Ethics @ Work: Biometric big brother

Biometric data base - a solution looking for a problem.

Business ethics 88 (photo credit: )
Business ethics 88
(photo credit: )
Knesset member Meir Sheetrit, with the backing of many members of the Israeli law enforcement establishment, is trying to put his proposed "biometric identification document" law on a fast track to Knesset approval (this means speeding up the reading process). The proposed law includes some real solutions to real problems, but also elements that seem to create more problems than they solve. One problem the law is meant to solve is that of forged identity cards. Sheetrit claims that there are hundreds of thousands of people using such forged cards, sometimes for obtaining entry and employment in Israel and sometimes for obtaining fraudulent benefits. The solution provided by the law is simple and effective: to distribute electronic "smart cards", like those used in many other countries. Such cards would be much more difficult to forge in the first place, and could include a variety of techniques to make forgeries easy to detect. It would also provide the convenience of making them easy to read - the card could be swiped. A further problem that is worth solving is that of stolen or borrowed cards. Some people may want to help others masquerade as Israelis, or as innocent Israelis rather than wanted criminals or the like. I don't imagine there are hundreds of thousands of these, but there may be thousands. This is a smaller problem with a more expensive fix, but the fix still seems plausibly worth the price: include biometric information on the card. Each person obtaining an ID card could have its fingerprints scanned, and the digitized information would be added to the smart card. If there was ever any doubt if the person bearing a card was actually the person named on it, law enforcement officials could take fingerprints and see if they match the information on the chip. The third thing the law proposes is to require the Interior Ministry to save all this information in a unified data bank. In other words, the government would have a centralized data base of all citizens' names, ID numbers, and biometric information. Now the cost/benefit calculation becomes very lopsided. The "problem" this would presumably solve is if you have someone in front of you, he doesn't have an ID card, and you want to know his identity. The data base would enable you to take his fingerprints and uniquely find his identity. What problem does this solve? If someone is arrested for a crime you can already take his fingerprints, and if he has committed a crime in the past his fingerprints are already on file. How often do law enforcement officials have a legitimate interest in rapid identification of people who have no criminal record? Not hundreds of thousands of instance, not even thousands. It must be a rare occasion - perhaps demonstrators exercising their democratic right to protest government actions? So the up-side of this legislation seems quite minimal. What about the downside? The first downside is the cost. Creating, administering and particularly securing a data base cost lots of money. It's hard to see how the minimal benefit really justifies this. Another important downside is the loss of privacy. It is true that biometric information is not the worst breach of privacy; the worst breaches are those that link a person's identity with private information. An example would be the ability to find out if someone has a criminal record, what his income is, personal status etc. (The most extreme instance is Britain's proposed IMP law, which would link people's identity with their phone calls - a veritable invitation to fishing expeditions.) Just being able to identify a person from his fingerprints is less of a problem. However, consider the unique problems of such a data base. Any data base can be compromised. So a key question is, what is the downside of a breach? For example, every so often there are news reports of thousands of credit card numbers being stolen; probably actual cases are many times more common. Whenever this happens, all the cardholders have to change their numbers. But there is no fix for breaches of a biometric data base. You can't ask seven million people to change their fingerprints. The worst aspect of the new law is that it would include facial features as a biometric identifier. This would greatly multiply the potential for nefarious uses (identifying demonstrators using photographs; criminals using it to identify subjects of interest etc.) with virtually no contribution to legitimate uses - if you have the person in front of a law enforcement official you can take his fingerprints. Introducing smart ID cards with a chip is a cheap fix to an expensive problem. Including biometric information on the chip is a more expensive fix to a cheaper problem, but it still seems reasonable. Creating a centralized data base of biometric information on every Israeli citizen seems indefensible if the biometric information is "active" (like fingerprints or better yet palm prints) and unconscionable if it is of the passive kind, like facial features. If Sheetrit thinks he can make his case to the Israeli people I'm willing to let him, but by no means should such far-reaching legislation be on a fast track. Asher Meir is research director at the Business Ethics Center of Jerusalem, an independent institute in the Jerusalem College of Technology (Machon Lev).