In its December 2021 analytical briefing on biometrics and counter-terrorism, the United Nations Counter-terrorism Committee Executive Directorate (CTED) notes how “the use of biometrics for counter-terrorism purposes – notably in the context of border management and security – has become increasingly widespread.”
That should not come as a surprise, given repeated UN Security Council resolutions imposing legally binding obligations on all UN member states to develop biometric technologies for counter-terrorism purposes, paired with the strong promotion of these technologies by some, mostly Western states and by powerful industry players.
Also not surprising, for reasons elaborated further below, is that these biometric technologies have very often been deployed in a human rights void, raising predictable and serious human rights concerns.
In May 2021, Privacy International (where I work) published three case studies, documenting the human rights implications of the use of biometric technologies for counter-terrorism purposes in Afghanistan, Israel/Palestine, and Somalia. While the contexts are different, the main trends are very similar.
First, biometric technologies, coupled with large, centralized databases, can seriously undermine the human right to privacy and have an irreversible impact on individuals. In this context, “relatively fixed and unchangeable physical features” – such as fingerprints – are turned into “machine-readable identifiers.” Human rights experts are increasingly questioning whether some of these technologies, notably live facial recognition in public spaces, can ever be deployed in ways that do not violate the right to privacy and other human rights, such as freedom of peaceful assembly, as recognized in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.
Second, there is a rising danger of “function creep,” which we define as “the gradual widening of a technology use beyond its original, intended purpose.” In many recent cases, biometric tools have been repurposed from national security and counter-terrorism purposes to be used in implementing emergency measures in the context of the COVID-19 pandemic, but without an appropriate legal framework regulating their use or consideration of the necessity and proportionality of such measures. Civil society organizations have long urged governments to recognize and address the function creep of biometric technologies and their role in shrinking civic space worldwide.
Third, “biometric technologies can exacerbate exclusion and reproduce racial, ethnic, gender, social class, and other inequalities.” Both the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism and the UN Special Rapporteur on contemporary forms of racism have highlighted the discriminatory impacts of the use of biometric technologies.
Fourth, many governments rely on the private sector to develop and implement technologies for state surveillance. As noted by the UN Special Rapporteur on Freedom of Expression, the capacity of states to conduct surveillance may even “depend on the extent to which business enterprises cooperate with or resist such surveillance.”
Industries are certainly fulfilling a demand from governments. At the same time, though, these companies are actively marketing themselves as the providers of technical solutions to support counter-terrorism, law enforcement, and border control policies. Most of these private surveillance, military, and security companies have strong ties with government security sectors. They are well placed to influence government policies and to create the demand for tech solutions. Resulting public private partnerships can introduce vast biometric programs, which are often developed without adequate due diligence and prior human rights impact assessment.
The December CTED briefing briefly outlines some of these human rights concerns related to the use of biometric technologies for counter-terrorism purposes. CTED also rightly notes the inadequacy of legal and regulatory frameworks, including on data protection and oversight and accountability mechanisms, and states that legislation establishing safeguards “must be developed prior to the implementation of biometric systems.”
To address these concerns, the CTED briefing recommends to further strengthen “technical assistance and capacity-building for Member States […] that are struggling with the introduction and use of biometrics, as well as the need for States with expertise in the responsible use of biometrics to support such initiatives.” The assumption is that biometric technologies need to be rolled out, but there are no specific recommendations for the provision of human rights guidance to member states.
Likewise, the UN Security Council’s resolution 2396 and other relevant UN documents, such as the 2018 Addendum to the Madrid Guiding Principles, demand that the development of systems of collection, processing, and sharing of biometric data be undertaken in compliance with international human rights law. However, they do not provide guidance to member states on how to apply human rights standards. This is a significant gap that needs to be urgently addressed as more and more governments adopt biometric technologies for counter-terrorism purposes in ways that violate their human rights obligations.
Notably, this gap has not been bridged by existing guidance, such as the 2018 UN Compendium of Recommended Practices for the Responsible Use and Sharing of Biometrics in Counter-terrorism (the Compendium). Analyses by independent human rights experts (Dr. Krisztina Huszti-Orbán and Prof. Fionnuala Ní Aoláin, Use of Biometric Data to Identify Terrorists: Best Practice or Risky Business?, 2020) and civil society organizations (Privacy International, Responsible Use and Sharing of Biometric Data in Counter-terrorism, 2020) noted how the Compendium fails to comprehensively address the human rights implications of the use of biometric technologies for counter-terrorism purposes.
Instead, its recommended “best practices” are by-and-large supportive of government and industry trends towards ever-expanding application of biometric systems and the sharing of biometric data within and across jurisdictions, without providing member states specific guidance on necessary safeguards to ensure compliance with human rights obligations in the process. Of particular concern is the almost unqualified support for ever expanding biometric databases (and the integration of existing ones) coupled with expanding access to biometric data for an ever-wider range of law enforcement and security agencies. The recent CTED analysis reflects these same shortcomings.
Arguably, the Compendium lacks comprehensive and precise human rights guidance because it was developed without meaningful input by human rights experts and civil society, while the interests of security and law enforcement agencies and of the biometric industry were overrepresented.
To address this imbalance, CTED should promptly set up a transparent process of consultation with independent human rights experts and civil society organizations. Such a process would help it develop the precise and comprehensive guidelines member states sorely need on how to follow a human rights based approach when using biometric technologies for counter-terrorism purposes.