As biometric data gathering like facial recognition becomes an increasingly common tool in fighting against terrorism, legal protections have lagged behind that technology, according to experts on a recent panel in Manhattan, who said regulators need to strike a better balance between security and protecting human rights.
At the moment, there's a consistent lack of ground rules in virtually all aspects of biometric data, from the process by which biometric recognition programs are created to the means in which data is gathered to the ways it is used and shared across agencies and borders, panelists said Tuesday during the event, hosted by New York University's nonpartisan public policy institute the Brennan Center for Justice.
Both human rights advocates and policymakers said that while biometric data could help save lives and prevent terror attacks, it also could lead to serious human rights violations, especially as the technology evolves rapidly and in unpredictable ways.
"One of the preliminary things that we have flagged is there is very little focus on the full impact of biometric data on human rights," said Krisztina Huszti-Orban, a research fellow with the Human Rights Center who also advises the United Nations on the issue. "The focus needs to be expanded from privacy and data protection to the full spectrum of human rights."
In addition to Huszti-Orban, the panel included representatives from the advocacy organizations Privacy International and the U.S.-focused Surveillance Technology Oversight Project, as well as a legal officer with the U.N. Security Council's Counter-Terrorism Executive Directorate.
Biometrics includes a broad range of information about or derived from an individual's physical or biological characteristics.
Some biometric technologies have been around a long time, such as fingerprinting, while others are more recent, like DNA testing. Still others are only just now being developed, such as facial recognition, gait recognition and even sentiment detection, which promises the ability to detect emotion and mental state.
"It's interesting when you see these technologies work for the first time. It can seem like magic," said Liz O'Sullivan, technology director of the Surveillance Technology Oversight Project. "But these algorithms are not magic. They are created by humans."
That means, she said, that algorithms are fallible, especially when the data they are trained with is incomplete. For instance, she said, some self-driving car programs have had problems dealing with bicycles because the training data simply did not include enough examples of bikes on the roads for programs to know how to deal with them. Similarly, data used to train algorithms that analyze humans can have major holes, she said.
Underrepresented populations, such as people with mental illnesses, people of color, children and people with disabilities, often don't make up much of the data these algorithms are trained with, and thus can be negatively impacted by the results.
What's worse, O'Sullivan said, is that these programs are designed to handle calculations that humans would simply be unable to process or understand, meaning programs often cannot explain why they have arrived at a particular result.
"We are now going to be making arrests of people with potentially no defense," O'Sullivan said.
Panelists also highlighted other major concerns, such as that databases designed for one highly selective purpose — for instance, screening international arrivals for suspected foreign terrorists — can be merged with other databases, increasing the number of potential uses. Information can also be shared across agencies and across borders without much oversight, panelists said.
And private citizens often don't realize what data about them might have been obtained, how it is being used, or whether that data has landed them on a list somewhere that they might not be able to get off of.
"It's understandable" that governments want to use biometric data, said Tomaso Falchetta, head of the advocacy and policy team at Privacy International. "Data is very useful."
But that doesn't mean governments should be able to use it however they like, he said.
All the panelists recognized that there is a lack of law and regulation in place to safeguard human rights. Not all nations have legislation protecting citizens' privacy or data, and not all such laws include biometric data. In addition, many privacy laws make exceptions for national security purposes.
At the international level, panelist Anne-Maria Seesmaa of the U.N. counterterrorism directorate said the group was working on developing guidelines for nations. Although directives from the U.N. have specified that countries are to safeguard human rights when using biometrics, she said, the group hopes to create rules for the best way to do that. In 2018, it released a compendium of recommended practices that filled in some gaps.
"It's not perfect," Seesmaa said. "But it is a first step."
Going forward, she said that the directorate hoped to address pressing concerns such as the sharing of biometric data across borders and to develop a robust framework for how the collection and use of biometrics should be overseen.
"It's actually not that easy to determine what is effective, appropriate, independent oversight of this information," she said.
Others on the panel, however, pushed back against some of the instructions U.N. bodies have put in place, such as the directive to create databases in the first place. Though these databases are developed for national security purposes, Falchetta noted, they can be put to use for other reasons.
Seesmaa, though, defended the use of biometric data, saying it can be employed in counterterrorism to save lives. And although it makes sense from a human rights perspective to restrict the use of data or limit who can access it, she said, those limits could also have consequences.
"When things happen," she said, "people ask, 'You knew — why didn't you do anything?'"
The key, she said, would be finding the right balance.
--Editing by Aaron Pelc.
Have a story idea for Access to Justice? Reach us at accesstojustice@law360.com.
Try our Advanced Search for more refined results
Law360
|The Practice of Law
Access to Justice
Aerospace & Defense
Appellate
Asset Management
Banking
Bankruptcy
Benefits
California
Cannabis
Capital Markets
Class Action
Colorado
Commercial Contracts
Competition
Compliance
Connecticut
Construction
Consumer Protection
Corporate
Criminal Practice
Cybersecurity & Privacy
Delaware
Employment
Energy
Environmental
Fintech
Florida
Food & Beverage
Georgia
Government Contracts
Health
Hospitality
Illinois
Immigration
Insurance
Intellectual Property
International Arbitration
International Trade
Legal Ethics
Legal Industry
Life Sciences
Massachusetts
Media & Entertainment
Mergers & Acquisitions
Michigan
Native American
Law360 Pulse
|Business of Law
Law360 Authority
|Deep News & Analysis
Healthcare Authority
Deals & Corporate Governance Digital Health & Technology Other Policy & ComplianceGlobal
- Law360
- Law360 UK
- Law360 Pulse
- Law360 Employment Authority
- Law360 Tax Authority
- Law360 Insurance Authority
- Law360 Real Estate Authority
- Law360 Healthcare Authority
- Law360 Bankruptcy Authority
- Products
- Lexis®
- Law360 In-Depth
- Law360 Podcasts
- Rankings
- Leaderboard Analytics
- Regional Powerhouses
- Law360's MVPs
- Women in Law Report
- Law360 400
- Diversity Snapshot
- Practice Groups of the Year
- Rising Stars
- Titans of the Plaintiffs Bar
- Sections
- Adv. Search & Platform Tools
- About all sections
- Browse all sections
- Banking
- Bankruptcy
- Class Action
- Competition
- Employment
- Energy
- Expert Analysis
- Insurance
- Intellectual Property
- Product Liability
- Securities
- Beta Tools
- Track docs
- Track attorneys
- Track judges
This article has been saved to your Briefcase
This article has been added to your Saved Articles