Katitza Rodriguez & Maira Sutton
Electronic Freedom Foundation
April 1, 2012
Electronic Freedom Foundation
April 1, 2012
Last week, the Conseil Constitutionnel, the highest authority on the French Constitution, declared the provisions of a law permitting judicial and police use of a centralized national ID database to be unconstitutional. 200 members of the French Parliament referred the law to the Conseil following the law’s adoption on March 6th. The Conseil determined that the use of the centralized database was incompatible with France’s fundamental rights, including the right to privacy and the presumption of innocence.
The proposed legislation mandated compulsory civilian ID cards containing a chip designed to store personal and biometric information, including home address, marital status, eye colour, and fingerprints. Proponents argued that the biometric ID card would be used to stop “honest folk” from becoming the victims of identity fraud. In fact, the law would have enabled the “honest folk” database to be used for criminal and judicial purposes. The Conseil correctly determined that such uses constituted a serious incursion into the right to private life, disproportionate to the law’s stated objective.
Another provision in the law would have allowed for a second, optional chip to be used for online authentication in e-commerce transactions. The Conseil determined that such use would require too broad a range of personal data to be collected without any guarantees of security and confidentiality. Furthermore, it condemned the law’s vague conditions for authenticating individuals, especially minors. EFF welcomes the Conseil’s decision to strike out substantial parts of the legislation to protect privacy. Nevertheless, the Conseil should explain their unmotivated reasoning behind leaving significant anti-privacy portions of the law intact, namely biometric data collection for the purpose of preventing ID fraud.
The argument for biometrics is predicated on the flawed assumption that a national biometric ID scheme will prevent identity fraud. Massive databases already invite security breaches and a biometrics database of this scale is a honeypot of sensitive data vulnerable to exploitation. Such a data breach is not just costly—it is irreversible, you cannot change your fingerprints or your irises. Recently the UC Berkeley School of Law conducted an in-depth analysis of the costs of establishing a biometric employment identity card in the United States. They found that such a program would cost an upwards of “$40 billion in initial costs, but also $3 billion in ongoing annual expenditures.” They also concluded that such a program’s lack of proven effectiveness and its high risk of error would lead to “a Pandora’s box of civil liberty violations.”
In its decision, the Conseil emphasized that they are not ruling either for or against biometrics [PDF, in French] (p.21):
This decision of the Council’s should not be interpreted as being either in favour of biometrics or against it. Nor is the Council expressing any opinion either in favour of a register of biometric data or against it. What the Council is saying is that the safeguards involved in the creation and deployment of this register are inadequate. In the circumstances, the Council is not in a position to over-ride the wishes of the legislature.
The Conseil’s ambivalent statement is politically understandable. Regulators tend to romanticize the security and accuracy of biometric systems. In fact, there is a lack of evidence to demonstrate the reliability and proportionality of this new technology. Jean Marc Manach, a blogger and journalist from Owni.fr, argues that biometrics has proven inaccurate and therefore ineffective in fighting identity fraud or anything else. As long ago as August 2009, The Register magazine suggested that our trust in biometric technology is a delusion.
Last year, a French report revealed that 10% of biometric passports were fraudulently obtained[French]. The introduction of biometrics is exacerbating the problem of identity fraud instead of solving it. The French government already has several powerful surveillance technologies available to track people’s movements, including mobile phone logs, web usage logs and credit card usage logs. They must provide evidence first that they can use this technology to enhance security before spending taxpayer money on another National ID biometric scheme.
French smart card and biometrics companies have lobbied heavily for the “honest folks” law. Their trade association, GIXEL (Professional Association of Industry and Electronic Components) gained notoriety in 2004 when they won the infamous French “Big Brother” award, for their systematic attacks on the right to privacy. Ironically, GIXEL got the award for their proposal to “educate” children under 6 years old and their parents about the need for biometric “security.”
The proposed collection of this vast amount of biometric information gives governments too much unchecked power and opens the door for government abuse. In their referral to the Conseil, French parliamentarians quoted Martin Niemöller’s chilling poem “First they came.” They argued that had this kind of database existed during WWII, the Nazis and collaborators in Vichy France could have more easily arrested French Résistance fighters based on their fingerprints or facial scans.
EFF, as one of 80 civil liberties organizations, has requested the Council of Europe in 2011 to investigate if National ID biometrics laws in Europe comply with the Council of Europe Privacy Treaty and the European Convention on Human Rights.
In light of the long list of privacy concerns surrounding biometrics, and the guarantee of future security breaches, biometric national ID laws cannot be justified. As more nations continue to adopt and implement biometric ID laws, now is the time for the Council of Europe to comply with its duty to seriously confront all of these issues. Under our watch, we refuse to let states collect massive amounts of biometric data without regard to our privacy rights.
April 1, 2012
April 1, 2012
Under legislation expected in next month’s Queen’s Speech, internet companies will be instructed to install hardware enabling GCHQ – the Government’s electronic “listening” agency – to examine “on demand” any phone call made, text message and email sent, and website accessed in “real time”, The Sunday Times reported.
A previous attempt to introduce a similar law was abandoned by the former Labour government in 2006 in the face of fierce opposition.
However ministers believe it is essential that the police and security services have access to such communications data in order to tackle terrorism and protect the public.
Although GCHQ would not be able to access the content of such communications without a warrant, the legislation would enable it to trace people individuals or groups are in contact with, and how often and for how long they are in communication.
The DissenterApril 1, 2012
The DissenterApril 1, 2012
At the start of the first hearing on a lawsuit challenging the Homeland Battlefield Act, a federal judge appeared to be “extremely skeptical” that those pursuing the challenge had grounds to sue the US government. However, by the end of the hearing, the judge acknowledged plaintiffs had made some strong arguments on why there was reason to be concerned about the Act, which passed as part of the National Defense Authorization Act (NDAA) on New Year’s Eve last year.
Adam Klasfeld of Courthouse News, one of the few media organizations that actually covered the hearing yesterday, reported that Judge Katherine B. Forrest cited the lack of definition of terms such as “substantial support” or “associated forces,” which appear in the law. Without clearly knowing what “substantial support” for terrorism or “associated forces” of terrorist groups could be, Forrest asked, “How does the common citizen know?”
The government lawyers contended that the Homeland Battlefield Law “affirms” the Authorization to Use Military Force passed under President George W. Bush. But, according to Klasfeld, Forrest asked why language had changed. “Congress writes legislation for a reason, right?” There must be a purpose for the change.
There are seven plaintiffs trying to sue right now. Dubbed the “Freedom Seven” by their attorneys, the plaintiffs include: Chris Hedges, a journalist; Daniel Ellsberg, who is known for releasing the Pentagon Papers; Noam Chomsky, a well-known writer; Icelandic MP Birgitta Jonsdottir; Tangerine Bolen, founder of RevolutionTruth.org; Kai Wargalla, deputy director of Revolution Truth and founder of Occupy London; and Alexa O’Brien, journalist and founder of US Day of Rage.
Paul Harris of The Guardian also covered the hearing. His report indicates that the government did not block Icelandic MP Birgitta Jonsdottir’s testimony from being entered into the record.
Jonsdottir, whose past association with WikiLeaks led the Justice Department to subpoena her Twitter account, had been warned that the State Department might prevent her testimony from being read in court, but author Naomi Wolf was permitted to read Jonsdottir’s statement.
Noting that many US political leaders have labeled WikiLeaks a “terrorist” organization, the statement read by Wolf explained why Jonsdottir had refused to come give lectures in the United States for fear of being detained.
[The NDAA] provisions create a greater sense of fear since now the federal government will have a tool with which to incarcerate me outside of the normal requirements of the criminal law. Because of this change in the legal situation, I am now no longer able to travel to the US for fear of being taken into custody as as having ‘substantially supported’ groups that are considered as either terrorist groups or their associates.
Bolen and Ellsberg did not testify on Thursday, but Hedges, O’Brien and Wargalla each appeared in person to testify. Harris reported that Hedges said he ”feared he might be subject to arrest under the terms of NDAA if interviewing or meeting Islamic radicals could constitute giving them ‘substantial support’ under the terms of the law.” O’Brien described in detail how a private intelligence firm was trying to link US Day of Rage to “Islamic fundamentalists.” And, Wargalla testified on how the City of London had listed Occupy London alongside al Qaeda and extremist groups from Belarus and Colombia.
Lawyer Benjamin Torrance, who was in court to represent the government, declined to answer if any of the plaintiffs concerned about the law could be targeted. He said he could not “make specific representations regarding specific plaintiffs.” He could not say if Icelandic MP Birgitta Jonsdottir “would have been detained had she flown in from Iceland.” All he could say was that “an association with WikiLeaks alone would not make her subject to the NDAA.”
The reluctance to answer specifically, though routine, led Forrest to state that the government was not helping its case that citizens do not have any reason to fear the law. The judge said, “If people weren’t worried before those series of questions, they could worry about it now,” she said. And, with regards to Hedges, who filed the lawsuit against the government, she added, “It sounded like Mr. Hedges was all over co-belligerents.”
The hearing that played out in court yesterday was held to determine if any of the plaintiffs had grounds to sue. Klasfeld noted, “To win the right to sue, only one of the seven plaintiffs needs to establish a ‘reasonable fear’ of being detained for free speech. The plaintiffs that remain standing can then challenge the law on constitutional grounds.”
Back in December, Congress passed the law but there wasn’t unanimous support. There was a level of consternation over what the Obama Administration was asking members of Congress to do. Much of that dismay came from a broad political spectrum of Americans that found the law to be an assault on civil liberties. Amendments were proposed but failed to pass.
The aftermath has not seen outrage among citizens relent. President Barack Obama may have issued a signing statement to the law, but it did little to change the fact that indefinite detention was codified into law. It did nothing to prevent future administrations from wielding the power of the Homeland Battlefield Act. And, as a result, members of Congress and state officialsbolstered by anger at the grassroots level are mobilizing to ensure provisions of the NDAA are stripped or neutralized.
The plaintiffs are realistic about the chance they have to actually advance this lawsuit, but they also are convinced they have to push back against unchecked executive power in the United States. They see this as a beginning and intend to add many more plaintiffs to lawsuit in the coming weeks.