11 votes

50 countries ranked by how they’re collecting biometric data and what they’re doing with it

11 comments

  1. patience_limited
    Link
    From the article: I suspect that most U.S. citizens would be startled to learn that the U.S. is in the company of China, Malaysia, and Pakistan when it comes to ubiquity and lack of privacy in...

    From the article:

    Key findings

    • Many countries collect travelers’ biometric data, often through visas or biometric checks at airports
    • Every country we studied is using biometrics for bank accounts, e.g. fingerprints to access online app data and/or to confirm identities within the banks themselves
    • Despite many countries recognizing biometric data as sensitive, increased biometric use is widely accepted
    • Facial recognition CCTV is being implemented in a large number of countries, or at least being tested
    • EU countries scored better overall than non-EU countries due to GDPR regulations protecting the use of biometrics in the workplace (to some extent)

    I suspect that most U.S. citizens would be startled to learn that the U.S. is in the company of China, Malaysia, and Pakistan when it comes to ubiquity and lack of privacy in biometric data collection.

    6 votes
  2. [3]
    pallas
    (edited )
    Link
    Given the data and description this article has for Ireland, I am somewhat sceptical of its rigour, particularly as it highlights the country as having the best score in its analysis. It appears...

    Given the data and description this article has for Ireland, I am somewhat sceptical of its rigour, particularly as it highlights the country as having the best score in its analysis. It appears that the analysis may rely on uncritical readings of official government statements.

    • The government website they use for whether biometrics are required for visas is misleading: visas of over three months (eg, non-tourist visas), from any country, do require photographs and extensive fingerprints. Their analyses appears to penalize the UK for a similar policy (biometrics for visas over six months). It appears there may be some cleverness here: the biometrics aren't required for the visa, but for a permit that you must obtain in order to get the visa.
    • The official government position is that the Public Services Card is not a national identity card and does not entail biometrics. It does, however, involve facial recognition and potentially voice recognition, and government websites state that the card is required for a number of things, including applying for a first adult passport or taking a driving test (though both of those agencies actually disagree), and it was my understanding that one was required for employment and taxes (it appears there may be practically-infeasible routes to avoid having one). This is somewhat complex because most uses of the card have been recently ruled illegal by the Data Protection Commissioner, but the government has stated that they will ignore the ruling and are currently in a large legal battle; thus different parts of the give conflicting information.
    • Per the above, it appears that there is a facial recognition database associated with the Public Services Card, and it appears that whether the government is correct to state that the card is not biometric is currently under investigation by the DPC (search for biometric in that article).
    3 votes
    1. [2]
      patience_limited
      Link Parent
      Thank you for investigating. I suspect the statistics elide many of those details simply because it's too difficult to make equivalent comparisons among all the different types of national ID and...

      Thank you for investigating. I suspect the statistics elide many of those details simply because it's too difficult to make equivalent comparisons among all the different types of national ID and immigration control systems surveyed.

      2 votes
      1. pallas
        Link Parent
        That would make sense, to some extent, though it risks meaning that countries which are more transparent about biometrics are penalized for the transparency. However, in the case of the UK and...

        That would make sense, to some extent, though it risks meaning that countries which are more transparent about biometrics are penalized for the transparency.

        However, in the case of the UK and Ireland, fingerprints are required for long-term visas for both, but the UK is penalized for this while Ireland is not. This is a rather direct comparison.

        1 vote
  3. elcuello
    Link
    This is really scary shit in the long run. I recommend the book Data Dictatorships for the full picture of where we could be heading.

    This is really scary shit in the long run. I recommend the book Data Dictatorships for the full picture of where we could be heading.

    2 votes
  4. Eric_the_Cerise
    Link
    Nice article, decent attempt to quantify this trend. But more broadly, nice website. Thanks for the find.

    Nice article, decent attempt to quantify this trend.

    But more broadly, nice website. Thanks for the find.

    1 vote
  5. [5]
    freestylesno
    Link
    I feel im missing what is wrong with biometrics. You are who you are, biometrics are basically just confirming who you are. Like biometrics with a passport ensures you are the person the id says...

    I feel im missing what is wrong with biometrics. You are who you are, biometrics are basically just confirming who you are. Like biometrics with a passport ensures you are the person the id says you are.

    I don't doubt there are bad things about it but I find it hard to see things that wouldn't be your own fault.

    1. patience_limited
      Link Parent
      The Electronic Freedom Federation has an extensive library on the risks of biometric data collection and its abuse. Governments are already using this data for intrusive surveillance and...

      The Electronic Freedom Federation has an extensive library on the risks of biometric data collection and its abuse.

      Governments are already using this data for intrusive surveillance and totalitarian control. You can't change your biometric measurements, at least without extreme measures. If that data is mishandled, corrupted, leaked, or abused for criminal purposes, you may never be able to recapture your own identity signifiers.

      In the absence of proper legal frameworks for handling biometric information, especially with DNA databases, you may have no intellectual property or other rights to your own data, and also face the prospect of discrimination.

      I'm a little frightened that "if you've got nothing to hide, you've got nothing to fear" styled arguments still have traction here. The governments practicing this kind of surveillance are already operating as if they presume anyone could be guilty of anything at any time.

      10 votes
    2. [2]
      Eric_the_Cerise
      Link Parent
      Put simply, after you get hacked or ID-thefted, you can always change your password, make a new account, block your credit card and get a new one, etc. Biometrics are for life. Even if you 100%...

      Put simply, after you get hacked or ID-thefted, you can always change your password, make a new account, block your credit card and get a new one, etc. Biometrics are for life. Even if you 100% implicitly trust your govt-of-choice's intentions ... sooner or later, Everyone gets hacked.

      5 votes
      1. NaraVara
        Link Parent
        Part of the deal is that biometrics aren't fakeable except by extremely sophisticated and expensive methods. So if your biometrics get spoofed, it would actually be easier to find and capture the...

        Biometrics are for life

        Part of the deal is that biometrics aren't fakeable except by extremely sophisticated and expensive methods. So if your biometrics get spoofed, it would actually be easier to find and capture the person who spoofed them rather than to change everything that's reliant on it for authentication.

        Also, ideally, you'd use the biometric as the second factor in a multi-factor authenticator. So it would be like a PIN or password on top of your biometric.