Biometrics expand the capacity of governments to deliver security and efficient services, which makes them an increasingly popular part of foreign assistance packages. For governments that want to combat fraud, manage their borders and identify dangerous criminals, biometrics offer an accurate and cost-effective solution.
However, as with any identity management system, there is an inherent possibility that biometrics will be misused. The tools that identify “ghost workers” on a government payroll can also be used to identify political opponents as they attempt to cross a border. The mobile devices which efficiently demonstrate eligibility for refugee benefits can also be used to deny those refugees access to official documentation. For every beneficial use of biometrics, there is the possibility of a more nefarious use lingering in the background.
This presents a quandary for biometrics as part of foreign assistance packages. While the benefits of biometric technology are clear for promoting good governance, that same technology has the potential to become the means of political control.
Biometric technology is merely a tool – the means to a policy end. Biometrics are not any more prone to misuse than any other identity management system, they simply perform the task faster and more accurately. So as with any identity management system, biometrics require a strong policy framework to promote accountability and deter misuse.
There are several key considerations which governments should take into account when forming an identity management policy that includes biometrics:
All personally identifiable information is sensitive. Yet the personal, intimate nature of biometrics only heightens that sensitivity. There is something about measuring a physical characteristic which makes it appear more intrusive than asking for a date of birth or a national ID number. Although modern identities are pieced together from many data points, those which are closest to our physical being require the most cultural adjustment.
Strong privacy policies are needed to build public trust around the use of biometrics. Without an enforceable and transparent system which protects privacy rights, the public often remains wary about the use of biometrics – however convenient and cost-effective they may be. Privacy policies are a concrete, demonstrable method of creating a check against misuse.
Privacy means different things to different people. No one system represents the “right” way. Rather, privacy systems reflect societal priorities. In some cultures, privacy protections are demonstrated in restrictions on biometric collection, while the use of legally collected biometrics are relatively loose. In other cultures, collection of biometrics is generally allowed, but the use of those identities are tightly controlled.
There are two sides to public trust. While privacy policies can protect citizens against misuse within the boundaries of the law, data security policies protect citizens against criminals and hackers.
Identities will always have value for criminals, and the more useful and broad-ranging that identity information is, the more value it will have. As in the privacy sphere, the intimacy of biometrics demands the highest level of cybersecurity protection. Strong policies around the use of technology for data security can prevent misuse of biometric information by outside actors, as well as deter insiders who may want to use biometric information for an extralegal purpose. By controlling access to biometric information, governments can limit the potential for misuse at a systematic level.
Use of biometric data across different parts of a government is a double-edged sword. On the one hand, common standards for biometrics make it easy to translate the value for identification across agency boundaries. A single biometric standard could allow for biometric-enabled voting and biometric-enabled distribution of social benefits, for example.
Yet at the same time, interoperability also heightens the potential for misuse. If the same biometric format is used for voting and distribution of benefits, the two could be correlated to deny those who voted in a certain region the benefits they need.
Ultimately, it’s a balancing act between usability and security. This is another area where policy can play a strong role in minimizing the potential for misuse of biometric identity systems. In some cases, the need for a single, easily accessible identification method will overtake security concerns. In others, the desire to purposely separate different functions of government (for security, privacy protection or data security reasons) may cause a move towards less interoperability.
The Donor’s Dilemma
By its nature, technology is policy-neutral. By themselves, biometric solutions carry no moral or political weight. It is the policy frameworks which determine the applications which biometrics fit into. Those policy frameworks will ultimately define what “proper use” and “misuse” mean in specific cultural and political environments.
Donor governments are faced with a choice whenever they seek to build the capacity of a partner through technology. If the technology is built inside a well thought-out policy structure, it increases the chances that it will be used as intended. If the technology is provided without a policy context, the risk is that it will be either misused or not used at all.
More often than not, the best donor governments can do is build a robust policy infrastructure around an identity management system. Training, creating political consensus around the proper and improper use of identity, and even built-in technological constraints (such as the use of different biometric formats) are all part of the menu of options.
At a certain point, recipients of biometric systems are going to adapt and use identity systems for their own ends. Yet by placing those systems in context, donor governments can minimize the risk of eventual misuse.
Ben Ball is the Government Market Director at Crossmatch, where he oversees market intelligence and strategic outreach to government customers around the world. A ten year veteran of the Federal government, Ben was a Foreign Service Officer and worked in the Department of Homeland Security.