Biometrics and Security | Cybersecurity and Governance | CSIS (2024)

Anonymity provides insurgents or terrorists with protection and operational advantage. Stripping away this anonymity puts them at a disadvantage, whether in Iraq, , or the United States. Biometric technologies can help to do this. Biometric technologies provide new kinds of digital identity data, new ways to collect it, and new opportunities for its use. Using biometric data to screen entrants to the U.S. (as part of US-Visit), for example, greatly reduces the risk of unknown individuals, who have been involved in terrorist activities in Iraq or Afghanistan, entering the United States undetected.

Biometrics will become increasingly more valuable as a tool for verifying identities in a new and deeply interconnected national security environment. However, it is important to note the civil liberty implications of employing biometric technologies and realize that the security must be balanced with the protection of privacy.

To help advance public discussion of the use of biometric technology, CSIS has assembled a series of documents and websites providing essential data:

Discussion

Governments have been collecting biometric data for decades, beginning with paper records of basic physical attributes (such as the color of eyes or hair, height, and other characteristics). Police have been using fingerprints recovered at crime scenes for more than a century and, over time, developed collections of fingerprint records associated with suspects and criminals. At the start of the World War I, Britain and other nations began to issue passports that listed rudimentary physical identifiers, to enable governments to screen entrants and distinguish among citizens (who have certain rights) and non-citizens ( may have hostile intent).

Security and public safety were improved by these early efforts to use biometric data, and the advent of digital technologies opens new possibilities to improve identity management today. Biometrics technologies provide valuable tools for homeland security, public safety, counter-terrorism, and law enforcement. However, government use of biometric data takes place in a complex legal environment that affects both U.S. and non-U.S. persons. The issues include:

• Collection, retention, and use: what are the existing rules on the collection, retention and use of biometric data as they apply to U.S. persons and foreign nationals; and the appropriate safeguards for personally identifiable information?
• Sharing biometric data: how does the United States regulate the ability to share biometric data between U.S. agencies or between the U.S. and allied or coalition nations?
• Allied/Coalition use: how do existing privacy safeguards and other rules affect the ability of the United States to use biometric data collected by allied and coalition states? What are the necessary safeguards for the use of biometric data as they apply to law enforcement, intelligence, homeland security, or uses that blend these disciplines?

Law enforcement use of biometric data poses special problems. Biometric data collected at a crime scene can provide compelling evidence; however, the data is often anonymous – not linked to any known individual. To be useful, Biometric data must be matched with records linked to an identity. In some cases, police will already have biometric records; in other cases they have used surreptitious techniques to collect biometric data from suspects. How biometric data is collected and used and whether prisoners and suspects can be compelled to provide it are problems not adequately covered by existing rules and regulations.

Counterterrorism raises even more difficult issues. The United States collects biometric data in Iraq, Afghanistan, and other locations. The data includes fingerprints, retinal scans and other biometric indicators (such as DNA samples). Sometimes this biometric data is associated with an identity – an individual who will work at a U.S. facility, for example. Other times, the link between biometric data and identity is unknown, which is frequently the case when DOD collects forensic data from a bomb site. In current conflicts, the distinctions between foreign and domestic and between law enforcement, defense, and intelligence have been blurred. The United States will need to articulate rules for how biometric data collected by one agency from anonymous individuals, some of whom may turn out to be U.S. persons or the citizens of an allied nation, can be used and shared among different agencies and even different governments.

These are problems of governance. Governance involves the processes for making and applying rules. The governance of biometric data for identification and for security is underdeveloped, in part because it cuts across organizational and national boundaries. Indeed, there are great benefits from the use of biometric data for identification purposes. To realize these benefits, however, the collection and use of biometric data must be governed by rules and safeguards that balance national security with privacy rights and civil liberties.

Interviews

On September 18, 2008, James Lewis interviewed Benjamin P. Riley III, Director of the Rapid Reaction Technology Office at the Department of Defense, and Thomas Dee, Director of Defense Biometrics at the Office of the Secretary of Defense.

In his interview with Mr. Riley, we hear about how the Department of Defense has successfully used biometric technologies to apprehend potential terrorists overseas, how the program came about, and the future of the program.

Mr. Dee talks more specifically about the Department of Defense’s operational capabilities using biometric technologies.