1. Your work on Intercultural Information Ethics
addresses the impact of the move toward a global digital society on
existing
cultures and traditions. How significant a part of the trend toward
global
digitalisation do you consider biometrics?
According
to The
International
Biometric Society, biometrics can be understood as
dealing
with “statistical and mathematical methods applicable to the data
analysis
problems in the biological sciences” as well as an “emerging field of
technology devoted to identification of individuals using biological
traits,
such as those based on retinal or iris scanning, fingerprints, or face
recognition." In other words, biometrics is about understanding and
identifying
living beings
by applying mathematical methods which means, today, using digital
technology.
Digital technology is today’s horizon for understanding beings and the
world
itself. We live in a digital age. I call this pervading view of reality
digital ontology which should not be
confused with digital metaphysics, i.e., with the concept that things
are made of
bits or that they can be understood only
from the perspective of their digitalisation. This last epistemological
conception is, as you rightly remark, part of the trend toward a global
digital
society. Digitization has become the unquestioned basis and bias of
societal
life that might turn into an ideology in the political sense.
Biometrics
catches digitally the stuff our bios
is made of. Or I should better say zoe,
since these Greek terms denotate human life from a cultural perspective
(bios) as different from the life (zoe)
that we share with all living
beings. Biometrics deals primarily with human zoe, not
with human bios.
But can we clearly separate both phenomena? Aren’t biological
differences, our
genotype and phenotype, intimately intertwined with cultural ones?
Aren’t we
able to digitize all kinds of aspects of bios?
As far
as we know, we are genetically one human race, even if the tree of
human life
is not uniform. In the course of history, humans have shaped their
lives (bios) in different ways with regard to
their interplay with each other and with the shared world. We are able
to
change our cultural as well as our biological (genetic) identity which
means
that we are not fully determined by natural and cultural preconditions.
It is through and not independently of them
that we search for universality
without giving up our cultural differences.
The
open and free interplay among cultures and societies regarding
commonalities
and differences between values and principles of social life, and not
the
“clash of civilizations” (Samuel Huntington), is a characteristic of
human bios. The internet fosters the free
interplay empowering individuals and societies in their search for
better
solutions to their social, economic and political needs and desires.
Intercultural Information ethics provides an academic space for
critical
reflection on these issues.
2.
What kinds of impacts do you see the increasing use of biometrics as
having?
One of
the impacts that concerns millions of people in their everyday lives
are
security controls based on different kinds of biometric devices, for
instance,
in airports as well in the daily work, particularly in offices located
in
sensitive spaces.
Biometric
identification devices, becoming more and more widespread and used for
all
kinds of transactions, might make people less aware of their risks,
similarly
to what happened, for instance, with user’s ID at the beginning of the
internet
some twenty five years ago. It takes time until people become
acquainted with
such an abstract token as digital data that reflect their identities in
a
digital society. We can store in all kinds of digital devices our
biological
imprint together with data pertaining to the life (bios)
of the individual that are then potentially accessible online
for whatever legal or illegal purposes. Unawareness of illegal changes
in the
data might have serious and unforeseeable consequences for the
individual and
societies.
National
and international data protection laws are necessary no less than
technical
means in order to hinder unauthorized access to biometrical data.
Educating
people’s awareness must take place already in schools and family life.
Not all
kinds of biometrical data are necessary in every situation. A careful
analysis
has been done, and should be continued, of when, why and what kind of
biometrical data are necessary, reasonable and appropriate for what
purposes,
how long such data should be available und who is legitimate to have
access for
what purpose. In many situations in everyday life, people have to
decide and
control by themselves about their digital identities. Scarcity and
caution are
basic issues for handling biometric data in a digital environment.
3.
There is clearly a danger that anti-spoofing techniques (e.g.
multi-modal
systems, liveness detection, etc.) which are acceptable in one culture
might be
unacceptable (degrading, taboo, etc.) in others. Do you think that
biometrics
itself is rooted in any particular culture? What are the ethical
implications
of this?
Anti-spoofing
techniques can be implemented
for different purposes and within different cultural settings.
Biometrics, as
any technology, is non-neutral in the sense that it opens new choices
for
individuals and societies. Societies have commonalities regarding basic
needs,
values and rights as stated for instance in the Universal Declaration
of Human
Rights. At the same time, every society has a singular history no less
that
specific ways of life, different perceptions and articulations of the
relations
between human beings and the world, different attunements regarding
phenomena
such as life and death, social interaction, happiness, suffering, etc.
Although
any technological invention arises within an historical and social
context, it
offers choices of living to other societies. Technologies can be
decontextualized and recontextualized. This is already the case for
individuals
choosing and using technologies according to personal preferences, age,
gender,
etc. What technologies ‘are.’ i.e., their specific relevance for
individual and
societal life (bios), depends upon
recontextualization.
The
task of ethics or moral philosophy is to
critically analyze values and principles underlying moral customs that
might be
challenged, for instance, by technological developments. Biometrics
arises
within a digital culture that has roots in the history of Western
philosophy
and science. Nonetheless, as digital culture became widespread due
particularly
to the internet, biometric techniques might appear prima
facie as neutral, since they can be used for ‘good’ or ‘bad’
purposes. But this concept of neutrality overlooks that any technology changes the relation between human
beings and the world and is, in this sense, non-neutral. Such changes
can
collide with established moral and/or legal rules and values, no less
than with
political, social and economic power structures. There are many
examples of
ethical challenges arising from the changes brought about from, for
instance,
i-phones, blogs, wikis, and other kinds of digital communication
devices.
Individuals no less than societies might try to make sense of these
developments while referring to and relying on established mores
and laws. They might choose and use new technologies
uncritically, without being aware of their influence on human
self-understanding. Eventually, they might also try to critically
reflect on
established values and preferences with regard to the use of new
technologies,
particularly to the changes in their self-understanding as humans as
well as in
their relations to other human beings and to the world they share.
It
is evident that biometrics having impact
on the perception and digital manipulation of human identity, has broad
ethical
implications regarding ethical principles and values and the ways
people shape
their lives. Biometrics might allow people to solve some social
problems but it
can also be used to manipulate people, threatening established moral
and legal
“immune systems,” a term coined in this context by the German
philosopher,
Peter Sloterdijk. Social immune system are boundaries, mechanisms and
rules of
social life, historically grown, based on experiences of oppression and
liberation as well as on geographic and historical peculiarities These
peculiarities give rise to different degrees of individual and social
sensitiveness regarding what is acceptable, desirable or repudiated.
Societies
might agree on abstract principles and values, but might disagree with
regard
to the understanding of a particular technology in a particular context
or use as
related to such values and principles. A pragmatic solution of
intercultural
ethical and legal conflicts regarding the understanding of
decontextualized
principles and values might be possible, although the reasons for
accepting or
not a specific application might differ.
In
any case, biometrics addresses issues of
individual and social identity as well as of the degree of autonomy
individuals
might have by using them within different settings and for different
purposes.
The question: ‘who am I?’ or as who I might be addressed and as who I
must or
want be seen or as who I am seen by others (individuals as well as
institutions) within a social interplay is a key ethical and legal
issue that
should be carefully and critically analyzed in view of the ethical
values at
stake in different contexts and situations.
4.
Attempting to spoof certain biometric systems is obviously illegal
(e.g. border
control). Is spoofing itself inherently wrong? Why?
If
we define spoofing attack “in the context
of network security” as “a situation in which one person or program
successfully masquerades as another by falsifying data and thereby
gaining an
illegitimate advantage,” (Wikipedia)
then
spoofing is obviously not only illegal but inherently wrong, because it
does
not respect the autonomy of the other social player(s) or, in Kantian
terms,
the spoofing agent uses the other “merely” as a means (for whatever
purposes)
and not as an end in itself. In ethical and legal terms, developing
techniques
for countering spoofing attacks on biometric systems means protecting
the
individual and social immune system in a digital environment, as with,
for
instance, anti-virus software. There is also the possibility in which
one
person masquerades as another by falsifying data in order not to be
subject to
certain data collection, or just aiming at being anonymous for whatever
reasons, using, for instance, a pseudonym. Anonymity is a phenomenon
that has
special characteristics in modern times particularly in big cities. It
is not
inherently wrong but depends on the context and purpose for which it is
being
used such as to veil oneself (or other person) in order to prevent
harm. The
concept of spoofing in the sense of
using a false identity with the intension of causing harm should be
distinguished from other legitimate possibilities of veiling one’s
identity if
their intent is not to deceive and/or defraud.
5.
Could there be any circumstances in which it was morally justifiable,
or even
morally obligatory, to spoof an identification system? If so, what
might these
circumstances be?
Any
social immune system that is created in
order to protect the life and well-being of an individual or of a
society might
turn into a danger for the system if it remains inflexible when the
individual
or the society is confronted with exceptional challenges. To ‘spoof’
or, in
order to avoid a terminological and conceptual misunderstanding, to use
a false
identity might be justified by the Rule of Law (in principle or by
exception) in
order to unveil a person or a group of persons who are misusing
societal rules
for criminal purposes. The key question is then how far and within
which limits
this can (or even should) be used as a legal instrument. Situations
such as
war, terrorist attacks or the unveiling of a network of children
pornography
are circumstances that can make identity veiling morally and legally
justifiable or obligatory following a thorough weighing of values and
principles that cannot be decided a priori. Once such legal identity
veiling
has taken place, its goal being neither to deceive, to defraud or to
take
personal advantage of the other is achieved, it is important in a
democratic
society that the weighing process, as far as it was not publicly done
for
obvious reasons, becomes public and the object of critical analysis.
6.
One could approach the problem of spoofing in two ways: (1) as a
practical
problem, in which case anti-spoofing techniques are primarily aimed at
increasing system performance; or (2) as an ethical/legal problem, in
which
case anti-spoofing techniques are primarily aimed at preventing or
identifying
fraudulent activities. How do you think these two approaches interact?
What
ethical issues are raised here?
Anti-spoofing
techniques might create a
social atmosphere of mistrust or just make social interaction more
complex and
expensive, even giving rise to unreasonable suspicion leading to
mechanisms of
over-control or over-surveillance similarly to what happens in a
real-life
environment when people protect their property with all kinds of
defence
devices that might lead wrong-doers to the suspicion that something
very
valuable is behind the walls. If over-surveillance becomes widespread,
the
societal problem giving rise to it cannot be solved with more security
measures
alone, but by addressing the social problems themselves. In other
words, there
is an ethical and legal question of balance between trust and security
that
must be addressed by a careful analysis of the context and the goals of
the
networks and systems at stake that are to be protected. Creating
mechanisms
that enhance trust might be as useful and ethically important as using
anti-spoofing techniques. It might even be cheaper.
The
question of social attunement is
primarily an ethical one. It cannot be solved by law, although it can
be
supported by it. It is also not originally the product of any kind of
purposely
achieved social contract, but quite the contrary: any social contract
rests on
a presupposed free social interplay that makes such a contract among
free
players possible. If the free social interplay deteriorates for
whatever
reasons, then no technical means or legal interventions alone might be
able to
restore it. In these cases, societies must dig deeper into their
presuppositions in order to address the challenges at stake. Critical
times are
opportunities for societies to question deteriorated immune systems and
find
out which values they consider as outdated, which ones should be
addressed from
a different perspective and which ones are new and worthy of being
integrated
into a better life.
Biometric
systems concern social and ethical
issues such as transparency, communication, digitization and digital
interaction, efficiency and effectiveness of social transactions,
security,
autonomy, and social flexibility. Spoofing attacks might induce
individuals and
society to delimit and weigh ethical values and options for a better
social
interplay by choosing more secrecy and less transparency, defence
mechanisms
over communication, security and safety over efficiency and
effectiveness, or
reducing autonomy and social flexibility. It is evident that such
ethical and
legal weighing imply that reasons for decisions can change according to
different contexts and goals, and that every decision implies a risk
and an
opportunity in the one or other direction. There is no permanent and
stable
foundation for the social interplay. The social awareness of this basic
insecurity is the first step for avoiding fundamentalisms or fantasies
regarding technical security measures, including the fantasy of a
society as a
mere product of a social contract that overlooks that any contract and
the
reasons thereof are based on a free, groundless and hence risky
interplay that
the contract is supposed to protect, not to create.
Reason is a necessary but not a sufficient
condition for a humane society; reason cannot set up a free society.
The other
condition is (risky) freedom itself. Society should look for good
reasons to
use biometric devices to protect its immune systems — without moving
step by step
or precipitously to a reduction or even annihilation of liberty by
protecting
the systems while misusing anti-spoofing techniques to increase
surveillance of
the citizens.
7.
How do biometric technologies alter the ways in which humans and
machines/technologies
interact? Is the way in which a biometric system ‘recognises’ someone
at all
akin to the way in which one person recognises another? What are the
ethical
issues here?
Biometric
technologies identify humans from
a digital perspective that has been programmed into the software. When
humans
act in a digital medium, they interact on the same premises as pertain
for
today’s interactions on the internet. The question of ‘recognition’
concerns
the perspective as what humans define
themselves. A person-to-person recognition might happen as a mutual
digital
recognition. But putting ‘recognition’ in scare quotes signals that
there is a
difference between a human-human encounter and a human-machine
interaction. If
a human-human encounter takes place on the premises of digital
identity, it is
not reduced or exhausted by this perspective. As I already pointed out,
there
is a tendency within our present digital society to consider such a
kind of
interaction to be, if not the only, then at least a very important one.
This
might lead to situations in which other possibilities of human-human
encounter
are devalued or even excluded in everyday life, leading through this
impoverishment to severe psychological individual and social problems.
Internet
addiction, information overload, bullying gossip, spoofing attacks and
other
pathological symptoms of digital information societies clearly
demonstrate the
ethical issues at stake (See Capurro
2010). Biometric systems might increase
individual and social security, but
they might
also contribute to decreasing the sensibility for other perspectives on
human-human interaction based on trust and free recognition. In
both cases
of human-human encounter, we are dealing with similar problems of
veiling,
disguising and bluffing which are not per
se ethically negative.
8.
Biometric systems are potentially intrusive and invasive of privacy,
and as
anti-spoofing techniques are added, this potential only increases. Is
there a
need for regulation of the biometrics industry? If so what form should
that
take?
An
unregulated use of anti-spoofing
techniques might exacerbate social mistrust and the trend toward a
surveillance
society. The biometrics industry should carefully and circumspectly
inform
users about the reasons for using (or not using) various kinds of
anti-spoofing
techniques that are potentially intrusive or invasive of privacy. There
is a
need for legal regulation regarding, for instance, the export of
anti-spoofing
techniques to non-democratic countries. As already explained, spoofing
can be
seen as a means for individuals to protect their privacy. The same can
be said
with regard to anti-spoofing techniques that can be used by individuals
to
unveil wrong-doers in cases in which this is not done ex
officio by the state power or even against the state power when
this is of oppressive nature. Therefore there is need for continuously
adapting
existing legal national and international frameworks to new
developments in the
field of biometrics as well as to new political and social developments
and
situations. The biometrics industry should be ethically sensitive about
the
different uses and misuses of spoofing and anti-spoofing techniques.
9.
Could a perfectly un-spoofable system be morally justified? What are
the risks
here? Should there always – on principle – be the possibility of
somebody
evading identification?
There
are no perfect technical systems. The
tendency towards ‘complete’ security means in the long run a tendency
towards
decreasing social trust, creating secret systems and a society based on
secrecy
instead of trust and transparency. From this perspective, biometric
systems are
paradoxical: they increase the digital transparency of agents (humans
or not)
in the information society while at the same time promoting
manipulation, disguising,
concealment, blurring, and bluffing. Dealing with this paradox is a
major issue
for information ethics. The illusion of a completely transparent and
open
society is no less dangerous than that of a society based on secrecy
and
security, over-protecting itself against potential spoofing attacks.
Forms and
degrees of social freedom within and between societies should be the
subject of
international and intercultural technical, ethical and legal discussion
as a
way of engendering trust and confidence by protecting the room for play
of
individual and social freedom.
Acknowledgements
The
author thanks Michael Eldred
(Cologne) and Daniel
Nagel (Stuttgart) for their critical
remarks.
