Thumbs up for the biometric passport?
A case study on public opinions regarding the gathering and storage of biometric data of the Dutch passport
Master Thesis Political Science – International Relations
Name: Paulien Sijken Student Number: 10462562
Specialisation: European Security Politics Supervisor: Dr. Stephanie Simon
Second Reader: Dr. Julien Jeandesboz Submission Date: September 30, 2014
“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”
Benjamin Franklin, 1755
Acknowledgements
I would like to thank first my thesis advisor Dr. Stephanie Simon for her support and comments on my earlier writings. Second, I would like to thank my study advisor Geertje Haverkamp for believing in me and her endless support in times when I thought I was physically unable to write this thesis. Furthermore I would like to thank Wout for being there always when I need him. His care, encouragement, and support gave me the strength to write this thesis. Also I would like to thank my parents, brother and sister for their endless support and trust. They made me believe in my goals in the first place. In addition I would like to thank Jorrit for his help concerning the content of the thesis. When I could not see the wood for the trees, he showed me how to focus and have faith in my ideas. Finally I would like to thank my dear friends and study mates Lisanne, Fnaan and Lotte for their support and the sharing of their personal experiences.
Table of contents
Acknowledgements...3
List of Abbreviations ...6
1 Introduction ...7
1.1 Introduction to the topic ...7
1.2 Relevance, aim and motivation ...8
1.3 Central question and research questions ...9
1.4 Methodology ...10
1.5 Reading guide ...10
2 Literature review...11
2.1 Introduction...11
2.2 Changing power of states and new global risks...11
2.3 The development of biometric technology as a data-‐gathering technique ...14
2.4 Privacy and biometric data ...17
2.4.1 Definition of privacy...17
2.4.2 Privacy expansions...17
2.4.3 Debate privacy and biometric data ...18
2.5 Function creep...20
2.6 Securitization ...22
2.7 Social sorting...24
2.8 Conclusion ...26
3 Methodology...27
3.1 Type of research and research population ...27
3.2 Data gathering ...27
3.3 Data analysis...28
3.4 Validity, reliability and limitations ...28
4 Public opinions about the biometric passport ...30
4.1 Introduction...30
4.2 The gathering and storage of biometric data passport of the Dutch passport ...30
4.3 Function creep as a public concern ...33
4.4 Securitization as a public concern ...36
4.5 Social sorting as a public concern ...39
5 Conclusion...43
5.1 Introduction...43
5.2 Answers to the research questions ...44
5.3 Discussion and recommendations...46
Bibliography ...47
Appendices...53
Appendix 1 Semi-‐structured interview questions ...53
Appendix 2 Transcribed interviews ...55
Interview 1...55 Interview 2...60 Interview 3...66 Interview 4...70 Interview 5...74 Interview 6...79 Interview 7...83 Interview 8...88 Interview 9...95 Interview 10...99
List of Abbreviations
BOF Bits of Freedom
BPR Basisadministratie Persoonsgegevens en Reisdocumenten
D66 Democraten 66
ECHR European Convention on Human Rights ECJ European Court of Justice
G8 Group of Eight
ICAO International Civil Aviation Organization PvdA Partij van de Arbeid
PvdD Partij voor de Dieren
RFID Radio Frequency Identification SIS Schengen Information System SP Socialistische Partij
SWIFT Society for Worldwide Interbank Financial Telecommunication TFTP Terrorist Financial Tracking Program
UK United Kingdom
US United States
US-‐VISIT United States Visitor and Immigrant Status Indicator Technology
VVD Volkspartij voor Vrijheid en Democratie
WRR Wetenschappelijke Raad voor het Regeringsbeleid
1 Introduction
1.1 Introduction to the topic
The last decades has seen a growth in technologies and government policies regarding the gathering and storage of biometric data of citizens (Walker, 2012:197-‐198). Biometrics became an important security mechanism including characteristics such as fingerprints and facial recognition (Schouten & Jacobs, 2009:305). The FBI1 defines these traits as “measurable biological and behavioral characteristics that can be used for automated recognition” (Website FBI, 2014).
This growth has often been a subject for academic research in the field of security studies. Moreover, studies have been conducted regarding how biometric data collected for one purpose might be used for other purposes which increases the surveillances on citizens more than was considered originally acceptable, also referred to as function creep in the literature (Dahl & Sætnan, 2009:84). Moreover, studies have been conducted about how governments might present an issue as an existential threat in order to legitimize exceptional measures for surveillance, such as the gathering and storage of biometric data. This is known in the literature as securitization (Buzan & Hansen, 2009:214). Also, studies have been conducted regarding how governments might use collected (biometric) data to classify and categorize populations and persons for risk assessment and management, also referred to as social sorting (Lyon, 2001:172).
There has been a lack of empirical studies though, regarding what citizens actually think of the gathering and storage of biometric data. This also applies to the introduction of the gathering and storage of biometric data of the Dutch passport. In this case, the arguments of the government were mainly focused though on whether the safety of the storage of biometric data can be safeguarded, but not on the question whether the storage of biometric data itself is not an infringement on the privacy of citizens (Website Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, 2014). Moreover, since the implementation of the biometric passport, it seems that public opinions of citizens regarding the gathering and storage of their biometric data have not been properly researched.
1 Federal Bureau of Investigation
Government reports claiming that citizens are positive about the use of biometrics do not provide us with the actual studies and there are rumors saying that certain important results and conclusions are left out in the reports (Böhre, 2010:43). For instance, although an agency of the Ministry of the Interior and Kingdom Relations (BPR2) says to have analyzed the (according to them positive) opinions of citizens in 2003 regarding the gathering and storage of biometric data of the biometric passport, Vincent Böhre speaking on behalf of the Scientific Council for Government Policy (WRR3) argues that conclusions from this research cannot be used since they are not reliable. He states that sources of any proper analysis and important numbers are missing (Ibidem:43). Besides, this actual analysis by the BPR has never been made public. Furthermore, documents from the Dutch government and House of Representatives, websites of pressure groups, scholarly articles and newspaper articles do address privacy concerns, but a research on the actual opinions of the public was not found. Being aware of and dealing with public opinions regarding the gathering and storage of biometric data might lead to more successful and accepted implementations of government policies and could be an interesting topic for the academic field of security studies, which lacks as explained earlier, empirical knowledge about such public opinions. Hence, the introduction of the gathering and storage of biometric data of Dutch passports offers an excellent case study to further this knowledge. This, because it is unclear what and what can explain Dutch public opinions on the gathering and storage of biometric data of the Dutch passport regarding its privacy implications, the problem statement of this thesis. In this thesis ‘public opinion’ means “an aggregate of the individual views, attitudes, and beliefs about a particular topic, expressed by a significant proportion of a community” (Website Encyclopædia Britannica, 2014).
1.2 Relevance, aim and motivation
First of all, this research has academic relevance, because it can provide empirical knowledge regarding public opinions of the gathering and storage of biometric data and how theoretical concepts such as function creep, securitization and social sorting can be applied to the perception of citizens. Moreover, this research is relevant for Dutch society, since there has not been made a thorough analysis yet of the Dutch public opinions on the
2 Basisadministratie Persoonsgegevens en Reisdocumenten 3 Wetenschappelijke Raad voor het Regeringsbeleid
gathering and storage of biometric data of the biometric passport. The aim of this thesis is in the first place to contribute to the knowledge in the field of security studies about public opinions of citizens regarding the gathering and storage of public data, by applying concepts of security studies such as function creep, securitization and social sorting. Moreover, this thesis has the societal aim to show what the Dutch public opinions are on the gathering and storage of biometric data of the biometric passport regarding its privacy implications, in order to fill in a gap of knowledge of the government regarding this.
1.3 Central question and research questions
In order to fulfill the research aims of this research, the following central question was formulated:
What are and what can explain Dutch public opinions on the gathering and storage of biometric data of the biometric passport regarding its privacy implications?
In order to answer this central question, first of all a literature review was conducted with the aim to answer the following literature questions:
1) What is the role of information and new global risks for the power of states?
2) What are contemporary developments in the gathering and storage of biometric data?
3) What are academic debates regarding privacy and the gathering and storage of biometric data?
4) What is known according to the literate in security studies about function creep, securitization and social sorting?
Subsequently, based on the literature review, the following empirical questions were formulated in order to answer the central question of this research:
1) What is the context of the gathering and storage of biometric data of the Dutch passport?
2) Is it, and if so why, a public concern that the gathering and storage of biometric data of the Dutch passport may be used for function creep?
3) Is it, and why, a public concern that the gathering and storage of biometric data of the Dutch passport might have been legitimized by the government by securitization?
4) Is it, and if so why, a public concern that the gathering and storage of biometric data of the Dutch passport may be used for social sorting?
1.4 Methodology
Besides doing a literature review inciting a theoretical and conceptual framework for the research, a qualitative case study was conducted with data collected from ten semi-‐ structured interviews with people from the municipality of Amsterdam. This data was triangulated with data gathered from desk research. The desk research was mainly executed by exploring information on pressure groups concerning their main points on civil rights, on political debates, using documents from the Dutch parliament and the WRR and on election programs. An inductive approach was used in order to keep an open mind on the topic so that new ideas, concepts or theories could emerge out of the data. After the interviews were written out and analyzed with the use of a qualitative software analysis program, and after the results were triangulated with the data of the desk research, the findings were analyzed in relation to the literature in the literature review. The methodology of this research will be discussed more extensively in chapter three.
1.5 Reading guide
To meet the objectives of the research, this thesis contains several chapters. The second chapter of the thesis gives an insight into the theoretical and conceptual framework by answering the literature questions of this thesis. Subsequently, in chapter three the research methodology will be described. Chapter four presents the case study of Dutch public opinions regarding the gathering and storage of biometric data of the Dutch passport. Finally, conclusions are drawn and discussed in chapter five. In this chapter an answer is given to the central question and the research questions and suggestions for further research will be given.
2 Literature review
2.1 Introduction
In this chapter a literature review is conducted in order to evaluate the established knowledge and ideas regarding the thesis topic area. First the changing power of states and new global risks will be discussed in order to show why states increasingly implement data gathering methods. It points to the increasing importance of information gathering by states. Furthermore, this chapter describes the development and the use of biometric technology as a means for gathering information on citizens. Subsequently privacy will be conceptualized, in order to get a better understanding of the privacy issues concerning the use of biometric data. Finally, after these issues are addressed the theories function creep, securitization and social sorting are conceptualized in order to show their relation to the privacy debate.
2.2 Changing power of states and new global risks
In order to answer the central question of this thesis, it is important to understand the changing impact of states on citizens due to changes in the nature of power of states from military power to dominance over information and knowledge.
In the course of this century, the notion of power of states has changed. Already Max Weber noted how the power of states is changing by rationalizing and compartmentalizing all aspects of society and citizens through information flows of bureaucratic procedures (Koshul, 2005). Similarly, Michel Foucault stresses how through the concept of ‘biopower and biopolitics’, modern nation states take control on their subject by using many different techniques to gain control of bodies and populations (Foucault, 1976:140).
Power used to be expressed principally in the ability to exercise violence. The monopoly of physical violence, held by the state, has been the main expression of power relationships (Castells, 2000:8). However, due to the contemporary importance of information and technology (discussed below) it is too limited to express power just by a state’s ability to exercise violence.
The power of a state has been traditionally measured by it military capabilities. However, modern theories in for example security studies, show that things such as the peaceful
ending of the Cold War, the growth in intra-‐state conflicts, Western societies’ fear of immigration, the decaying environment and the accelerations of the HIV/AIDS epidemic demonstrate that a military state-‐centric agenda cannot explain our society anymore (Buzan & Hansen, 2009:187). Within international security studies, widening and deepening approaches have been strengthened in the post-‐Cold War period. These approaches are in favor of deepening the discussion beyond the state, include other sectors than the military and focus not only on domestic but also on trans-‐border threats (Ibidem:188). Traditional approaches also cannot explain the whole notion of terrorism (non state actors) because of their state-‐centric view (Ibid. 229).
Hence, new approaches and theories have been developed in order to understand and cope with these new threats. Most of these theories emphasize that states are no longer the sole actors with power over citizens. Manuel Castells for instance, explains in his network society theory how power is exercised nowadays through networks. According to Castells, societies have moved from the industrial age to the information age (Castells, 2011:773).
In this new age, the society is not organized primarily around the production and distribution of energy anymore, but around microelectronics-‐based information/communication technologies and genetic engineering (Castells, 2000:5). The increasing power of networks weakens the traditional power of the state. Hence, according to Castells, states are adapting and transforming themselves to a so called network state: “a state made out of a complex web of power-‐sharing, and negotiated decision-‐making between international, multinational, national, regional, local, and nongovernmental, political institutions” (Ibidem:10-‐14.) Moreover, Castells argues that the new power of states is defined by programming, or being able to shape the agenda of networks, and ‘switching power’, the ability to connect and combine various networks and information flows (Castells, 2011:786). As Joseph Nye states it, knowledge is more than ever power. If a state wants to gain comparative advantage it should be able to collect and deal with information (Nye, 1996:21). Or in other words as Anne-‐Marie Slaughter describes it, the new measure of power is connectedness (Slaughter, 2009:94-‐95).
A reflection of the importance of the dominance of information can be witnessed in the new mode of political conflict Alexander Galloway and Eugene Thacker talk about. They suggest that this new mode is based on network-‐network symmetry. Instead of wars in which power blocs are opposed to each other or wars in which power blocs fight insurgent networks, we are now heading towards a state of war in which networked powers fight other networked powers (Galloway & Thacker, 2007:14).
Castell’s network society and the changed nature of power pose new threats for states and citizens, such as cybercrime, criminal networks, biohazards and terrorism. For instance, the technological developments in the information society created new threats such as the possibility for attackers to faster and easier penetrate into existing systems with deeper effects. In the aftermath of 9/11 the notion of risk became attractive to describe security practices pointing to global and transnational threats. Not the avoidance of threats or fighting enemies, but the management of risks became important (Kessler, 2010:17). Hence, the contemporary world has not only been described as a network society, but also as a ‘world risk society’. Beck states that when we speak in terms of ‘risk’, we are talking about calculating the incalculable, colonizing the future (Beck, 2002: 40). He introduces the term ‘world risk society’ to show how uncontrollable risks are nowadays since they are de-‐ bounding spatially, temporally and socially (Ibidem:41). Christopher Coker addresses this same issue as entering the ‘risk age’, (Coker, 2002:58) arguing that the importance and insecurity of dealing with risks caused that risk increasingly determines the discourse of security (Ibidem:60).
As a response to new risks and threats, states try to manage insecurities with preemptive action and classifying people according to how dangerous they are (Ibid.:62-‐63). Or as Louise Amoore calls it, risk profiling in order to isolate the legitimate from illegitimate (Amoore, 2006:336). Marieke de Goede refers in one of her writings to a quote from the National Security Strategy of the United States (2002) when discussing this preemptive behavior of states. The strategy argues that “the greater the threat, the greater is the risk of inaction and the more compelling the case for taking anticipatory action to defend ourselves…” (De Goede, 2008:162). She says that when assumed that certain risks can be measured and maybe even predicted, caused that in politics the focus changed to preventive policy and
individual responsibility (Ibidem:164). As Ulrich Beck states it, people try to feign control over the uncontrollable (Beck, 2002:41). Marieke de Goede quotes Didier Bigo (2002), who states that since it is not possible to base everything on purely calculative logic, “preemptive security practice increasingly requires the work of ‘the managers of unease’, who conceptualize and classify, calculate and grade terrorist threats” (De Goede, 2008:165). In order to do this, there is an increasing quest for knowledge (Ibidem:166). Hence, states are increasingly collecting data about their citizens. Supported by technological developments, governments are able to watch people and collect information using means such as video surveillance, location tracking, data mining, wiretapping, bugging and much more (Solove, 2011:2).
2.3 The development of biometric technology as a data-‐gathering technique
Responses to new security threats are partly facilitated and also caused by new technological developments. One significant development in data gathering technologies is the use of biometric technologies. According to the FBI Biometric Center of Excellence, biometrics are measurable biological and behavioral characteristics that can be used for automated recognition. In the post 9/11, networked society there was an increasing need for governments and law enforcement agencies to be able to identify subjects as a counter-‐ terrorism technique. Therefore biometric technologies were further developed and are intensively used nowadays (Walker, 2012:197-‐198). Biometrics became an important security mechanism including fingerprints, facial recognition, speaker verification, dynamic signature recognition, iris and retinal scanning, hand geometry and keystroke dynamics (Schouten & Jacobs, 2009:305). The advancement in technology has permitted the use of biometric technology worldwide in different ways, from identity registration to border control. These technologies are being used for security purposes including tackling national security threats, conducting law enforcement, and as a general means of carrying out mass surveillance (Website Privacy International, 2014).
Louise Amoore discusses biometric technology when introducing the concept of the biometric border. She is using this concept to address in the war or terror the turn to scientific technologies and managerial expertise when managing borders, but also to show that biopower is used in a way that bodies of migrants and travelers become sites of multiple encoded boundaries. Identities (represented of biometrics and the body) are used as a
source of prediction and prevention (Amoore, 2006: 336). She uses the US-‐VISIT4 program as an example in which biometrics are used to assess the security risks of all United States (US)-‐ bound travelers in order to prevent threats from reaching US borders’ (Ibidem:337). As Marieke de Goede states it, biometric technologies are deployed at the border to classify travelers into ‘trusted’ and ‘suspicious’ groups as a way of risk assessment and statistical profiling in the field of security (De Goede, 2008:164). Amoore states this as segregating the legitimate (such as leisure and business) from the illegitimate (such as terrorism and illegal immigration) (Amoore, 2006:336).
Although many sources of biometric information have emerged due to the development of technology, fingerprints are the most commonly known and used biometric traits (Website Privacy International, 2014). The availability of the before mentioned techniques gave rise to the introduction of the biometric passport. This is an electronic passport containing a wireless readable chip and antenna to authenticate the identity of travelers in order to fight identity fraud. The data stored on the chip might contain fingerprints, a facial scan or an iris scan of its owner (Aarts, Schmaltz & Vaandrager, 2010:678). Cameras and finger scanners can see if a person’s face and fingers are identical with the information in the passport. Another interesting feature of the chip on the passport is that it contains the RFID5 technology, which is technically able to secretly track a person’s movements over an extended period. An individual’s physical location and personal information can technically be tracked (Ohkubo, Suzuki & Kinoshita, 2005:68).
The 9/11 attacks caused that among others the use of biometric technology became popular in order to fight terrorism. As a response to threats, the US first required that countries that wished to be a member of the visa waiver program (a US program allowing citizens of specific countries to travel to the US without needing a visa) needed to introduce passports containing machine-‐readable information (Schouten & Jacobs, 2009:306). Also, the Council of the European Union (EU) already adopted in 2002 guidelines in order to develop a Visa Information System (a database containing personal information) on visa applications for
4 United States Visitor and Immigrant Status Indicator Technology 5 Radio Frequency Identification
entering the Schengen area (a territory where the free movement of persons is guaranteed6). Biometric data such as the fingerprint were already considered as possible personal characteristics, which should be stored in the European database (Hayes, 2004:23). Subsequently, the EU introduced the e-‐passport and decided to set a deadline for the introduction of the biometric passport by August 2006 and setting another deadline in 2009 to include finger biometrics (Schouten & Jacobs, 2009:306). Belgium being the first European country to issue the e-‐passport in 2004, the Netherlands introduced the passport in August 2006 (Biometric Technology Today, 2006:3).
Within the Schengen area, internal borders in the EU are eliminated, which enabled free movement of citizens of the member states. However, to deal with security risks, the Schengen Information System (SIS) was introduced in 1995, being the largest database in the EU Concerning migration and cross border, judicial and police cooperation, personal information is stored, processed and exchanged for the purposes of excluding unwanted visitors from entering the EU (Garside, 2006:1). Due to certain limitations in the system, SIS II came into force in 2013 including new functions and characteristics such as the ability to
process and store biometric data (Website Europa-‐nu, 2014). According to Hayes, adding new features to SIS
transformed the system from a reporting system to a reporting and investigation system. Introducing biometrics in travel documents and the potential storage in databases of this data, resulted in the creation of lasting records on citizens, introducing the possibility of surveillance of the movements over everyone in the EU (Hayes, 2004:27).
Although the development of biometric technologies has benefits, such as the possibility for states to tackle identity fraud and prevent dangerous people from crossing their borders, these new technologies also have their downsides. Collecting, storing and using data on citizens brings up the question to what extent citizens’ privacy is infringed for example when personal data on citizens is used for government surveillance. It is important to define public concerns on this matter. The term ‘privacy’ and theories addressing privacy issues will be conceptualized and explained in the course of this chapter in order to analyze the case study
6 Schengen Area: Austria, Belgium, Chzech Republic, Denmark, Estonia, Finland, France, Germany, Greece,
Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden and Switzerland (Website European Commission, 2014)
on the public opinions on the gathering and storage of biometric data of the Dutch passport in the Netherlands in chapter four.
2.4 Privacy and biometric data
2.4.1 Definition of privacy
Analyzing privacy matters requires the employment of one definition, even when there does not exist one correct definition of the concept. However, for this thesis the definition of William A. Parent will be practiced. He states that “privacy is the condition of not having undocumented personal knowledge about one possessed by others. A person’s privacy is diminished exactly to the degree that others possess this kind of knowledge about him”. With personal knowledge he means the facts about a person, which most individuals do not want widely known about themselves (Parent, 1983:269).
Harry Blatterer, Pauline Johnson and Maria R. Markus write about modern privacy. They say cultural, political, economical and technological changes influence the way in which privacy can be characterized. Therefore they say about privacy that it is a dynamic process and that the meaning of the concept is never settled (Blatterer, Johnson & Markus, 2010:1). For example, as Marieke de Goede addresses in her article about the politics of preemption, in Europe privacy is less a point of politicization (less a point of public debate) because most countries are used to having a welfare state in which states already had access to personal information (De Goede, 2008:172). Therefore privacy might be perceived different in these countries than in for example the US. Data gathering and storing this information in databases might be more widely accepted by citizens in welfare states than in non-‐welfare states.
In general de boundaries of privacy have been expanding, mainly due to technological developments such as the introduction of new forms of social media. These media facilitate platforms for information sharing. The public and private became more closely intertwined.
2.4.2 Privacy expansions
In their book, Blatterer Johnson & Markus refer to Zygmunt Bauman who states that there is a continuous struggle between the public and the private. Public institutions increasingly give up responsibilities to individuals, whereas at the same time they collect even more
information from the private sphere. However, he also discusses the fact that boundaries of what individuals do not want widely known about themselves have been expanding. “Secrecy” to mark private territory is disappearing. People are less worried about privacy infringements and more worried about if they are able to share their secrets on display (Blatterer, Johnson & Markus, 2010:3). He argues that this need for visibility is “anchored in our human, social constitution” and is facilitated by technological developments. There is therefore a conflict between the need for privacy and the need for visibility (Ibid.:4). Güter Burkart addresses this as the ‘culture of confession’ and states that specifically new forms of media caused that privacy goes public, that privacy is publically presented (Ibid.:3). Also, Nathaniel Swigger argues that these new forms of media (especially social media) encourages individuals to constantly share information about themselves which contains aspects that used to be private in the past. Swigger found evidence that there is a negative correlation between the use of Facebook and support for civil liberties and a positive correlation for the use of Facebook and support for freedom of expression (Swigger, 2012:589). More and more people are living their lives publicly and have different ideas about norms and democratic values such as the protection of personal information (Ibidem:590). In addition, Michael Levi and David Wall say that there is evidence that individuals using networked technologies are prepared to relinquish some of their privacy in return for goods or services. Individuals would trade their privacy for ease of use and levels of security instead of being concerned about the protection of privacy (Levi & Wall, 2004:209).
However, although different authors argue that people are less worried about their privacy as long as they are able to express their opinions, are visible and are getting comfort in return, there remain still concerns on privacy regarding the gathering, storing and processing of personal data by governments. For a person to trade privacy in order to be visible and to be able to share their own selection of personal information is something else than to obligatory trade privacy in order to provide the government with knowledge on them. Hence, in the following subchapter, literature will be discussed on the privacy debate regarding the use of biometric data.
2.4.3 Debate privacy and biometric data
Privacy International, a United Kingdom (UK)-‐based registered charity that defends ands promotes the right to privacy across the world, published a report on the use of biometric
technology and its implications for privacy. They state that the use (and the abuse) of new information and communications technologies causes that human rights, such as the right to privacy and data protection, are constantly threatened. They argue that identification systems must be carefully monitored because of several reasons.
They address first of all the fact that there is a risk of false matches and data breaches when the biometric data is matched with a mass biometric database. A person could become falsely accused of something when biometric data is wrongly identified and matched, caused by for example data of poor quality. Also they call the collection of this personal data “de-‐ humanising” as it reduces the individual to a number. They are afraid that data could be used for, for example persecution on the basis of race or religion. Furthermore they argue that once a person’s identity is stolen or misused, the person cannot get a new identity since biometric data is unique to an individual. Therefore the use of biometric data can cause irreversible consequences such as false accusations (Website Privacy International, 2014). Another issue they address is the fact that states can use the technology for the surveillance of citizens. The so-‐called ‘Big Brother’ phenomenon when states can see everything and analyze who citizens are and what they do (Website Privacy International, 2014). For example, biometric data such as fingerprints are stored on the RFID-‐chip in a passport together with other personalized data. Henry Porter addressed his concerns about this in his article in the Guardian. The RFID-‐chips are microchips that give out information when activated by a scanner. Although there was not found any proof that governments use this option, things or persons can possibly be traced and personal details might be stored. He states that he is not only worried about personal liberty when citizens are constantly monitored, he is also afraid that the data might fall in the wrong hands once it is stored. He says we do not know what future governments might do with the possible storage of this data and besides he is afraid that also other people with wrong intentions might find a back door to this information (The Guardian 19 November 2006). This concern is similar to the one discussed by Privacy International regarding the fear of biometric data being used for persecutions based on for example race. However, going back to the surveillance issue discussed earlier, Privacy International refers to the fact that the storage of biometric data might lead to the use of this data by current governments for other purposes than the storage was initially meant for (function creep), violating a persons’ right to privacy. Some
citizens and organizations are afraid that the prevention of identity theft might even just be an excuse for the actual surveillance of citizens (Privacy International, 2014). Levi and Wall says about the surveillance of citizens that for example when the RFID-‐chip will be used for tracking (in any document or citizen’s possession), “an invidual’s access to and participation in the information society, might be regulated once individual’s movements, actions, and behavior are recorded“ (Levi & Wall, 2004:211). Also, David Lyon discusses privacy issues regarding the use of biometrics in his writings about surveillance. He introduces the term social sorting addressing that amongst others biometric data might be used to create profiles and risk categories in order to predict and prevent events from happening (Lyon, 2003:13). Besides the fact that he points to the fact that civil liberties might be infringed when all this personal data is collected and stored, he also discusses that unjust conclusions might be drawn. Combining information might cause for example that information is not seen in the correct context, which might cause inappropriate profiling and categorizing (Lyon, 2001:173). So far, several privacy concerns with the use of biometric data are discussed. However, in the case study of this thesis the focus is on the Dutch public opinions on the gathering and storage of biometric data of the biometric passport in the Netherlands regarding its privacy implications. In order to analyze these aggregations of individual views, attitudes, and beliefs on the topic, the following theories are used: function creep, securitization and social sorting. Those theories address privacy issues, which might be public concerns in the Netherlands. Although function creep and social sorting are briefly discussed in this subchapter, the following subchapters will clarify each of the theories more thoroughly.
2.5 Function creep
Several revelations about government surveillance practices and privacy infringements worried people and made the topics heavily debated in the media and in politics. To address the privacy issues concerned with data gathering technologies, the concept of function creep is used which will be defined in this chapter.
Although journalists and other critics in the media have discussed function creep, also scholars address this matter as an important issue in privacy debates. Dahl & Sætnan refer to function creep as “changes in, and especially additions to, the use of technology. When personal data, collected and used for one purpose and to fulfill one function have migrated
to others that extend and intensify surveillance and invasion of privacy beyond what was originally understood and considered socially, ethically and legally acceptable“ (Dahl & Sætnan, 2009:84).
Den Boer and Van Buuren describe function creep specifically in a way in which data initially collected for security purposes is used for the permanent surveillance of citizens. In their article on Security Clouds they discuss the fact that “data on individuals float between accumulated data-‐systems and networked surveillance instruments” (Den Boer & Van buuren, 2012:85). They say in the EU, surveillance has become intertwined with security. Intelligence is needed for surveillance/governance and security intelligence is needed for security governance. New databases have expanded to include new functionalities and new technological facilities. However, they argue that there has not been enough political and social debate about the necessity, proportionality, functionality and effectiveness of these systems (Ibidem:86). Databases which are used for criminal investigation and intelligence-‐ gathering have been used by a growing number of authorized users who have access to these systems, and the potential of searching large amounts of data with the help of data-‐mining and data-‐profiling. Although information practices have been subjected to national and international data protection systems, there is an increasing emphasis on data retention and data transfers between agencies at different governance levels (Ibid.:88). They use the example of the Terrorist Financial Tracking Program (TFTP), the so called SWIFT7-‐agreement. This agreement allows US authorities access to European based financial data in cases of anti-‐ terrorism investigations (Ibid.:89). They say that we might witness the emergence of a ‘security cloud’ containing personal and sensitive data, once collected and stored for different purposes, which allows “the permanent exchanging, combining, upgrading, refining, analyzing, reselling and storing in a range of national and international databases that can be accessed from a distance by plethora of actors” (Ibid.:90).
Biometric technology is mainly used in cross border (electronic) travel documents. Digital borders are transformed into ‘biometric borders’ (Ibid.:91; reference to Amoore 2006). According to Den Boer and Van Buuren these physical features of the human body data are often stored in a search engine (Biometric Matching System) which might be kept for different purposes according to different definitions of what constitutes criminal offence