1
Youâve been Measured, Youâve been Weighed and Youâve been Found Suspicious
Biometrics and Data Protection in Criminal Justice Processing
ERIK ZOUAVE AND JESSICA SCHROERS
Abstract
Biometrics, the measurement of life or living beings, has been applied within criminal intelligence and investigations for over a century. Since early law enforcement biometrics, the techniques and sources for biometric processing have increased dramatically. More than ever, personal data is collected from public fora, in particular the Internet, to infer suspectsâ physical, physiological and behavioural characteristics. This raises concerns of burgeoning databases with increasingly complex, heterogeneous biometric data impacting the rights of individuals. In this chapter, we assess the current state of the art of legal recommendations on how to demonstrate compliance with the regulation of biometric data under European data protection law. Our assessment focuses especially on the automation of second generation biometrics and technical by design measures to minimise data protection risks in police biometrics based on online identifiers. We find that most of the scholarship and interpretation has focused on providing general recommendations in the civilian context, and that these recommendations frequently reflect situations of one-to-one verification rather than one-to-many identification. Only some recommendations are suitable in the way ahead under Directive (EU) 2016/680. We therefore argue that the adoption of the Directive necessitates a reinvigorated focus on technical by design compliance.
Keywords
Biometrics, biometric data, data protection, law enforcement, Directive (EU) 2016/680
1.Introduction
Biometrics, the measurement of life or living beings has been applied within criminal intelligence and investigations for over a century for uses such as the unique identification of suspects of crimes or threats to public security. Dactyloscopy, or fingerprinting, used by the Bengali Inspector General already in the late 1800s1 and the U.S. Federal Bureau of Investigation since 1924,2 quickly became widespread biometric investigative methods together with DNA sampling.3 Biometrics is a powerful and fact-based4 means to authenticate identities and match them to events, locations, groups and concepts of interests.
However, since early police biometrics, the techniques and sources for biometric processing have increased dramatically. While first-generation biometrics were generally âstrongâ biometrics such as fingerprint, or iris, second-generation biometrics include technologies that measure âmotor skills,â electromagnetic body signals and human-computer interaction patterns (eg walking patterns, dynamic facial features, voice recognition, online behaviour recognition etc.) and require less user cooperation.5 Increasingly, embedded systems, ambient intelligence and distant sensors aggregate the volumes of available data.6 More than ever, personal data is collected from public fora, particularly in the form of online identifiers from the Internet, to infer suspectsâ physical, physiological and behavioural characteristics. Consider, for example, ubiquitous social media where image, audio and video data are shared and where biometrics are even incorporated into services such as âtaggingâ or âsuggestingâ people in photos.
This diversification and increase of biometric data poses discrete risks to the privacy and protection of personal data that must be balanced against security interests. Firstly, this trend raises concerns that the collection, generation and storage of biometric data will become increasingly associated to disproportionate Big Data practices.7 Secondly, the heterogeneity of data sources, formats and data quality may further impact the accuracy of biometric data underpinning criminal evidence, seriously affecting the rights of data subjects.8 Thirdly, the diversification and increasing use of biometrics also increases the sensitivity of the data and the risk and likelihoods of adverse impacts for affected individuals when the security and confidentiality of the processing proves insufficient. Finally, the scale and complexity of this processing necessarily leads to increased reliance on semi-automated and automated techniques, making the overall process more âopaqueâ and less foreseeable.9
In view of such concerns, the European Union data protection reforms have updated the laws applying to civilian research and development of police biometrics on the one hand â through Regulation (EU) 2016/679 â and to police and criminal justice authorities as end-users of such systems on the other hand â through Directive (EU) 2016/680. However, we argue that guidance on technical implementation has been and remains focused on civilian identity management to the detriment of data subjects processed by police biometric systems for the identification of suspects of crime.
In this chapter, we assess the state of the art of legal recommendations on how to demonstrate compliance with the regulation of biometric data under European data protection law, especially with respect to technical by design measures to minimise data protection risks in police biometrics based on online identifiers. We find that only some of the widely accepted recommendations are suitable in the way ahead under Directive (EU) 2016/680 when combined with novel implementation methods. Given the significant values and rights at stake, we argue for reinvigorated research into technical by design compliance measures for police biometrics.
Demonstrating compliance is a principle of data protection. It entails both organisational measures, such as the adoption of data protection policies and carrying out data protection impact assessments, as well as technical measures implemented in processing systems to comply with all data protection principles by design through the entirety of operations. We focus on the technical aspects of compliance as these are more contextual, frequently elude generalisation, yet are essential for data protection law in practice. Indeed, the European Data Protection Supervisor emphasises the need for specific by design safeguards or technical measures to resolve, for example, proportionality and accuracy problems in biometric data.10 We derive our insights from Directive 2016/680, its commonalities with the Regulation, and soft law guidance from the Article 29 Working Party and the (European) Data Protection Supervisor. Following Jasserandâs terminology clarification, we understand biometrics as the automatic recognition of individuals, while biometric data is considered as âa type of personal data relating to biometric characteristics and linked to the identification or identifiability of an individual.â11 The term âbiometric systemsâ is used synonymously with biometrics.
This chapter also draws on contextual learning from law enforcement to supplement established recommendations with novel means of mitigating complexity and heterogeneity. We draw on the conceptual research of Coudert et al regarding digital evidence in legal proceedings and the practical biometric case studies in the Horisons 2020 DANTE project, its system, and law enforcement practitioners. The DANTE project aims to deliver effective biometrics, notably physical facial, silhouette, and voice metrics as well as behavioural analysis of stylometrics, logos, objects and concepts, from online sources and identifiers, while applying legal best practices to avoid unwanted societal impacts.12 However, in doing so, we observe and propose solutions to common problems in the automation of policing and biometrics.
2.A History of Police Biometrics
As mentioned previously, biometrics have featured as an investigatory tool since the nineteenth century. Cole observes that biometric procedures allowed police to âlink bodies ⊠across time and spaceâ and âto track the bodyâ of a criminal rather than just signs of criminality.13 Early police biometrics were particularly useful for establishing recidivism within precincts.14 Two types of early police biometrics became particularly prevalent; dactyloscopy, or fingerprinting, and anthropometry, or the measurement of body proportions.15
The fact that criminal justice biometrics can be physical, physiological as well as behavioural, and that their perceived reliability will vary according to context, is recorded in early European case law. As accounted by Cole, sixteenth-century French courts relied on the peculiarities of a cobblerâs measurement of feet, testimonial accounts of dialect and outward appearance, such as hair color and scars, in determining whether Martin Guerre was, in fact, Martin Guerre or an impostor.16 The French court relied less on the quantitative measurements of the cobbler and more on the (fleeting) qualitative memories of witnesses.
Nineteenth-century investigative biometrics sought to standardise the description of qualitative physical features such as whether fingerprints have arches or whirls and whether lips are pouty, by which reproducible methods the data should be collected, and in which order and format it should be presented. In other words, the idea of biometric templates were introduced to policing.17 However, these early biometrics were limited by the constraints of manual labor and, frequently, the need to physically take measurements from suspects.
Contemporary (and future) police biometrics are significantly impacted by modern technology, allowing for the pluralisation and automation of data collection and analysis.18 Urban spaces are surveilled with CCTV and thermal cameras19 and online spaces allow for massive sharing of data in text, audio, image and video formats. It is in this online context that the DANTE project, our primary source of contextual learning, appears. DANTE delivers automated data mining and analytics solutions to detect, retrieve, collect and analyze heterogeneous and complex multimedia and multi-language terrorist-related contents, from both the Surface and the Deep Web. It detects and monitors terrorist-related fundraising, propaganda, training and disinformation. It seeks to link online pseudonyms, identify publishers of terrorist content and suspects that are identifiable through textual, image, audio and video data.
3.The Legal Framework for Police Biometrics
The EU data protection reforms have attempted to resolve several problems with biometric data processing. Firstly, the Regulation and Directive encompass a common, binding definition to biometric data, clarifying its scope.20 In this respect, biometric data encompasses personal data, i.e. data relating to an individual, subjected to specific technical processing to uniquely identify that individual. However, identification is not necessarily prec...