- Cyber Policy Task Force
- Disrupting the Cybersecurity Status Quo
- Significant Cyber Events
- Cyber Threat Information Sharing
- CSIS-CICIR Dialogue
- Other Projects on Cybersecurity
- Technology and Innovation
Biometrics and Security
Anonymity provides insurgents or terrorists with protection and operational advantage. Stripping away this anonymity puts them at a disadvantage, whether in Iraq, Europe, or the United States. Biometric technologies can help to do this. Biometric technologies provide new kinds of digital identity data, new ways to collect it, and new opportunities for its use. Using biometric data to screen entrants to the U.S. (as part of US-Visit), for example, greatly reduces the risk of unknown individuals, who have been involved in terrorist activities in Iraq or Afghanistan, entering the United States undetected.
Biometrics will become increasingly more valuable as a tool for verifying identities in a new and deeply interconnected national security environment. However, it is important to note the civil liberty implications of employing biometric technologies and realize that the security must be balanced with the protection of privacy.
To help advance public discussion of the use of biometric technology, CSIS has assembled a series of documents and websites providing essential data:
Biometrics for Identification and Screening to Enhance National Security (NSPD 59 / HSPD 24)
Identity Management Task Force Report for 2008
Privacy and Biometrics: Building a Conceptual Foundation
DOD’s Biometrics Task Force
The Department of Defense DNA Registry and the U.S. Government Accounting Mission
DOD Can Establish More Guidance for Biometrics Collection and Explore Broader Data Sharing
Report of the Defense Science Task Force on Defense Biometrics
Biometrics: Facing Up to Terrorism, RAND
Directive 8521: Department of Defense Biometrics (February 2008)
U.S. Seeks Data Exchange: Newer European Union Countries Want Waiver from Visa Requirements
FBI Prepares Vast Database of Biometrics: $1 Billion Project to Include Images of Irises and Faces
Governments have been collecting biometric data for decades, beginning with paper records of basic physical attributes (such as the color of eyes or hair, height, and other characteristics). Police have been using fingerprints recovered at crime scenes for more than a century and, over time, developed collections of fingerprint records associated with suspects and criminals. At the start of the World War I, Britain and other nations began to issue passports that listed rudimentary physical identifiers, to enable governments to screen entrants and distinguish among citizens (who have certain rights) and non-citizens ( may have hostile intent).
Security and public safety were improved by these early efforts to use biometric data, and the advent of digital technologies opens new possibilities to improve identity management today. Biometrics technologies provide valuable tools for homeland security, public safety, counter-terrorism, and law enforcement. However, government use of biometric data takes place in a complex legal environment that affects both U.S. and non-U.S. persons. The issues include:
- Collection, retention, and use: what are the existing rules on the collection, retention and use of biometric data as they apply to U.S. persons and foreign nationals; and the appropriate safeguards for personally identifiable information?
- Sharing biometric data: how does the United States regulate the ability to share biometric data between U.S. agencies or between the U.S. and allied or coalition nations?
- Allied/Coalition use: how do existing privacy safeguards and other rules affect the ability of the United States to use biometric data collected by allied and coalition states? What are the necessary safeguards for the use of biometric data as they apply to law enforcement, intelligence, homeland security, or uses that blend these disciplines?
Law enforcement use of biometric data poses special problems. Biometric data collected at a crime scene can provide compelling evidence; however, the data is often anonymous – not linked to any known individual. To be useful, Biometric data must be matched with records linked to an identity. In some cases, police will already have biometric records; in other cases they have used surreptitious techniques to collect biometric data from suspects. How biometric data is collected and used and whether prisoners and suspects can be compelled to provide it are problems not adequately covered by existing rules and regulations.
Counterterrorism raises even more difficult issues. The United States collects biometric data in Iraq, Afghanistan, and other locations. The data includes fingerprints, retinal scans and other biometric indicators (such as DNA samples). Sometimes this biometric data is associated with an identity – an individual who will work at a U.S. facility, for example. Other times, the link between biometric data and identity is unknown, which is frequently the case when DOD collects forensic data from a bomb site. In current conflicts, the distinctions between foreign and domestic and between law enforcement, defense, and intelligence have been blurred. The United States will need to articulate rules for how biometric data collected by one agency from anonymous individuals, some of whom may turn out to be U.S. persons or the citizens of an allied nation, can be used and shared among different agencies and even different governments.
These are problems of governance. Governance involves the processes for making and applying rules. The governance of biometric data for identification and for security is underdeveloped, in part because it cuts across organizational and national boundaries. Indeed, there are great benefits from the use of biometric data for identification purposes. To realize these benefits, however, the collection and use of biometric data must be governed by rules and safeguards that balance national security with privacy rights and civil liberties.
On September 18, 2008, James Lewis interviewed Benjamin P. Riley III, Director of the Rapid Reaction Technology Office at the Department of Defense, and Thomas Dee, Director of Defense Biometrics at the Office of the Secretary of Defense.
In his interview with Mr. Riley, we hear about how the Department of Defense has successfully used biometric technologies to apprehend potential terrorists overseas, how the program came about, and the future of the program. ( Click here for audio file)
Mr. Dee talks more specifically about the Department of Defense’s operational capabilities using biometric technologies. ( Click here for audio file)