Ucciferri highlighted some problems with the database, which include the expansion of the biometric project without input from parliament and the people; operations involving the collection of biometrics during international functions such as the WTO Ministerial in October; and the non-requirement of a warrant to access the database. Access to the biometric database is restricted to specific employees but without a warrant.
Mr Martin Borgioli, Project Director at Hiperderecho in Peru, narrated the incremental use of biometrics in Peru from early uses in real estate transactions in the 1990s to national electronic identity cards. Identity is currently verified exclusively through one agency, creating a monopoly that was constantly morphing and expanding its data collection. For example, private phone companies and CCTV operators were required to share their biometric data with the agency. Another problem he noted was the lack of a public policy for biometric data.
Ms Smitha Krishna Prasad, a researcher at the Centre for Communication Governance explained the Aadhaar system in India, which is the largest biometric database in the world. While it was introduced with the rationale of curbing corruption in the provision of social welfare, it has now become practically mandatory for government and private services such as welfare, banking and education.
Some of the challenges with the system include the centralisation of data, leaks of personal information, and the expansion of the use of biometric data beyond the purposes for which the data was collected. Prasad shared examples of local and international companies requiring Aadhaar data.
Prof Kyung-Sin Park, a founder of Open Net Korea, introduced ‘the paradox of trust’, the notion whereby the more reliable an identification system is, the more likely it is to be abused, defeating the purpose for which it was created. He gave the example of the South Korean resident registration number that was primarily developed to weed out North Koreans. The number has become such a key part of Korean life that it is required for virtually all services: library, hospital, bus tickets, and so on. As more services rely on this number, the more vulnerable it becomes.
Park further explained that governments were embracing biometrics because of its reliable identifiability. However, the risk of a breach of confidentiality is very high and there is need to rethink privacy and expand it. For example, he explained that governments need to conceptualise privacy with the possibility of a breach of confidentiality, and therefore require warrants before accessing personally identifiable information in biometric databases.
Mr Olivier Alais, from ICT4Dev, explored the issue of structuring systems to respect privacy. He gave an example of a project in Myanmar where instead of subjecting rural farmers whose fingerprints could not be easily read to invasive data collection, an alternative card system was implemented. He also spoke about interoperability of systems as a means of giving limited access to different agencies to verify identity as opposed to creating multiple databases with biometric information.
The Q&A session addressed questions on data collection through public CCTV systems, human rights violations, and the linkage between democratic ideals and biometric systems. Participants also shared experiences with various country identification systems. In many countries, there was perceived normalisation of identification systems and citizens voluntarily gave biometric data without visible concern for privacy. In addition, governments were tended to disregard data protection principles such as data minimisation and security even where data protection laws existed.
By Grace Mutung'u