As it is likely that the U.S. government will take legislative steps to heighten national security following the hijackings of Sept. 11, the Electronic Privacy Information Center (EPIC) held a press conference here Monday in an attempt to raise awareness of the privacy implications that such action will bring.
For the past month or so, Congress has been mulling over various methods of bringing greater security to the country, particularly to its physical borders and airports. Proposals ranging from face recognition systems to national identification cards to a central government database have been discussed in hearings, gaining various levels of support from lawmakers eager to enlist technology to help fight the battle against terrorism.
EPIC's press conference was designed to begin a public debate about the privacy ramifications of these technologies, and in some cases to question their efficacy and applicability.
"We're here today to explore the long term implications of the new calls for security and identification," said Marc Rotenburg, executive director of EPIC.
Of the different security approaches being considered, installing face recognition systems in airports is among the most likely to happen, said Richard Smith, EPIC's chief technology officer (CTO). A handful of airports already employ the technology, but currently the goal is to catch local criminals by matching the face of an airport visitor to a database of mug shots, not to catch terrorists, he said.
Beyond the issue of whether scanning faces in a public place violates individuals' privacy, Smith said that there are accuracy problems with face recognition technology. He offered the example of Visionics Corp.'s FaceIt software, which he had installed on his notebook computer. "This is not a perfect technology in any way," he said, explaining that differences in lighting, head positions, and background objects can hinder the program's ability to match a scanned facial image with one stored in a database.
There is also the practical issue that in order to effectively use face recognition software, there must be an established database of faces to match the scans to. In the case of fighting terrorism, it's unlikely that a comprehensive database of faces exists, he said.
However, Smith did concede that as a public relations move to help people feel like the government is doing something to catch terrorists, face recognition systems are a likely choice.
Another option under Congress' consideration is to institute a national identification card program. This proposal has gained the support of Oracle Corp. Chairman Larry Ellison, who said after the hijackings that he would donate the necessary database software for building such a system. EPIC's Rotenburg said that Ellison was invited to speak at Monday's press conference, but declined.
ID cards only work if they have a single purpose that is clearly identified and protected, said Robert Ellis Smith, editor of Privacy Journal, who referred to such cards as domestic passports. If the cards carry multiple pieces of information -- name, address, workplace, and Social Security number, for example -- then an official who checks an individual's identification to, say, allow entrance to the workplace, will have access to more information than is needed for admittance.
A balance between security and privacy must be found, he said.
"The assumption (following the events of Sept. 11 is that) civil liberties will have to be re-examined. I refuse to accept that assumption,"said Robert Ellis Smith. "We punish ourselves. Why pose restrictions on ourselves and not on those from where (threats) come?"
In the case that such an identification system is adopted, panel members at the press conference agreed that it must be accompanied by laws that regulate its use. For example, there could be an "ask ID, show ID" policy that says any law enforcement official requesting to see someone's national ID must have their own identification prominently displayed, suggested Whitfield Diffie, a distinguished engineer at Sun Microsystems Inc. Laboratories. Another policy could be to strictly define the conditions in which an official can ask to see a national ID, and for what reasons, he said.
Sounding a somewhat different view, one panel member said he thinks there are ways to use biometric technology to help catch terrorists that don't necessarily violate privacy.
"It has the potential for benefit and for evil," said John Woodward, senior policy analyst at RAND, a nonprofit research institution focused on policy. "I don't want to make face recognition a technological heroin -- you get in trouble just for having it."