ETHICAL ASPECTS OF BIOMETRICS

Rafael Capurro

 




tabula rasa

Trusted Biometrics under Spoofing Attacks
EU Project (Seventh Framework Programme)
Deliverable D7.2
Questions by Andrew P. Rebera (2011)



1. Your work on Intercultural Information Ethics addresses the impact of the move toward a global digital society on existing cultures and traditions. How significant a part of the trend toward global digitalisation do you consider biometrics?

According to The International Biometric Society, biometrics can be understood as dealing with “statistical and mathematical methods applicable to the data analysis problems in the biological sciences” as well as an “emerging field of technology devoted to identification of individuals using biological traits, such as those based on retinal or iris scanning, fingerprints, or face recognition." In other words, biometrics is about understanding and identifying living beings by applying mathematical methods which means, today, using digital technology. Digital technology is today’s horizon for understanding beings and the world itself. We live in a digital age. I call this pervading view of reality digital ontology which should not be confused with digital metaphysics, i.e., with the concept that things are made of bits or that they can be understood only from the perspective of their digitalisation. This last epistemological conception is, as you rightly remark, part of the trend toward a global digital society. Digitization has become the unquestioned basis and bias of societal life that might turn into an ideology in the political sense.

Biometrics catches digitally the stuff our bios is made of. Or I should better say zoe, since these Greek terms denotate human life from a cultural perspective (bios) as different from the life (zoe) that we share with all living beings. Biometrics deals primarily with human zoe, not with human bios. But can we clearly separate both phenomena? Aren’t biological differences, our genotype and phenotype, intimately intertwined with cultural ones? Aren’t we able to digitize all kinds of aspects of bios?

As far as we know, we are genetically one human race, even if the tree of human life is not uniform. In the course of history, humans have shaped their lives (bios) in different ways with regard to their interplay with each other and with the shared world. We are able to change our cultural as well as our biological (genetic) identity which means that we are not fully determined by natural and cultural preconditions. It is through and not independently of them that we search for universality without giving up our cultural differences.

The open and free interplay among cultures and societies regarding commonalities and differences between values and principles of social life, and not the “clash of civilizations” (Samuel Huntington), is a characteristic of human bios. The internet fosters the free interplay empowering individuals and societies in their search for better solutions to their social, economic and political needs and desires. Intercultural Information ethics provides an academic space for critical reflection on these issues.


2. What kinds of impacts do you see the increasing use of biometrics as having?

One of the impacts that concerns millions of people in their everyday lives are security controls based on different kinds of biometric devices, for instance, in airports as well in the daily work, particularly in offices located in sensitive spaces. 

Biometric identification devices, becoming more and more widespread and used for all kinds of transactions, might make people less aware of their risks, similarly to what happened, for instance, with user’s ID at the beginning of the internet some twenty five years ago. It takes time until people become acquainted with such an abstract token as digital data that reflect their identities in a digital society. We can store in all kinds of digital devices our biological imprint together with data pertaining to the life (bios) of the individual that are then potentially accessible online for whatever legal or illegal purposes. Unawareness of illegal changes in the data might have serious and unforeseeable consequences for the individual and societies.

National and international data protection laws are necessary no less than technical means in order to hinder unauthorized access to biometrical data. Educating people’s awareness must take place already in schools and family life. Not all kinds of biometrical data are necessary in every situation. A careful analysis has been done, and should be continued, of when, why and what kind of biometrical data are necessary, reasonable and appropriate for what purposes, how long such data should be available und who is legitimate to have access for what purpose. In many situations in everyday life, people have to decide and control by themselves about their digital identities. Scarcity and caution are basic issues for handling biometric data in a digital environment.

3. There is clearly a danger that anti-spoofing techniques (e.g. multi-modal systems, liveness detection, etc.) which are acceptable in one culture might be unacceptable (degrading, taboo, etc.) in others. Do you think that biometrics itself is rooted in any particular culture? What are the ethical implications of this?

Anti-spoofing techniques can be implemented for different purposes and within different cultural settings. Biometrics, as any technology, is non-neutral in the sense that it opens new choices for individuals and societies. Societies have commonalities regarding basic needs, values and rights as stated for instance in the Universal Declaration of Human Rights. At the same time, every society has a singular history no less that specific ways of life, different perceptions and articulations of the relations between human beings and the world, different attunements regarding phenomena such as life and death, social interaction, happiness, suffering, etc. Although any technological invention arises within an historical and social context, it offers choices of living to other societies. Technologies can be decontextualized and recontextualized. This is already the case for individuals choosing and using technologies according to personal preferences, age, gender, etc. What technologies ‘are.’ i.e., their specific relevance for individual and societal life (bios), depends upon recontextualization.

The task of ethics or moral philosophy is to critically analyze values and principles underlying moral customs that might be challenged, for instance, by technological developments. Biometrics arises within a digital culture that has roots in the history of Western philosophy and science. Nonetheless, as digital culture became widespread due particularly to the internet, biometric techniques might appear prima facie as neutral, since they can be used for ‘good’ or ‘bad’ purposes. But this concept of neutrality overlooks that any technology changes the relation between human beings and the world and is, in this sense, non-neutral. Such changes can collide with established moral and/or legal rules and values, no less than with political, social and economic power structures. There are many examples of ethical challenges arising from the changes brought about from, for instance, i-phones, blogs, wikis, and other kinds of digital communication devices. Individuals no less than societies might try to make sense of these developments while referring to and relying on established mores and laws. They might choose and use new technologies uncritically, without being aware of their influence on human self-understanding. Eventually, they might also try to critically reflect on established values and preferences with regard to the use of new technologies, particularly to the changes in their self-understanding as humans as well as in their relations to other human beings and to the world they share.

It is evident that biometrics having impact on the perception and digital manipulation of human identity, has broad ethical implications regarding ethical principles and values and the ways people shape their lives. Biometrics might allow people to solve some social problems but it can also be used to manipulate people, threatening established moral and legal “immune systems,” a term coined in this context by the German philosopher, Peter Sloterdijk. Social immune system are boundaries, mechanisms and rules of social life, historically grown, based on experiences of oppression and liberation as well as on geographic and historical peculiarities These peculiarities give rise to different degrees of individual and social sensitiveness regarding what is acceptable, desirable or repudiated. Societies might agree on abstract principles and values, but might disagree with regard to the understanding of a particular technology in a particular context or use as related to such values and principles. A pragmatic solution of intercultural ethical and legal conflicts regarding the understanding of decontextualized principles and values might be possible, although the reasons for accepting or not a specific application might differ.

In any case, biometrics addresses issues of individual and social identity as well as of the degree of autonomy individuals might have by using them within different settings and for different purposes. The question: ‘who am I?’ or as who I might be addressed and as who I must or want be seen or as who I am seen by others (individuals as well as institutions) within a social interplay is a key ethical and legal issue that should be carefully and critically analyzed in view of the ethical values at stake in different contexts and situations.

4. Attempting to spoof certain biometric systems is obviously illegal (e.g. border control). Is spoofing itself inherently wrong? Why?

If we define spoofing attack “in the context of network security” as “a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage,” (Wikipedia) then spoofing is obviously not only illegal but inherently wrong, because it does not respect the autonomy of the other social player(s) or, in Kantian terms, the spoofing agent uses the other “merely” as a means (for whatever purposes) and not as an end in itself. In ethical and legal terms, developing techniques for countering spoofing attacks on biometric systems means protecting the individual and social immune system in a digital environment, as with, for instance, anti-virus software. There is also the possibility in which one person masquerades as another by falsifying data in order not to be subject to certain data collection, or just aiming at being anonymous for whatever reasons, using, for instance, a pseudonym. Anonymity is a phenomenon that has special characteristics in modern times particularly in big cities. It is not inherently wrong but depends on the context and purpose for which it is being used such as to veil oneself (or other person) in order to prevent harm. The concept of spoofing in the sense of using a false identity with the intension of causing harm should be distinguished from other legitimate possibilities of veiling one’s identity if their intent is not to deceive and/or defraud.

5. Could there be any circumstances in which it was morally justifiable, or even morally obligatory, to spoof an identification system? If so, what might these circumstances be?

Any social immune system that is created in order to protect the life and well-being of an individual or of a society might turn into a danger for the system if it remains inflexible when the individual or the society is confronted with exceptional challenges. To ‘spoof’ or, in order to avoid a terminological and conceptual misunderstanding, to use a false identity might be justified by the Rule of Law (in principle or by exception) in order to unveil a person or a group of persons who are misusing societal rules for criminal purposes. The key question is then how far and within which limits this can (or even should) be used as a legal instrument. Situations such as war, terrorist attacks or the unveiling of a network of children pornography are circumstances that can make identity veiling morally and legally justifiable or obligatory following a thorough weighing of values and principles that cannot be decided a priori. Once such legal identity veiling has taken place, its goal being neither to deceive, to defraud or to take personal advantage of the other is achieved, it is important in a democratic society that the weighing process, as far as it was not publicly done for obvious reasons, becomes public and the object of critical analysis.

6. One could approach the problem of spoofing in two ways: (1) as a practical problem, in which case anti-spoofing techniques are primarily aimed at increasing system performance; or (2) as an ethical/legal problem, in which case anti-spoofing techniques are primarily aimed at preventing or identifying fraudulent activities. How do you think these two approaches interact? What ethical issues are raised here?

Anti-spoofing techniques might create a social atmosphere of mistrust or just make social interaction more complex and expensive, even giving rise to unreasonable suspicion leading to mechanisms of over-control or over-surveillance similarly to what happens in a real-life environment when people protect their property with all kinds of defence devices that might lead wrong-doers to the suspicion that something very valuable is behind the walls. If over-surveillance becomes widespread, the societal problem giving rise to it cannot be solved with more security measures alone, but by addressing the social problems themselves. In other words, there is an ethical and legal question of balance between trust and security that must be addressed by a careful analysis of the context and the goals of the networks and systems at stake that are to be protected. Creating mechanisms that enhance trust might be as useful and ethically important as using anti-spoofing techniques. It might even be cheaper.

The question of social attunement is primarily an ethical one. It cannot be solved by law, although it can be supported by it. It is also not originally the product of any kind of purposely achieved social contract, but quite the contrary: any social contract rests on a presupposed free social interplay that makes such a contract among free players possible. If the free social interplay deteriorates for whatever reasons, then no technical means or legal interventions alone might be able to restore it. In these cases, societies must dig deeper into their presuppositions in order to address the challenges at stake. Critical times are opportunities for societies to question deteriorated immune systems and find out which values they consider as outdated, which ones should be addressed from a different perspective and which ones are new and worthy of being integrated into a better life.

Biometric systems concern social and ethical issues such as transparency, communication, digitization and digital interaction, efficiency and effectiveness of social transactions, security, autonomy, and social flexibility. Spoofing attacks might induce individuals and society to delimit and weigh ethical values and options for a better social interplay by choosing more secrecy and less transparency, defence mechanisms over communication, security and safety over efficiency and effectiveness, or reducing autonomy and social flexibility. It is evident that such ethical and legal weighing imply that reasons for decisions can change according to different contexts and goals, and that every decision implies a risk and an opportunity in the one or other direction. There is no permanent and stable foundation for the social interplay. The social awareness of this basic insecurity is the first step for avoiding fundamentalisms or fantasies regarding technical security measures, including the fantasy of a society as a mere product of a social contract that overlooks that any contract and the reasons thereof are based on a free, groundless and hence risky interplay that the contract is supposed to protect, not to create.  Reason is a necessary but not a sufficient condition for a humane society; reason cannot set up a free society. The other condition is (risky) freedom itself. Society should look for good reasons to use biometric devices to protect its immune systems — without moving step by step or precipitously to a reduction or even annihilation of liberty by protecting the systems while misusing anti-spoofing techniques to increase surveillance of the citizens.

7. How do biometric technologies alter the ways in which humans and machines/technologies interact? Is the way in which a biometric system ‘recognises’ someone at all akin to the way in which one person recognises another? What are the ethical issues here?
 

Biometric technologies identify humans from a digital perspective that has been programmed into the software. When humans act in a digital medium, they interact on the same premises as pertain for today’s interactions on the internet. The question of ‘recognition’ concerns the perspective as what humans define themselves. A person-to-person recognition might happen as a mutual digital recognition. But putting ‘recognition’ in scare quotes signals that there is a difference between a human-human encounter and a human-machine interaction. If a human-human encounter takes place on the premises of digital identity, it is not reduced or exhausted by this perspective. As I already pointed out, there is a tendency within our present digital society to consider such a kind of interaction to be, if not the only, then at least a very important one. This might lead to situations in which other possibilities of human-human encounter are devalued or even excluded in everyday life, leading through this impoverishment to severe psychological individual and social problems. Internet addiction, information overload, bullying gossip, spoofing attacks and other pathological symptoms of digital information societies clearly demonstrate the ethical issues at stake (See Capurro 2010). Biometric systems might increase individual and social security, but they might also contribute to decreasing the sensibility for other perspectives on human-human interaction based on trust and free recognition. In both cases of human-human encounter, we are dealing with similar problems of veiling, disguising and bluffing which are not per se ethically negative.

 

8. Biometric systems are potentially intrusive and invasive of privacy, and as anti-spoofing techniques are added, this potential only increases. Is there a need for regulation of the biometrics industry? If so what form should that take?

An unregulated use of anti-spoofing techniques might exacerbate social mistrust and the trend toward a surveillance society. The biometrics industry should carefully and circumspectly inform users about the reasons for using (or not using) various kinds of anti-spoofing techniques that are potentially intrusive or invasive of privacy. There is a need for legal regulation regarding, for instance, the export of anti-spoofing techniques to non-democratic countries. As already explained, spoofing can be seen as a means for individuals to protect their privacy. The same can be said with regard to anti-spoofing techniques that can be used by individuals to unveil wrong-doers in cases in which this is not done ex officio by the state power or even against the state power when this is of oppressive nature. Therefore there is need for continuously adapting existing legal national and international frameworks to new developments in the field of biometrics as well as to new political and social developments and situations. The biometrics industry should be ethically sensitive about the different uses and misuses of spoofing and anti-spoofing techniques.

 

9. Could a perfectly un-spoofable system be morally justified? What are the risks here? Should there always – on principle – be the possibility of somebody evading identification?

There are no perfect technical systems. The tendency towards ‘complete’ security means in the long run a tendency towards decreasing social trust, creating secret systems and a society based on secrecy instead of trust and transparency. From this perspective, biometric systems are paradoxical: they increase the digital transparency of agents (humans or not) in the information society while at the same time promoting manipulation, disguising, concealment, blurring, and bluffing. Dealing with this paradox is a major issue for information ethics. The illusion of a completely transparent and open society is no less dangerous than that of a society based on secrecy and security, over-protecting itself against potential spoofing attacks. Forms and degrees of social freedom within and between societies should be the subject of international and intercultural technical, ethical and legal discussion as a way of engendering trust and confidence by protecting the room for play of individual and social freedom.


Acknowledgements: The author thanks Michael Eldred (Cologne) and Daniel Nagel (Stuttgart) for their critical remarks.

Last update: May  9, 2014


 
    

Copyright © 2012 by Rafael Capurro, all rights reserved. This text may be used and shared in accordance with the fair-use provisions of U.S. and international copyright law, and it may be archived and redistributed in electronic form, provided that the author is notified and no fee is charged for access. Archiving, redistribution, or republication of this text on other terms, in any medium, requires the consent of the author.

 

 
Back to Digital Library
 
Homepage Research Activities
Publications Teaching Video/Audio