E-Passport a Privacy Concern

It was recently reported that Passport Canada has issued 25,000 biometric passports, and plans to issue them to all Canadians by 2011. The government is introducing e-passports to enhance security, fight fraud, reduce identity theft and meet international counter-terrorism measures already in use in travel documents in over 60 countries, including the United States, the European Union, Australia and Israel. The e-passport will now be valid for a period of 10 years (thank you!—that’s an improvement at least).

A biometric passport has a data chip inside it that can be read electronically. The chip contains information about the holder’s face—such as the distances between eyes, nose, mouth and ears—which authorities can use to identify the passport holder. These details are taken from the holder’s passport photograph. The chip also holds the information that is printed on the personal details page of the passport. Biometric details are unique to each citizen, like a fingerprint, the iris of the eye and facial features.

The US Electronic Privacy Information Centre (EPIC) describes the privacy issues and risks associated with facial recognition technology (FR) in the following manner:

Devices using biometric identifiers attempt to automate this (FR) process by comparing the information scanned in real time against an ‘authentic’ sample stored digitally in a database. The technology has had several teething problems, but now appears poised to become a common feature in the technological landscape. … There are significant privacy and civil liberties concerns regarding the use of such devices that must be addressed before any widespread deployment.” (Emphasis added.)

EPIC has identified six major areas of concern:

Concern

Privacy Issue

Storage

How is the data stored, centrally or dispersed? How should scanned data be retained?

Vulnerability

How vulnerable is the data to theft or abuse?

Confidence

How much of an error factor in the technology’s authentication process is acceptable? What are the implications of false positives and false negatives created by a machine?

Authenticity

What constitutes authentic information? Can that information be tampered with?

Linking

Will the data gained from scanning be linked with other information about spending habits, etc.? What limits should be placed on the private use (as contrasted to government use) of such technology?

Ubiquity

What are the implications of having an electronic trail of our every movement if cameras and other devices become commonplace, used on every street corner and every means of transportation?

Passport Canada has indicated that it has taken measures to avoid or mitigate the above privacy risks. Several summary reports dealing with these issues and action taken are available on the Passport Canada website.

Data on the chip is protected in various ways, including: a “digital signature”, which shows that the data is genuine and which country has issued the passport; access control, where a “chip protocol” prevents the data being read without the passport holder’s knowledge; and a digital technique that confirms the data on the chip was written by an authorized regional passport department and has not been changed. Also, the chip can only be read within 10 centimetres from a chip reader, so it cannot be accidentally read.

However, the Canadian Civil Liberties Association (CCLA) still believes that privacy concerns are an issue and have not all been dealt with.

In a recent report, the CCLA indicated that new technologies such as biometric passports should be implemented with adequate legal safeguards. The group is interested in knowing what measures Passport Canada has taken to date, and intends to continue acting to ensure the civil liberties of Canadians are being protected, including the rights of privacy and mobility.

Moreover, the CCLA shares the same privacy and accuracy concerns (in PDF) on the introduction of biometric passports (e-passports) in Canada as EPIC. They are:

  • “Function creep”, which means using the information in the future for a purpose beyond the original purpose
  • Third party access to the information to link the information to that of the third party without the consent of the individual
  • Centralized retention of the information
  • Loss of control by individuals on the use and dissemination of one’s personal information

In addition, Canadians travelling with biometric passports will be subject to the privacy practices of other countries. This means, for example, that foreign databases might store Canadian citizens’ personal identifying information. The CCLA would like to know how Passport Canada plans to handle this inevitability? And rightly so. Privacy International has reported that because of biometric passports, the International Civil Aviation Organization (ICAO), would have a database of over a billion people worldwide by 2015. Yikes!

The CCLA has stated—and I totally agree with them:

While Canadian citizens understand they have restricted privacy rights at international borders, they are not necessarily consenting to the information contained on the RFID chip in the passport being stored in a foreign government’s database.”

Furthermore, the CCLA brought up the issue that faces are constantly changing, and facial biometrics open a Pandora’s box for mass surveillance by states of individuals, with a corresponding chilling effect on many civil liberties. As a fine example, take the 2009 case of Suaad Hagi Mohamud, a Canadian woman who was erroneously accused by Kenyan border officials of impersonation because they thought she did not look like her passport photo. Canadian consular officials concurred that she was an imposter and voided her passport. She was stranded in Kenya for three months before DNA evidence proved her identity.

As I was reading the CCLA’s privacy and accuracy concerns on the introduction of biometric passports in Canada, a story broke about misuse of passport information. A border guard used women’s passport details to hit on them later on Facebook (of course). The Canada Border Services Agency has known about the problem since last October when it received a complaint. The article states that the agency refused to release the name of the employee subject of the complaint, or information about whether the employee was disciplined or terminated.

It is evident that biometrics, and the collection of personal biometric information, raises obvious significant privacy concerns. It’s easy to see that this information can be used and misused. Yes, maybe it is a strong authentication measure, but the invasion of privacy and potential for misuse is in my opinion very undesirable.

Comments

  1. Great post, Yosie. I need to renew my passport and now I’m wondering if I can opt for the old-fashioned kind, please.

  2. Agreed! Giving up a little bit of privacy to travel safely in public is acceptable. However, none of us have ever signed over our identities to the government. I wonder how this translates with the new digital copyright laws? Do we have to develop legislation to protect our digital identities? This certainly needs more thought.