Fingerprinting foreigners

Find access control & identity management products (SSBD)

February 2004 Access Control & Identity Management

Imagine that you are going on vacation to some exotic country. You get your visa, plan your trip, and take a long flight. How would you feel if, at the border, you were photographed and fingerprinted? How would you feel if your biometrics stayed in that country’s computers for years? If your fingerprints could be sent back to your home country? Would you feel welcomed by that country, or would you feel like a criminal?

This month the US government began doing just that to an expected 23 million visitors to the US. The US-VISIT program is designed to capture biometric information at its borders. Only citizens of 27 countries who do not need a visa to enter the US, mostly in Europe, are exempt. Currently, all 115 international airports and 14 seaports are covered, and over the next three years this program will be expanded to cover at least 50 land crossings, and also to screen foreigners exiting the country.

None of this comes cheaply. The program cost $380 million in 2003 and will cost at least the same in 2004. But that is just the start; the Department of Homeland Security's total cost estimate nears $10 billion.

Combatting terrorism?

According to the Bush administration, the measures are designed to combat terrorism. As a security expert, it is hard for me to see how. The 9/11 terrorists would not have been deterred by this system; many of them entered the country legally on valid passports and visas. The US has a 5500-mile long border with Canada, and another 2000-mile long border with Mexico. Two-to-three-hundred thousand people enter the country illegally each year from Mexico. Two-to-three-million people enter the country legally each year and overstay their visas. Capturing the biometric information of everyone entering the country does not make us safer.

What is the yardstick?

And even if we could completely seal our borders, fingerprinting everyone still would not keep terrorists out. It is not like we can identify terrorists in advance. The border guards cannot say "this fingerprint is safe; it is not in our database" because there is no comprehensive fingerprint database for suspected terrorists.

More dangerous is the precedent this program sets. Today the program only affects foreign visitors with visas. The next logical step is to fingerprint all visitors to the US, and then everybody, including US citizens.

Following this train of thought quickly leads to sinister speculation. There is no reason why the program should be restricted to entering and exiting the country; why should not every airline flight be 'protected?' Perhaps the program can be extended to train rides, bus rides, entering and exiting government buildings. Ultimately the government will have a biometric database of every US citizen - face and fingerprints - and will be able to track their movements. Do we want to live in that kind of society?

Retaliation

Retaliation is another worry. Brazil is now fingerprinting Americans who visit that country, and other countries are expected to follow suit. All over the world, totalitarian governments will use the fingerprinting regime to justify fingerprinting Americans who enter their countries. This means that your prints are going to end up on file with every tin-pot dictator from Sierra Leone to Uzbeckistan. And Tom Ridge has already pledged to share security information with other countries.

A trade-off

Security is a trade-off. When deciding whether to implement a security measure, we must balance the costs against the benefits. Large-scale fingerprinting is something that does not add much to our security against terrorism, costs an enormous amount of money that could be better spent elsewhere. Allocating the funds on compiling, sharing, and enforcing the terrorist watch list would be a far better security investment. As a security consumer, I am getting swindled.

America's security comes from our freedoms and our liberty. For over two centuries we have maintained a delicate balance between freedom and the opportunity for crime. We deliberately put laws in place that hamper police investigations, because we know we are more secure because of them. We know that laws regulating wiretapping, search and seizure, and interrogation make us all safer, even if they make it harder to convict criminals.

The US system of government has a basic unwritten rule: the government should be granted only limited power, and for limited purposes, because of the certainty that government power will be abused. We have already seen the US-PATRIOT Act powers granted to the government to combat terrorism directed against common crimes. Allowing the government to create the infrastructure to collect biometric information on everyone it can is not a power we should grant the government lightly. It is something we would have expected in former East Germany, Iraq, or the Soviet Union. In all of these countries greater government control meant less security for citizens, and the results in the US will be no different. It is bad civic hygiene to build an infrastructure that can be used to facilitate a police state.

Source: Bruce Schneier, Counterpane Internet Security.

A version of this essay originally appeared in Newsday.

http://www.newsday.com/news/opinion/ny-vpsch143625202jan14,0,1880923.story

Office of Homeland Security webpage for the program:

http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0333.xml

News articles:

http://www.washtimes.com/national/20031201-115121-4339r.htm

http://www.washtimes.com/national/20031027-112510-5818r.htm

http://www.nytimes.com/reuters/news/news-security-usa-visas.html

http://gcn.com/vol1_no1/daily-updates/24536-1.html

http://www.sunspot.net/news/custom/attack/bal-airport0106,0,42711.story

http://www.cnn.com/2004/US/01/04/visit.program/