Security – Interview

Interview with Marc Rotenberg

When did biometric identification first become a significant issue?

Rotenberg: It captured the public's attention when the FBI created a fingerprint database in the early 1970s. If your fingerprints were taken in the U.S. through most of the 20th century, it was because you were a crime suspect. That changed toward the end of the 20th century when fingerprints were more routinely used for licensing and background investigations.

And that raised a few eyebrows among civil libertarians?

Rotenberg: Yes. That's when we first started to realize that one of the privacy issues relating to biometric technologies is that they tend to chase applications. The easier it becomes to identify people, the more likely identification will occur. Today, we are looking beyond fingerprints at a range of biometric technologies, such as facial topology, iris scanning, retina scanning and voice imaging. Even how a person walks can become a form of identification.

Comfort and security are usually behind the introduction of biometric systems. What's wrong with that?

Rotenberg: These technologies are raising a new set of privacy issues because they allow information to be captured and used without the consent of the subject. Biometric techniques also enable profile and computer matching, which has always been subject to privacy regulation.

Are any of these new technologies already in use?

Rotenberg: Yes. A person can use a voice password with a desktop computer or a cell phone, and some personal computers have cards for capturing fingerprints, so instead of typing in a password you put your thumb down on a reader to establish identity. Face recognition has not been particularly effective because of an inability to obtain images with a great deal of control and clarity. Iris recognition is used today at military installations and some airports. Driver's licenses have become the focus of debate over new systems of biometric identification, and since September 11th, 2001, the United States has been pushing aggressively to incorporate biometric identifiers into passports and visas.

What is your position on this subject? Isn't it in everyone's best interest to have biometric information in driver's licenses and passports?

Rotenberg: Not necessarily. If a biometric identifier is corrupted, you have a real problem. A credit card number can be reissued, but what are we going to do when a person's fingerprint produces a data stream that has been used by others improperly? And there is also the risk that as narrow-purpose identity documents such as driver's licenses and passports are used for more applications, identity theft will increase. Privacy has largely been protected to date by the distributed and decentralized nature of identification systems.

In your opinion, is there a risk that biometric systems could make many of our activities transparent?

Rotenberg: Yes. Although in the context of an established relationship, such as with your health club or your video rental store, there may be a legitimate need for identification, the resulting information should be limited to that relationship. But the risk is that as profiling and identification systems become more prevalent, we will lose control over that information. We must consider the impact this could have on our freedom to move about, to communicate, to seek information, and to meet with others in privacy.

Does the potential for misuse of biometric information worry you?

Rotenberg: I've tried to avoid using the words "worried" or "concerned." We need to find appropriate solutions that enable the use of new technologies while safeguarding privacy. That's not so much about being worried or concerned. It's about design and policy decisions that affect how new techniques are deployed.

Aren't there plenty of scenarios in which consumers will demand biometric systems because of their convenience?

Rotenberg: I'm skeptical. Consumers may provide a fingerprint if required to do so, but all the research indicates that they resist disclosing their actual identity as much as possible. And this is understandable. We value our ability to be anonymous in groups while revealing ourselves only to our friends and our families.

What can governments do to ensure that consumers benefit from the convenience of biometrics while safeguarding their privacy?

Rotenberg: Governments can impose obligations on companies that collect and use personal information. The goal is not to prevent the collection of personal information, or limit the use of new technologies, but to ensure that the information is not misused, that it's not disclosed to others improperly, and that people have the right to access it and correct it if necessary. I believe that the establishment of these rights should be a precondition for the adoption of any biometric identification system.

How can technology help to protect our privacy?

Rotenberg: Consider how authentication works in movie theaters. You buy tickets and then you show the tickets to an usher to gain access to a particular film, but your identity is not linked to that transaction. That's the type of authentication without identification that we need to build into new systems precisely because it enables commerce and communications while safeguarding the collection and use of personal data. Biometric information could, for example, generate a string of digits that provides an organization with sufficient information to know that a person is properly affiliated with the organization, without knowing who the person actually is. In cryptography we describe this as a one-way function.

It sounds as though you're saying we can enjoy the convenience and security of biometric systems without sacrificing privacy. Is that right?

Rotenberg: Yes. But it requires understand-ing the difference between disclosing credentials and disclosing identity. The movie tickets are credentials that grant access to the theater. But no disclosure of actual identity occurs. That is the approach we should pursue.

What is the appropriate balance between the need for security and the protection of civil liberties?

Rotenberg: It's often said that there is a balance, but it is not at all obvious that that is the case. The thought that simply by sacrificing privacy you gain security may be fundamentally mistaken. I recently testified before the Washington, D.C. City Council on a proposal to install a video surveillance system in the nation's capital as a means to combat terrorism. I said I didn't see what the benefit was. Evem if cameras had been up all around Washington on September 11th, 2001 we would have had the same outcome.

When it comes to visual surveillance, cameras are becoming smarter and smaller. Where is this taking us as a society?

Rotenberg: This is an area where the law is clearly behind technology and some regulation would be appropriate. Consider the evolution of the telephone network. I don't think many would argue today that simply because it may be easier to intercept communications in a modern communications network, we should intercept communications more often. In fact, new laws were developed to limit interception and new techniques, such as encryption, were deployed to address the threat of interception. We need a similar approach to visual surveillance. Technological capability should not dictate public policy.

David Brin, author of "The Transparent Society, has suggested that since there is no way to ban surveillance cameras, the best thing for everyone is to allow their output to become publicly accessible.

Rotenberg: David is wrong in many respects. Of course, we can limit the use of surveillance cameras if we wish. Look at the fact that Washington has not gone the way of London. This is because many people in the United States do not want to create a similar system of public surveillance. And even the means of oversight are not as David described. Is surveillance less intrusive because more people are able to observe? That doesn't make sense. What we need is effective oversight of how the cameras are used by the police.

What do you see as the single greatest threat to privacy in coming years?

Rotenberg: The willingness of the public to accept a loss of privacy. Ultimately, the protection of privacy, like other social and political values, depends very much on popular will. If many people become accustomed to the idea that they don't need privacy, then the future of privacy could be at risk.

Could terrorism make people too willing to compromise their civil liberties?

Rotenberg: It's possible, but I remain optimistic. A national ID card has been debated, but the proposal has been beaten back. Also, in polls, people have expressed concern that many of the government's activities have reached too far in the area of privacy and civil liberties. People understand that privacy is a very important part of modern society, and there is a sense that if you lose it, you never get it back.

Do you see this attitude internationally?

Rotenberg: Yes. We spend a great deal of time working with experts in law and technology and public policy all around the world, and one thing I've learned in this field in the last 20 years is that there is a high level of agreement about the need to protect privacy.

Interview by Victor Chase