JANUARY 10, 2012 | BY KATITZA RODRIGUEZ
A joint campaign with Fundacion Via Libre. The Spanish version of this article is available here.
Two years ago, the UK dismantled their national ID scheme and shredded their National Identity Registry in response to great public outcry over the privacy-invasive program. Unfortunately privacy protections have been less rosy elsewhere. In Argentina, the national ID fight was lost some time ago. A law enacted during the military dictatorship forced all individuals to obtain a government-mandated ID. Now, they are in the process of enhancing its mandatory National Registry of Persons (RENAPER) with biometric data such as fingerprints and digitized faces. The government plans to repurpose this database in order to facilitate “easy access” to law enforcement by merging this data into a new, security-focused integrated system. This raises the specter of mass surveillance, as Argentinean law enforcement will have access to mass repositories of citizen information and be able to leverage existing facial recognition and fingerprint matching technologies in order to identify any citizen anywhere.
In the waning days of 2011, Argentinean President Cristina Fernández de Kirchner issued anexecutive decree ordering the creation of the Federal System of Biometric Identification (SIBIOS), a new centralized, nation-wide biometric ID service that will allow law enforcement to“cross-reference” information with biometric and other data initially collected for the purpose of operating a general national ID registry. Historically, police fingerprint databases were limited to those suspected or convicted of criminal offences. Recently, however, the Argentinean Federal Police (Policía Federal Argentina – PFA) was given a large database holding digital fingerprints collected from random Argentineans as part of the national ID and passport application process. Since March 2011, this database has been fed by data collected through the RENAPER national ID application process. The PFA has managed to amass a database of about 8 million fingerprints, yet this process appears to have been too slow for the Argentinean government. Further to the new decree, the SIBIOS initiative will give PFA access to RENAPER’s database (and vice versa), doubling PFA’s reach to approximately 14 milliondigitized fingerprints. Starting with the first New Year’s baby of 2012, Argentina has evenbegun registering newborn biometric information with the SIBIOS. Argentina projects that, as national IDs and passports expire and are renewed (and new babies are born), the SIBIOS database will grow to over 40 million within the next two years.
But the SIBIOS initiative will do far more than expand the number of digitized fingerprints the FPA will have ready access to. According to President Fernández de Kirchner, the SIBIOS will befully “integrated” with existing ID card databases, which, aside from biometric identifiers, include an individuals’ digital image, civil status, blood type, and key background information collected since her birth and across the various life stages. Further, it is not just the FPA that will have access to this new information sharing system. SIBIOS is designated for use by other federal security forces, including the National Directorate of Immigration, the Airport Security Police, and the National Gendarmerie, and is even available to Provincial enforcement entities, upon agreement with the National State. However, there has been no public discussion about the conditions under which public officials will have access to the data. Supporters of the SIBIOS program tout that it would give law enforcement easy, real-time access to individuals’ data, but whether any of the safeguards typically used to put checks on state surveillance will limit access remains an open question.
Perhaps the most troubling part of this new SIBIOS initiative is the technologies Argentinean law enforcement intends to leverage in order to exploit these databases. The FPA, for example, will be able to use its new facial recognition capacities to search the immense RENAPER digital image repository in order to identify people in photos, and maybe even on surveillance cameras! Argentinean police are also equipping themselves with mobilefingerprinting devices that will allow them to check the fingerprints of any passing Argentinean against the database itself.
The Dangers of Surveillance Society
National IDs and similar methods of data centralization increase state capacity for intrusive surveillance. Coupled with the simultaneous collection of biometric identifiers, such as digitized faces, it creates an additional layer of tracking that is even more pervasive and dangerous. As is the case in Argentina, biometrics are inherently individuating and interfaces easily with database technology, making widespread privacy violations easier and more harmful.
To our alarm, President Fernández de Kirchner has gone so far as to embrace the potential to link unidentified faces obtained through surveillance cameras with identified images through the SIBIOS system. Due to the technology’s relative affordability, street cameras and video-surveillance are now everywhere. Therefore this functionality is especially dangerous with the potential to lead to mass political surveillance. (This visualization shows how there are over 1,000 cameras installed in the Argentinian capital of Buenos Aires alone.)
Given the prevalence of street cameras and how easy it has become to identify one unnamed face amidst thousands, individuals who care about their privacy and anonymity will have a very difficult time protecting their identity from biometrics databases in the imminent future. There are extreme unforeseen risks in a world where an individual’s photo, taken from a street camera or a social network, can be linked to their national ID card. Additionally, matching technologies will only improve with time. (Check here and here to learn more about facial recognition). EFF has long argued that perfect tracking is inimical to a free and democratic society. Citizens have a reasonable expectation of privacy and anonymity, particularly with regard to profiling. A combination of government-run biometric ID systems and facial recognition violates core elements of freedom by making it easy to locate and track people, and dangerously centralizing this data makes it ripe for state exploitation.
As Beatriz Busaniche of Fundacion Via Libre notes, this type of mass surveillance can have serious repercussions for those who are willing to voice political dissent:
“In the name of public security, Argentina has pushed for mass surveillance policies, including the heightened monitoring of public spaces. Privacy is particularly crucial for our country since throughout our long history of social and political movements, calls for action have often taken to the streets. It is of higher importance for activists to remain anonymous in their demonstrations, especially when they are at odds with the government itself. In this way, SIBIOS not only challenges their privacy and data protection rights, but also poses serious threats to their civil and political rights.”
Mora Arqueta, Director of RENAPER, noted in an interview that the current purpose of the national ID scheme is to retain the “maximum amount of personal data, and treat the citizen as an individual who interacts with the State in many places.” Her comments admit to a direct perversion of the existing national identification system, from one that has simply assigned an ID number to an individual, to one that outright violates personal data minimization principles through massive and unnecessary collection of sensitive personal information.
The problem with allowing the government to retain so much sensitive data is that it gives it too much unchecked concentrated power. One wonders, for example, whether those who enacted the decree considered what would have occurred if Argentina's military dictatorship had access to such an expansive database. The public debate in Argentina should therefore be about power and the possible limits of actors in society to know. A healthy amount of distrust is necessary to sustain an open, democratic society.
Fernández de Kirchner’s arguments that SIBIOS provides “a major qualitative leap in security, in the fight against crime” are troubling and represent a further deviation from the purpose for which the RENAPER databases were first created. This argument is misleading, and fails to analyze SIBIOS’ risks and limitations as well as its impact on civil liberties and data protection.Time and again, we have heard the dubious rhetorical argument that biometrics are needed to fight against crime and increase security. In fact, these massive biometrics databases are a honeypot of sensitive data that remains extremely vulnerable for exploitation by criminals and identity thieves themselves.
The rights to privacy and data protection are enshrined in international law and theArgentinean Constitution. Given the long list of privacy concerns surrounding biometrics, and the plausibility of future security breaches, it is irrationally excessive to collect biometric data in a nation-wide ID scheme. The Argentinean government needs to limit the unnecessary collection, processing, retention, and sharing of this very sensitive data. EFF and Fundacion Via Libre in Argentina will work together to fight against these intrusive measures.
_______________________________________________
