US Government’s biometric database worries privacy advocates

It is something few Americans will have likely heard of, but the US Department of Homeland Security’s Homeland Advanced Recognition Technology (HART) is catching the eye of privacy advocates – and not in a good way.

Announced in 2017, on the face of it HART is just a bigger and better version of the DHS’s Automated Biometric Identification System (IDENT), which dates back to the 1990s, before the DHS even existed.

IDENT was built to gather data such as fingerprints and photographs of people entering the US – anyone who’s visited the country as a non-US citizen in the last 15 years or so will be in this database.

Despite sounding similar, HART marks a step change in what such databases can be used for when combined with emerging technologies such as real-time facial recognition and biometrics.

The first upgrade is its projected size that will see it scale to 500 million or more identities, including many more Americans as they cross US borders.

Its data-gathering capabilities will expand too, taking in a wider range of biometric data such as iris scans, palm prints, voice patterns, scars and tattoos and even DNA used to feed a new type of identity built around External Biometric Records (EBRs).

This will be tied to names, addresses, number plates, and every and any documentation officials can add to form a rounded record of every individual the system comes into contact with.

Lurking in the background is what looks like a thinly-veiled ambition to track people in real time through facial and number-plate recognition.

To campaign groups such as the Electronic Frontier Foundation (EFF), HART smacks of an all-encompassing surveillance system that wants to know where people are at all times.

Including by noticing “relationship patterns”, says the EFF:

We don’t know where DHS or its external partners will be getting these relationship pattern records, but they could come from social media profiles and posts, which the government plans to track by collecting social media user names from all foreign travelers entering the country.

The latter is consistent with current policy – the DHS already reserves the right to ask travellers to share their social media accounts with them if they wish to enter the US.

The EFF recently criticised the fact that HART is exempt from the 1974 US Privacy Act, and questioned its creeping effects on First Amendment rights to free speech and the ability to associate with others.

Might this be an over-statement? To the DHS, HART and its use of EBR is about serving…

Law enforcement, national security, immigration screening, border enforcement, intelligence, national defense, and background investigations relating to national security positions, credentialing, and certain positions of public trust.

That seems reasonable on one level although surveilling people (including some Americans) as they enter and leave the country isn’t exactly a gentle way of making them feel welcome or loved.

It also presents a bit of a paradox for the US’s image of itself as the land of the free. Not so long ago, the US was a regular critic of Chinese state surveillance and its infamous firewall of censorship. Now, at times, it’s as if some in the US have become envious.

The other concern is over who is looking after all this data and is it secure? It’s not as if the DHS has been immune to data breaches in the recent past.

The objections of the EFF and others are unlikely to cut much ice in the US right now, but the problem of data management and security could yet be the issue that lands HART in hot water.