I've Got a Finger for Them to Fingerprint

The lead story in today's Toronto Star is an article entitled U.S. to screen Canadians.

As of January 1st, the US Department of Homeland Security has implemented the US-VISIT program, which requires that all visitors and US residents (but not citizens) holding work visas be fingerprinted and photographed when crossing the border. The program has been rolled out at airports and seaports thus far, and the plan is to roll it out at land crossings later this year.

Canadian visitors (and visitors from 26 other countries) are exempt from US-VISIT, but Canadian visa holders are not.

From the article:

Washington sources, who asked not to be named, first said Canadian visa-holders would be photographed and fingerprinted at the discretion of the customs officer at the point of entry, but later said "anybody who has a visa in their passport will go through US-VISIT."

U.S. authorities now will log the complete name, date of birth, citizenship, gender, passport information and American address of all Canadians returning to the United States.

The information will be held by the U.S. Department of Homeland Security, the U.S. State Department, U.S. Immigration and "appropriate federal, state and local law enforcement personnel."

Homeland Security officials say all information will be protected under the U.S. Privacy Act, but will be held "as long as it is needed."

I think this is reasonable for a country to know who enters and exits its borders, but it is scary to think that there are no limits on who will have access to this information (who defines "appropriate" law-enforcement personnel?), nor are there limits to how long it is kept.

It is interesting to note that biometric identification (like fingerprinting) would likely have stopped some of the 9/11 terrorists on FBI watch lists before they were able to board their flights. At the same time, I am worried about the precedent this sets in terms of tying uniquely identifying information (DNA, fingerprints, retinal scans, etc.) to real-world data and behavioral patterns. You can bet that some government official will want to tie this data to EZ-Pass data, or credit card history, or medical or employment records... and then tie all of that together.

Think Gattaca is terribly far off? Maybe, but you can bet that this is a start down that road.

If I was a US citizen, I would contact the ACLU stat.

Related Posts

Comments (Post | Latest)

1. sujal said on Jan 6 2004:

admiral poindexter (of Iran Contra fame) already proposed such an all-encompasing system. It was originally named Total Information Awareness. It then got a few more palatable names in a PR makeover before Congress finally cut funding. You can find out more at http://www.epic.org/privacy/profiling/tia/ .

The other issue is how easy it might be to falsify data when a person is willing enough... I mean, if you're willing to die, would you be averse to some plastic surgery? If you have a few billion bankrolling you, what high tech devices can you come up with to beat these sensors?

I need to look at the legislation again, but there is always the concern of mission creep... Social Security Numbers provide an ideal example. Originally created to help distribute and collect social security funds, they're now so ubiquitous and so trivial to steal that you can easily become someone else with just 9 digits.

My final problem, which I admit is mostly paranoia, is that mission creep is inevitable as people begin to believe that this data is completely foolproof. Many technologies have been shown to have flaws or to have flaws to dedicated attacks. See:

http://seclists.org/lists/politech/2002/Nov/0031.html
http://www.schneier.com/crypto-gram-0205.html#5
http://www.extremetech.com/article2/0,3973,37297,00.asp

another thought... all of these things all turn into numbers at some point. numbers can be copied, altered, swapped around... Few systems are very clever.

Sujal
ACLU member (oh, maybe it lapsed... gotta reup)

2. reemer said on Jan 7 2004:

Ah yes, I forgot to mention TIA. Seems like this system could easily be a precursor to a "new and improved" TIA--It's easier to overlook by building separate systems and then have some bureaucrat say "wait, we have SSNs here, why don't we tie all this wonderful info together"?

Interesting articles on extremetech and schneir above. Seems false positives will be a tremendous cost on all parties involved... and if biometric machines can be fooled easily, it will, once again, be a colossal waste of taxpayer dollars.

i can't vote, but i can bitch about where my tax money is spent!

About

Hi, I'm Kareem Mayan. I co-founded eduFire, an online video tutoring company.

I've done time at ESPN and FIM.

I advise WorldBlu, helping them build democratic companies.

I moderated a council for Creative Good.

And, I helped bring Barcamp, a technology un-conference, to LA, which is where I live. I am now living and working in cool cities around the world.

More about me.

Opinions stated here are mine alone.

Contact: blog -at- reemer

Subscribe

 Subscribe with RSS

 Subscribe by email



Good Products

Dreamhost web hosting!

Kiva: $25 to change a life. Kiva - loans that change lives

Powered By

Subscribe via RSS Subscribe to this blog
All content © 2002-2006 Kareem Mayan
Almond Oil Face Scrub | Apple Cider Vinegar Face Wash | Olive Oil Face Cream
Olive Oil Face and Body Lotion | Witch Hazel Face Toner