• PC World
• » Tech Industry

WASHINGTON, D.C. -- As it is likely that the U.S. government will take legislative steps to heighten national security following the events of September 11, the Electronic Privacy Information Center held a press conference here on Monday in an attempt to raise awareness of the privacy implications that such action will bring.

For the past month or so, Congress has been mulling over various methods of bringing greater security to the country, particularly to its physical borders and airports. Proposals ranging from face recognition systems to national identification cards to a central government database have been discussed in hearings, gaining various levels of support from lawmakers eager to enlist technology to help fight the battle against terrorism.

EPIC's press conference was designed to begin a public debate about the privacy ramifications of these technologies, and in some cases to question their efficacy and applicability.

"We're here today to explore the long term implications of the new calls for security and identification," says Marc Rotenburg, executive director of EPIC.

Of the different security approaches being considered, installing face recognition systems in airports is among the most likely to happen, says Richard Smith, EPIC's chief technology officer. A handful of airports already employ the technology, but currently the goal is to catch local criminals by matching the face of an airport visitor to a database of mug shots, not to catch terrorists, he says.

Questioning Accuracy

Beyond the issue of whether scanning faces in a public place violates individuals' privacy, Smith says that there are accuracy problems with face recognition technology. He offers the example of Visionics' FaceIt software, which he had installed on his notebook computer.

"This is not a perfect technology in any way," he says, explaining that differences in lighting, head positions, and background objects can hinder the program's ability to match a scanned facial image with one stored in a database.

There is also the practical issue that in order to effectively use face recognition software, there must be an established database of faces to match the scans to. In the case of fighting terrorism, it's unlikely that a comprehensive database of faces exists, he says.

However, Smith does concede that as a public relations move to help people feel like the government is doing something to catch terrorists, face recognition systems are a likely choice.

Calling for ID Cards

Another option under Congress' consideration is to institute a national identification card program. This proposal has gained the support of Oracle Chair Larry Ellison, who said after the hijackings that he would donate the necessary database software for building such a system. EPIC's Rotenburg says that Ellison was invited to speak at Monday's press conference, but declined.

ID cards only work if they have a single purpose that is clearly identified and protected, says Robert Ellis Smith, editor of Privacy Journal, who referred to such cards as domestic passports.

If the cards carry multiple pieces of information--name, address, workplace, and Social Security number, for example--then an official who checks an individual's identification to, say, allow entrance to the workplace, will have access to more information than is needed for admittance.

Seeking Balance

A balance between security and privacy must be found, he says.

"The assumption [following the events of September 11 is that] civil liberties will have to be re-examined. I refuse to accept that assumption," says Smith. "We punish ourselves. Why pose restrictions on ourselves and not on those from where [threats] come?"

In the case that such an identification system is adopted, panel members at the press conference agreed that it must be accompanied by laws that regulate its use. For example, there could be an "ask ID, show ID" policy that says any law enforcement official requesting to see someone's national ID must have their own identification prominently displayed, suggests Whitfield Diffie, a distinguished engineer at Sun Microsystems Laboratories.

Another policy could be to strictly define the conditions in which an official can ask to see a national ID, and for what reasons, he says.

Sounding a somewhat different view, one panel member says he thinks there are ways to use biometric technology to help catch terrorists that don't necessarily violate privacy.

"It has the potential for benefit and for evil," says John Woodward, senior policy analyst at RAND, a nonprofit research institution focused on policy. "I don't want to make face recognition a technological heroin--you get in trouble just for having it."

• See more like this:
• privacy,
• security,
• facial recognition,
• face recognition,
• biometrics,
• national ID cards,
• EPIC,
• Electronic Privacy Information Center,
• airport,
• terrorism