Tuesday, February 3, 2009

Privacy Rights Groups Sound Alarm Over DMV Attempt to Bypass Legislative Process

Today I get to report on something we at the CFC are directly involved in.

Let's start from the beginning of what has now been a few days of hurried activity among a coalition of organizations to stop a rather blatant attempt by the California DMV and the California Department of Finance to bypass proper legislative oversite.

On January 14th the California Department of Finance – without notifying the public – sent a letter to inform the state Joint Legislative Budget Committee that it planned to issue a new vendor contract for production of California Driver’s Licenses, ID cards and Salesperson cards starting in June of 2009.

Hidden in the fine print, the proposal called for “enhanced” biometric identification in state IDs. Unless this legislative committee objects to this plan within 30 days, the Department of Motor Vehicles will be free to begin implementing the biometric technology.

What are Biometrics?

Biometric technology is the computerized matching of an individual’s personal characteristics (like a thumbprint or facial scan) against an image or database of images. In other words, the DMV and the Department of Finance are seeking to create a massive government database of biometric information from virtually every Californian over the age of 16 without debate or review - raising significant concerns regarding the increased surveillance, monitoring and tracking of individuals.

One would expect, in light of the ongoing and intensifying debate over the REAL ID Act (a federal plan to create a national identity card based on drivers’ licenses) and the increasing number and degree of privacy violations committed by the federal government in recent years, that such a program would be fully debated, in the open, by our representatives in the State Legislature and with public comment, before it could ever be enacted.

Because no such debate has occurred, and no attention has been given to the privacy concerns such a program warrants, the Consumer Federation of California has joined organizations from across the political spectrum – including the ACLU, Liberties Union, Electronic Frontier Foundation, California Eagle Forum, Consumers Union, Privacy Activism, Privacy Rights Clearinghouse, and the World Privacy Forum - to urge the legislature to reject this request while there’s still time.

Our case against the proposal is twofold.

(1) The first is procedural: the DMV is attempting to use a routine contract renewal process to effectuate major policy changes. As the ACLU notes:

• A 30-day expedited opt-out letter to the Legislature is an inappropriate vehicle to move from photographs and thumbprints of millions of Californians to advanced facial recognition technology and biometric systems that pose a number of privacy and security concerns if not handled carefully.

The DMV does not appear to have authority to implement biometric technologies that the Legislature has considered and rejected over the years, without the issues being fully considered and addressed in policy and budget hearings.

(2) The second relates to privacy and security: the underlying proposal to use biometric technologies has yet to establish appropriate safeguards to protect against identity theft and unwarranted government snooping into our private lives.

It’s important to understand the limitations of biometrics as well as their strengths. The fact is, biometrics are easy to steal. Our fingerprints are left everywhere we touch, and our iris scans are everywhere we look.

According to experts, biometrics work only if two things can be verified by the verifier: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can't do that, it can't work.

Once again, the ACLU provides some critical insights:

Where a biometric identifier is used as a unique identifier to catalogue personal information about an individual, it would enable the surveillance, monitoring and tracking of individuals. Law enforcement currently has access to DMV’s database of more than 25 million people. It appears that the biometric thumbprints and facial scans from the DMV will be used in criminal investigations. As public and private surveillance cameras become more ubiquitous, the likelihood increases that use of facial recognition devices will go beyond legitimate criminal investigations and become a tool to track and record the movements of innocent people.

If a biometric database is hacked, an identity thief could substitute his or her fingerprints or facial scan in someone else’s file. Security of any biometric database is a paramount concern that should be addressed in a public legislative hearing process, not by massively expanding the scope of work in a routine contract renewal notice from Department of Finance.

It is far from clear that biometric imaging as proposed by DMV is required by the Real ID Act. While the Bush Administration’s Department of Homeland Security was pushing for biometric facial image capture, it did not require biometric finger printing. The Obama Administration has already committed to revisiting Real ID. Today, there is no federal impetus behind this move by the DMV.

How does California pay for the whole new system? The Department of Finance memo speaks of “significantly higher cost of doing business in the current market and economic environment” as compared to the last vendor contract issued ten years ago. At a time when California is going broke, can we afford the immediate projected costs of $4.3 million in this fiscal year, and estimates of $12.5 million per year in each subsequent year?

Which teachers and police officers will be laid off to cover the added costs of a system that the legislature never approved?

Bruce Shneier, president of Counterpane Systems, and author of Applied Cryptography, is considered to be one of the nation’s foremost experts on biometrics. In January of this year he wrote:

“We haven't yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they're not secrets.”

Schneier continues:

“One more problem with biometrics: they don't fail well. Passwords can be changed, but if someone copies your thumbprint, you're out of luck: you can't update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you're stuck. The failures don't have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities.”

Joint Legislative Budget Committee Must Reject Proposal by February 11!

Our coalition is therefore urging the Joint Legislative Budget Committee to object to the DMV’s proposal to impose sweeping new biometric technologies as an element in a renewal of a vendor contract to produce driver’s licenses and ID cards. A change of this magnitude should be a policy matter for the legislature to decide, after considering whether it is effective, affordable, and if it contains the appropriate privacy safeguards.

For more information on biometrics, check out this article by Bruce Schneier.

No comments: