The camera does not flash as it scans your face. Instead, a green check appears on the screen as the turnstile opens smoothly to let you through. Boarding pass proven useless, you walk through the gate and board the plane hassle-free. “So quick [you] couldn’t believe it”, quips the U.S. Customs and Border Protection’s website. It cites the use of facial recognition as a way to make air travel a seamless experience for both travelers and officers. It also attributes its decision to adopt this technology in part to the growing popularity of biometric identification in unlocking cellphones and other everyday devices.
Biometrics refer to digital data on any biological characteristics unique to an individual. This can include fingerprints, face, voice, retina, or iris recognition technology, as well as information on a person’s hand geometry, gait, body movements, and even DNA. The accuracy of comprehensive biometric data is unparalleled by other technology, far surpassing traditional methods of identification such as photo IDs. Recent advances have spurred massive growth of biometrics in public, private, and commercial sectors, with global market size expected to reach USD 59.31 billion by 2025. Biometrics have become most widely used to prove identity in citizenship, personal technology, and surveillance, and have proven to be the most infallible way to counter security threats both in the physical world and online.
At the same time, the development of biometrics has raised legal and ethical questions surrounding data privacy in a globalized world. Article 12 of the UN Declaration on Human Rights lists the right to privacy as fundamental, stating that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence”. This sentiment is echoed in Article 17 of the International Covenant on Civil and Political Rights, and specifically in General Comment 16, which states that personal information held on “computers, data banks, and other devices, whether by public authorities or private individuals, must be regulated by law”. The European Union has espoused the most stringent regulations on privacy to date with the passing of the General Data Protection Regulation (GDPR) in 2016, which has since taken effect in all EU member states. Citing concerns about infringing on the “rights and freedoms of citizens”, GDPR has prohibited the use of biometrics for identification purposes, except in the case of extenuating circumstances and with an individual’s explicit consent.
No such regulations exist in the United States, with only three states adopting legislation ensuring privacy over biometric data. Illinois, Texas, and Washington have passed various versions of biometric privacy laws, noting pervasive data sharing by tech giants and the critical nature of biometric information. Large-scale legislation has yet to gain support in the U.S., as biometrics have proliferated technology markets and become a familiar part of security authentication in apps, banks, workplaces, and airports.
Even with the success of biometrics in the private sector, some of its most impactful applications are in intelligence and national security. Capital investments in biometrics skyrocketed after 9/11, as security launched to the forefront of American consciousness. The Patriot Act, passed in October 2001, gave the government a green light on surveillance of suspected terrorist activity and tightened border security measures. As the War on Terror dominated American foreign policy, biometrics began to expand the reach of American intelligence both at home and abroad. Today, the U.S. government spends over $700 million a year on biometric research, and any person who crosses an American border must provide biometric information to U.S. Citizenship and Immigration Services upon entry. This allows officers to conduct criminal background checks, as well as monitor immigration status depending on a person’s country of origin.
As a result, growing concern exists as to the implications of this for international norm and even policy. If biometrics are so widely used on a national level, what does a world filled with biometric information look like? Due to the reach of the digital economy today, individuals have little control over where their data goes should it be compromised. Cybersecurity presents a significant threat worldwide, and surveillance states such as China systematically deploy biometric technology to suppress minority populations. Chen Quanguo, Communist Party Secretary and the architect behind Muslim internment camps in China, rose to power through his implementation of a “grid management” surveillance system that uses facial recognition to police the movement of Uighur Muslims. Security checkpoints on roads and train stations, cellphone confiscation, and the withdrawal of passports prevent Uighurs from leaving these centers or traveling abroad. China claims that the purpose of detainment is to counter terrorism and religious radicalization, but the mass imprisonment of its Muslim minority has received international condemnation for human rights violations. Even though biometric technology has the potential to strengthen national security, it can also legitimize ethnic discrimination and racial profiling in many cases.
The use of biometrics in these contexts has redefined the role of biology in questions of political legitimacy. Rather than focusing on an individual’s record, biometrics place identity at the forefront of questions of national security. When a traveler, immigrant, or refugee is asked “who are you?” before they are asked “what have you done?”, their biological self begins to determine their geopolitical status. This creates an environment ripe for biases, explicit or implicit, to creep in and drive policy. For example, the U.S. has long treated people of Middle Eastern descent with suspicion because of risks associated with terrorism. However, the entrance of biometrics into the public sphere allows this discrimination to be systematized and legitimized under the law. President Trump’s Muslim travel ban itself cut the admission of Muslim refugees to the U.S. by 91 percent, and visa approvals for immigrants from majority Muslim countries have fallen 30 percent since 2016. 155,000 fewer tourists, students, and guest workers from the Muslim world entered the U.S. in 2017 than in 2016. The combination of Islamophobic policy with advances in biometrics have made the U.S. an unwelcome and even dangerous destination for applicants from many Muslim countries. The way that biometrics combine biological identity with political status creates a system that, by definition, makes some people more secure at the expense of others.
The concept of embodying citizenship has changed the face of international migration and surveillance. Instead of having to be a member of a biological tribe to belong, one now has to be a part of a state’s biometric tribe that determines acceptance based on the geopolitical status of identity alone. And because technology invariably develops faster than the law, the world is woefully unprepared to address the legal and ethical questions raised by these developments. The European Union’s GDPR is the most extensive data regulation law in the world, but even it has limits in its scope to manage the use of biometrics internationally. Most biometric research is conducted in the United States, and until national legislation is enacted to address it, this technology will continue to drive intelligence and border security initiatives, as well as flourish in the private sector. The lack of international legal precedent concerning biometric data also poses a serious obstacle to justice. Until these questions are addressed in an international court, biometric data proliferation in the public and private sector will continue to press against the fine line of the human right to privacy.