Biometrics, traces, and surveillance

Fingerprints

Fingerprints, and handprints more generally, were first used by Sir William Herschel, an administrator in the Indian Civil Service, in the 1850s in order to provide a more robust form of identity verification. At first this was an addition to a signature on a contract because he thought signatures too deniable. Later he used them to identify pensioners collecting benefits and criminals serving punishments.

The realisation that our passage through the world leaves traces of these distinctive patterns of our bodies and thus, by comparing those traces to the sorts of records Herschel created, we could identify an unknown person who had been at a certain place some time before, is attributed to Francis Galton in his 1892 Finger Prints.

This forensic use of fingerprints has a significant difference from Herschel's: in both case a comparison is made between a record and some newly generated evidence. In identity verification, when both the record and the evidence are created, the subject is aware of this. They may consent to either or both, or they may be compelled or coerced in either case. But the process is transparent.

When the police use fingerprints forensically to identify who was present at a crime scene, the database of records will have been collected in ways similar to Herschel's. But the evidence is collected without the subject's knowledge, let alone consent. It comes from traces that we inevitably leave as we pass through the world (though we can take steps to minimise these traces, of course). The lack of consent here doesn't seem to raise ethical issues, because these are physical traces we leave behind for anyone to find.1 The information has not been deliberately extracted from us.

Biometrics

When I use biometrics to unlock my phone or authorise a payment, it is a form of identity verification very much like Herschel's. It is thus easy to assume that the extension of that technology into forensic activities follows the same pattern as Herschel’s fingerprints. But there is a subtle difference.

Consider unlocking a phone with a fingerprint. First, I register my fingerprint, then I apply my finger to the sensor to identify myself. While what is being recorded and compared here is different (Herschel prints are visual patterns, digital prints are electrical conductance patterns), the situation has very much the same structure. Herschel could only prove the person before him was the person who signed the contract with a handprint by taking another handprint off that person, by consent or coercion. My phone can only verify it is me trying to unlock it by taking another fingerprint.

When the use of fingerprints was extended to the forensic case, there needed to be no parallel to the subject providing this second print. Instead, the detective comes onto the scene afterwards, in my absence, and creates the evidence from an involuntary trace. That trace was there whether anyone created the evidence from it or not.

This is not possible with the electrical conductance prints which my phones records. Even if the police had that information in their database, the electrical conductance profile of my finger leaves no such trace as I move through the world. It can only be used to identify my via the application of my finger to a specially designed sensor, by consent or coercion.2

To use these conductance prints forensically, we would have to rebuild the world so that skin conductance did leave traces as we navigated our way around. (One can imagine the worst form of state or employer surveillance placing covert electrical conductance sensors on surfaces we are likely to touch, like the keys of a keyboard.) And that seems to create an ethically significant difference, for the traces we are leaving by which we are identified are artificially created with the express purpose of identifying people. Doing that covertly or by trickery seems as ethically questionable as unlocking someone's phone with their fingerprint while they are asleep.

Live Facial Recognition

So-called facial recognition is the most powerful identification technology around at the moment. Because a 'faceprint' - really a fairly abstract mathematical description of certain geometric properties of a face - can be constructed reliably from a photograph, we can easily compare the faceprint created from traditional photo ID such as a passport or driving licence with the faceprint of a person we are pointing a camera at. This makes it highly useful for a variety of identity verification purposes, from border control to banking.3

However, the police and many private companies are actively engaged in moving from the use for identity verification to a more forensic use of the technology. This, of course, requires the construction of a database to compare the evidence to. The police do this by creating faceprints from their existing photographic database and also - it seems - buying data from private companies. The private companies do this by creating faceprints from publicly accessible photographs, such as social media posts, or their own photographic database, which is usually CCTV.

Here I want to focus not on the creation of these databases, which is certainly ethically problematic,4 but their forensic use. There are two cases:

  1. Trying to find a known person in a crowd in order to arrest or otherwise apply force to them (e.g. removing them from a show)
  2. Trying to identify a suspect from photographic evidence

Both of these uses rely on the fact that we - the public - have become almost entirely indifferent to the existence of almost ubiquitous CCTV cameras in public and private spaces. We are continually being filmed. How did we allow this to happen?

My hunch is that we accepted this because we assumed, correctly at the time, that this filming could only be used to create evidence by a human being watching the film and drawing inferences. So long as these cameras were placed in locations where the people who might get to watch the film could have been present and watching you anyway, drawing the same conclusions, we tolerated it. We might object where their placement intruded into spaces where we wouldn't allow police or security to watch us, but the idea of CCTV was simply to put a legitimate observer but spatially and temporally remote observer in a place where observation was legitimate.5

Facial Recognition technology changes this. Instead of creating a resource which can be used by a person to create evidence, it automates the generation of that evidence, specifically the identities of who was in a particular place at a particular time. CCTV without facial recognition is much closer to traditional fingerprints. It creates a trace which someone can later use to collect evidence. True, the CCTV artificially creates that trace, but it does not go very far beyond merely extending the availability of what is naturally an ephemeral trace - the visibility of a person in a place - so that the evidence can be collected later. The memory of eyewitnesses does something similar.

When we add CCTV into the mix, something different is happening, something akin to creating a building where most surfaces are fingerprint sensors. The evidence is immediately and automatically created without any further human intervention.

Surveillance societies

What really makes a surveillance society is not the creation of traces of our behaviour which could be used by the state or by other powerful bodies to create evidence of where we have been, what we have done, and who we have met. The increasing ubiquity of these traces is an inevitable by-product of modern society, density of population and the commercialisation of so many basic activities. Sherlock Holmes was able to create evidence from the tickets which were collected at a station as part of the smooth running of a commercial railway. Miss Marple constructed evidence from what people observed of each other in a small village. The inconvenience of paying for everything with cash results in card payment traces with many opportunities for evidence to be created. The use of phones and messaging does similar for our conversations.

The switch to surveillance occurs when these traces are turned into evidence at a large scale and without any specific objective, and thus any space for consideration of the ethical issues arising from creating that evidence in that case. Long before the internet, itemised phone bills provided a rich trove of metadata which could be used to infer who knew whom and how well. But while it was a trace available for such use, it had not yet become evidence. When Facebook and others started using similar metadata to create social graphs for everyone, something changed. We were being surveilled.

And having seen how easy it is, and that people don't seem to care, governments are rapidly following suit. For some time now they have been allowed to collect mass data on citizens, but their use - processing - of that has been restricted to cases where there is a good reason to turn those digital traces someone has left into evidence. Now state security services are trying to get this 'burdensome' requirement. That is the crucial step into a surveillance society which we must challenge.

Postscript

The distinction between the traces we leave, which may be used to create evidence of where we have been and what we have done, and that evidence itself, applies also to financial transactions. We all use electronic payment systems, from card payments to bank transfers to PayPal, and by doing so we leave traces of our lives. Those traces can - and sometimes are - used to create evidence about us by the state. But the diversity of the institutions and the longstanding traditions of privacy in the financial sector6 mean this falls short of mass surveillance and is more akin to fingerprints than facial recognition. However, a Central Bank Digital Currency would be entirely different. It would be a form of mass surveillance precisely because the traces we leave would be automatically and systematically turned into evidence about us.


  1. Though there are important ethical issues about the database to which they are compared. This is one of those places where thinking of ethical issues exclusively in terms of harms and benefits distorts the balance of power in favour of the state. What harm comes to me from the police keeping a record of my fingerprints? The only consequence of that would be if a match is thrown up at a crime scene and I become a suspect. But then I would be a genuine suspect and so surely it benefits the state to identify me? That is all true, but if the police had no other reason to connect me to the crime than the fingerprint, then I am placed in a situation where they will investigate me and I will have to hand over personal information, possibly being arrested or required to attend a police interview, in order to prove my innocence (the famous 'alibi'). The assumption of innocent until proven guilty has been weakened because I am forced to prove my innocence. 

  2. Actually, I wouldn't be surprised if it is possible to construct a visual record of my fingerprint from that conductance data, but then we are simply finding another way of creating the database rather than using the conductance to create the evidence. 

  3. It also suggests that it would be easy to trick with photos of someone not present, but security experts do their best to get around this and are successful enough for it to be widely used. 

  4. I have tried to write about this in another post, but don't feel I have fully nailed it yet. 

  5. Had that implied consent not occurred so gradually, as the technology became cheaper and smaller, we might have been concerned about two other features of CCTV culture. Firstly, the cameras are increasingly designed and positioned to not draw attention to themselves or their function. Thus the filters we might apply to our behaviour if we knew we were being observed are usually absent. Secondly, police and security guards cannot observe a space continuously. There are thus always gaps in what evidence they can produce. Total records of what happened in a place are now possible. 

  6. Which probably exist and continue for bad reasons as much as good ones. However, if you doubt that financial institutions also respect the privacy of ordinary customers, ask why chain stores are so generous in their incentives for customers to use 'loyalty' schemes? (Think of Tesco's 'Clubcard Price'.) Since most people use the same payment card every time they shop, it is possible to use that to 'fingerprint' your customers and generate rich profiles of their shopping behaviour. It would even be possible to offer those personalised rewards at the till using this information. The very fact that this doesn't happen tells us that banks are implementing a privacy firewall here. 


You'll only receive email when they publish something new.

More from Tom Stoneham
All posts