Two years ago, Congress argued about overhauling the nation’s immigration laws, but failed to pass comprehensive immigration law reform. Now, the Washington Post reports that Senate Democrats are again looking to change federal immigration laws. Instead of just creating an error-filled national database of Americans’ employment eligibility, this time legislators are seeking to require “that all U.S. workers verify their identity through fingerprints or an eye scan.” I would like to emphasize that they would gather biometric data from “all U.S. workers”; not just undocumented workers.
Speaking on the eve of a White House summit with congressional leaders on immigration, Sen. Charles E. Schumer (N.Y.) said a national system to verify work documents is necessary because Congress has failed to crack down on unscrupulous employers and illegal immigrants with fake documents.
“I’m sure the civil libertarians will object to some kind of biometric card — although . . . there’ll be all kinds of protections — but we’re going to have to do it. It’s the only way,” Schumer said. […]
A senior White House official said Obama is open to all of Schumer’s proposals, including his ID plan, saying that “he wants to listen, he wants to talk. All of it is on the table.”
There are numerous privacy and civil liberty problems that are fundamental in the creation of a national database of fingerprints and eye scans for all U.S. workers, a database that places the burden on the individual to prove that he or she is allowed to work in this country. How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure? Who else could have access to your fingerprint and iris scans? The United States already has discussed sharing fingerprint and other biometric data of suspects with European countries. It’s a small step to opening up a national employee biometrics database to other countries.
Let’s also look at the security problems. There are several ways to compromise biometric identification systems. Individuals can use false identification at enrollment; a biometric can be altered physically, or it can be altered digitally if a person is able to break into the system. And there is the false positive problem. Currently, U.S. workers are having problems with an employment eligibility verification system using Social Security and Homeland Security error-filled databases. Several federal (pdf) government evaluations (pdf) note problems with database checks that lead to initial rejections for individuals who are legally eligible to work in the US, causing significant problems for eligible workers and their employers, who have done nothing wrong.
Last year, in an article for Scientific American, Anil K. Jain and Sharath Pankanti discussed the false positive problem with biometric data.
Experts generally agree that neither the false accept rate nor the false reject rate of a biometric authentication system should exceed 0.1 percent (that is, one mistake in 1,000 assertions of a match and one mistake in 1,000 assertions of a nonmatch). But in evaluations conducted by the National Institute of Standards and Technology between 2003 and 2006, error rates for systems based on the fingerprint, face, iris and voice—another commonly used biometric trait—all exceeded the 0.1 percent level.
Increasing the threshold score for a match can lower the false accept rates, but at the expense of increasing the false rejects. Reducing both error rates simultaneously will require developing biometric sensors that generate higher-quality images and refining the feature extractors and matchers. Designers will also need to ensure that the systems are protected against sabotage: ideally, it should be impossible for biometric data to be intercepted and reentered into the systems. And it should be impossible to tamper with the biometric hardware or software.
The authors raise several questions that I believe are important, and I hope will be discussed thoroughly as Congress debates this proposal to require all U.S. employees to submit fingerprint and iris scans in order to prove they are eligible to work in this country.
The use of biometrics raises important privacy concerns. Who owns the data—the individual or the service providers? Will those data be used for an unintended purpose—to deduce something about a person’s health, for instance? Biometric systems of the future will probably operate unobtrusively, capturing biometric traits without the active involvement of the user. Such stealth further confounds the privacy issue.