Privacy, Biometrics and the War on Terror
Anglo-Americans are the exception when it comes to national ID cards. Almost every other major country that has suffered from terrorism in the past quarter-century has instituted some form of compulsory national identification. Germany, Spain, Israel, Turkey, Russia, China, Saudi Arabia, Egypt and Pakistan have all done so. The United States and the United Kingdom on the other hand share in their deficiency with countries such as Iraq, Afghanistan, Yemen and Sri Lanka.
As argued below, there is good reason that the Anglo-American public is resistant to national identification cards. Yet the British and American governments seem increasingly willing to neglect privacy in pursuit of personal data.
As unveiled last month, the United Kingdom will start issuing national ID cards beginning in November. Initially, the card will be necessary only for foreign nationals, but will later be offered to the wider population pending legislation making it a legal requirement for all British citizens. Although the government emphasizes the voluntary aspect of the scheme and talks of a “consumer-led” shift to ID cards - citing the alleged benefits of reduced identity theft and increased security - the whole venture will be rendered useless unless compulsion is enforced. Indeed what would be the benefit in terms of national security if a significant number of the population could opt out of having an ID card? And if one can prove who they are to get an ID card in the first place, then why do they need one? Some groups such as No2ID see this initial phase as the thin end of a wedge, “a softening up exercise” for the introduction of identity cards for everyone. The government, aware of the meager public sentiment for foreign immigrants, is exploiting the weakness of this disenfranchised group, using them as guinea pigs for the wider roll-out expected in 2011.
The U.S. equivalent to Britain’s legislation is the Real ID Act of 2005, which Republican Ron Paul has warned "establishes a national ID card" and "gives authority to the Secretary of Homeland Security to unilaterally add requirements as he sees fit." Currently the American scheme is a little less defined, yet public opinion in both countries towards these bills is skeptical. In Europe however, where ID cards are already widely used, they tend to be looked upon more favorably. They double as passports between EU countries; they save time and energy by combining multiple documents on one small card, and they ensure that critical information is available to doctors in the event of an emergency should a patient’s medical record be unavailable. Why then are the Anglo-Americans so averse to these proposals?
The fundamental flaw with ID cards, aside from the financial cost (an estimated $30 billion in the U.K. over the next ten years, and $17 billion in the U.S), is that it will not prevent terrorism, nor even significantly reduce it. Even the former British Home Secretary admitted this much. ID cards, mandatory in Spain, did not prevent the murder of 191 innocent people in the Madrid bombings. Some of the attackers even possessed valid IDs. True, it made it easier for the guardias civiles to find and track down the culprits after the attack, but those terrorists who seek to destroy our way of life care neither about being killed nor captured. No matter how advanced the biometric technology, nor how stringent the implementation of the cards, the efficacy of such a scheme will be undermined unless neighboring countries possess an equally efficient system. Otherwise potential terrorists could enter a "soft" state and obtain a valid ID there before travelling on to their target country. And that is not to mention home-grown terrorists such as those responsible for the London bombings. How do ID cards guard against disillusioned Muslims accessing an Islamist website exhorting them to blow up fellow citizens?
Civil liberty groups understandably decry the introduction of ID cards as an attack on personal privacy. Under the U.K. scheme, information will be recorded on a central National Identity Register (NIR), where data such as gender, fingerprints, iris scans and 47 other identificatory categories can be legally recorded. What is to stop one of the individuals operating this database from being blackmailed into forging an ID for use by a criminal gang or terrorist cell? Britain is already one the most heavily surveilled nations on earth. For a country that constitutes one percent of the global population, the U.K. is home to twenty percent of the world’s CCTV cameras.
A more effective tool for preventing terrorist atttacks, but no less controversial, is a method known as "data mining", whereby suspicious electronic patterns of behaviour are tracked and recorded. In the U.S., computer-driven searches look through an individual's web history, credit card transactions and personal background, allowing authorities to flag suspect behaviour. The Economist offers the example of a Muslim chemistry graduate who takes an ill-paid job at a farm-supplies store. What does this signify? Is he merely earning some cash, or using the job as cover to get his hands on a supply of potassium nitrate (used in fertiliser, and explosives)? What if his credit-card records show purchases of timing devices? Data mining allows analysts this information, but it is left to their judgement to decide whether or not it constitutes the beginnings of a criminal plot, or just some innocent individual's "eccentric but legal behaviour." If data mining can detect suspect patterns, then ID cards have nothing to offer in their own right. Data mining monitors suspicious behaviour: ID cards monitor us all.
There are also failings with the technology. The new Radio Frequency Identifiers (RFID) technology found in some passports has already been hacked by illegal scanners at 30 paces. It is not inconceivable that these scanners could be acquired by terrorist groups or criminal gangs. Furthermore, public confidence in the British government’s ability to store their private information securely was shattered last year when a civil servant working for H.M. Customs lost two CDs containing sensitive data pertaining to 25 million citizens. Additionally, when the facial recognition software was demonstrated to Baroness Anelay of St Johns, it failed twice. Why? The baroness was told her face was ''too bland.''
Terrorism will never be defeated in the traditional sense, only curtailed. The war on terror is not a temporary campaign, and any measures we introduce to fight it now will remain equally enduring. Governments may convince us of the need for increasing intrusion into our daily lives as part of the fight against terror, but when we give up our right to privacy, we are not only giving up our rights, but the rights of future generations. Citizens of the future might look back at the faith we put in today's governments, and wonder how we could have been so naive.
Neil Leslie is an assistant editor at the Atlantic Council. His views are his own.