Defender of your Digital Freedom

All Posts | Mar 14,2018

Panel Discussion at Internet Freedom Festival, 2018: Privacy and Data Protection in the Age of Biometrics

The Internet Freedom Festival, 2018 was held in Valencia, Spain from 5 to 9 March.

Each year, the IFF brings together those who defend digital rights around the world – journalists, activists, technologists, policy advocates, digital safety trainers, and designers – in support of the following core goals:

 1. Create an inclusive space and cultivate an atmosphere of trust for the Internet Freedom Community to pool resources, share knowledge, and network.

2. Increase the diversity of the Internet Freedom community by engaging perspectives from a variety of backgrounds brought by under-represented groups.

3. Collectively improve the services, strategies, and tools offered to the most vulnerable individuals on the frontlines by mapping censorship, surveillance and access obstacles faced in different regions in the world .

SFLC.in organised a panel discussion at the annual forum on March 7, 2018. The session was titled “Privacy and Data Protection in the Age of Biometrics”. Panelists were: Cathleen Berger (Mozilla), Katitza Rodriguez (Electronic Frontier Foundation), Lucy Purdon (Privacy International), Gbenga Sesan (Paradigm Initiative), Prof. K.S Park (Open net Korea) and Priyanka Chaudhuri (SFLC.in). The discussion was held under Chatham House rules.

The discussion focussed on the challenges of using biometrics identifiers as it is rapidly becoming the most preferred kind of technology across Governments, industries and applications.

Some of the points that were covered were:

  • Purpose of biometrics enabled national identity systems: Panelists discussed biometrics identity systems in India, Nigeria, Kenya, Pakistan and Britain, particularly, Aadhaar, biometric voter registration in Nigeria, National Identity Register in UK, Pakistan’s Data Protection Bill, 2005. Panelists also touched upon the fact that digital identities don’t necessarily include biometrics, but are often conflated because of different narratives emphasizing increased security.

  • Privacy implications related to using biometrics technology and the various reasons behind using the technology, considering it is not foolproof and like any other database, is vulnerable to hacking: Panelists agreed that the starting point of any technological development should be ‘individual empowerment.’ The usual logic adopted for using biometrics technology is that an individual’s biometrics are unique, immutable and therefore the technology is foolproof and secure. Panelists expressed that that is not completely true. Infact, use of biomerics technology is a huge violation of privacy and can also be used as a tool for mass surveillance. Panelists also discussed the motivations for the recent wave of biometrics data capture by Governments and emboldened private businesses, including fear and control. It was also discussed how this is done without privacy or data protection laws or with deliberate attempts at creating laws around established intentions.

  • Use of specific biometrics technology like facial recognition: Panelists were of the view that accuracy of facial recognition decreases significantly due to variations in pose, expression, resolution and illumination. It was also raised that facial recognition leads to high rate of false positives (system identifies someone as a suspect even though they are innocent) and false negatives (system doesn’t recognize someone even though their picture is in the database). Criminal mugshot or facial recognition databases generally produce “ranked results” rather than IDs. Additional privacy challenges that came up were: facial recognition can be captured covertly, from a distance, in a public space and on a mass scale.

  • Function creep and solutions in law and policy before implementing a biometrics enabled system: Panelists highlighted that data protection laws should have an anti-function creep clause to prevent potential invasion of privacy. A panelist explained that like all identification schemes, biometric identification also suffers from a phenomenon what called “Paradox of Trust”: the more trustworthy an identification scheme you try to build, the less trustworthy it becomes.

All Posts | Mar 22,2017

At Internet Freedom Festival in Valencia, Spain

SFLC.in participated in the Internet Freedom Festival (IFF) which was held between 6th and 10th of March, 2017 in the beautiful city of Valencia in Spain. IFF is a community organized unconference that brings together digital rights defenders – journalists, activists, technologists, policy advocates, digital safety trainers, and designers – to create an inclusive and diverse space for discussions and collaborations.

Under the theme, Internet Freedom: Present and Future, we organized a conversational session on “Analyzing the Causes and Impacts of Internet Shutdowns”with a full hall of about 80 participants. The irony of such high incidence of this issue in a country that takes pride in being the largest democracy in the world was evident in the points raised throughout the session. There was also discussion about the need for more specific studies on the economic and social impact of these shutdowns that provides regional data which can enhance the advocacy efforts in those regions.

We also showcased our Internet Shutdown Tracker project which maps the growing incidents of Internet shutdowns across India and was much appreciated, especially by activists from countries which have faced numerous such shutdowns.

We were also invited to the panel on “Data Protection Laws and its different manifestations” which was organized together by Digital Rights Foundation, Access Now and Electronic Frontier Foundation. Other panelists included Nighat Dad (DRF), Wafa BenHassine (Access Now), Mohamad Najem (SMEX). The panel was moderated by Nica Doom (EngageMedia). India’s lack of an overarching legislation that should ideally cover the gamut of data privacy and security concerns that have been surfacing of late across India. We focused particularly on the problems around Aadhaar and its weak mechanisms in ensuring privacy and protection of personal information from being misused. We also took part in the discussion on Mass Surveillance in India and held a discussion on Aadhaar’s potential as a surveillance tool by government and its law enforcement agencies.