DELIVERABLE D2.2 Hon g Kong Conference Report
RISE PROJECT
Project funded by the European Commission-FP7
Grant Agreement n°: 230389
Coordination Action (CA)
Start date of the project: 1 March 2009
Duration: 36 months
1° Reporting Period
Deliverable: D2.2 Title: Hong Kong Conference Report Due date: 31.03.2010 Actual submission date: 20.05.2010 Lead contractor for this deliverable: Hong Kong Polytechnic University Contact: [email protected] Dissemination Level: PU
1
The Third International Conference onWWW Ethics and .PolicyRISEPROJECT of Biometrics and International. EU Data Sharing, 2010, Hong Kong
Table of Contents
I. Introduction ...... 3
II. Background of Conference ...... 3
III. Preparation for the Conference ...... 4 A. Conference Venue and Logistics
B. Invitation for Speakers
IV. The Third International Conference ...... 5
V. Call for Papers...... 14
VI. Abstracts and Biographies ...... 15
VII. Media Coverage ...... 28
VIII. Conference Organization and Proceedings Organization ...... 31
IX. List of Participants ...... 34
X. Speakers Presentations ...... 38
XI. Appendix A: Conference Brochure ...... 106
XII. Appendix B: Conference Proceedings ...... 136
2
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
I. Introduction Human identification using their physiological and behavioural characteristics, i.e. biometrics, is increasingly mapped into range of new civilian and commercial applications. The past decade has seen a rapid growth in the demand for biometrics and data security technologies for a wide range of applications in education, law enforcement, immigration, healthcare, online security and financial services. The biometrics based technologies have opened new frontiers for medical diagnosis and information security. However recent research and deployment reports have shown that with negligible-to-modest effort, many leading biometric technologies are susceptible to attacks in which fake fingerprint tapes, static facial images and static iris stamps/images have been successfully employed as biometric samples. These fraudulent samples are processed by the biometric system to generate templates and to verify enrolled individuals. There has been a newfound urgency after September 11 attacks to develop cutting-edge security technologies. However, the performance of currently available biometrics technologies is yet to mature for its broad deployment in real environments. Performance estimation is a key issue in the comparison and evaluation of the biometric and biometric system in large scale secure access technology. The challenge lies in devising the effective performance indices and evolving their interdependence to convey security, accuracy, privacy and such other performance measures currently debated in the literature. In addition, the increasing usage of biometrics technologies have raised more concerns on the ethics, privacy and policy implications of biometrics.
The large scale deployment of biometrics technologies has highlighted several challenges in the management of human identities. The large scale deployment and development of next generation biometrics system must address the increasing concerns on the ethics, privacy and policy implications. The novel biometrics sensing, signal/image representation, storage, retrieval, transmission, encryption, matching and decision making techniques have to be developed to address the ethical, legal, cultural and social concerns in the management of human identities. The challenges posed in the deployment and development of promising biometric technologies can be largely observed from engineering perspective, and from social perspective. Several research presentations have shown that when social and ethical factors are internalized into the technical design and decision making, the solution tends to be more effective, compatible and cost effective.
II. Background of Conference The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, also referred to as third RISE (Rising Pan European and International Awareness of Biometrics and Security Ethics) meeting, is essentially a key milestone in the ongoing dialogue process within the scope of RISE project. This conference has been planned and fully scheduled in the European Commission supported RISE project no. 230389 funded under FP7, SP-4 Capacities.
The increasing deployment of cutting edge security technologies has invited renewed concerns on the ethics, privacy and policy implications on the usage of these technologies. However, these concerns are not new but have also been raised and discussed earlier in the previous two conferences. The first of this conference was organized by European Commission in 2005 in Brussels and second one in 2006 in Washington DC, by the US Department of Homeland Security and the US Visit Program. The third international conference has been particularly organized in Asia by the RISE consortium to more actively involve the regional stakeholders in the dialogue process. The host city of Hong Kong in China was judiciously selected to avail the better connectivity and visa free entry for the likely participants from most of the countries. The key idea of the organizers has been to seek more active participation from the Chinese and Indian law enforcement, border control, privacy protection and the regulatory bodies in the dialogue process and bring awareness on the implications and challenges in the deployment of the biometrics technologies.
3
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
III. Preparation for the Conference The preparation for the conference started soon after the conclusion of the kick off meeting which was held in Rome on 12-13 March 2009. The initial task has been to come up with call for papers, develop and install a conference website, install a reliable conference paper submission and review submission system, select and book the conference venue, accommodation arrangement and booking for the conference participants. Some of these tasks like development of conference website, circulation for call for paper, booking the conference venue, etc. started much in advance. The mass mailing of the call of paper started from [email protected] in May 2009 itself and the initial deadline for the paper submission was set as 1st September, 2009. Online paper submission link was made available at http://iceb.comp.polyu.edu.hk/myreview/SubmitAbstract.php and the deadline for the paper submission was extended to seek more quality papers. The task of attracting potential authors to submit papers on the interdisciplinary topics in biometrics, i.e., the policy implications and the potential concerns with the biometrics and data security technologies, was challenging. The call for paper and participation was also posted on public notice boards in major international conferences, like BTAS 2009 held in Washington, whenever the program committee members had opportunity to visit such conferences. The conference website http://www.comp.polyu.edu.hk/conference/iceb was regularly updated with the links and news from the most recent incidents depicting the challenges associated with the usage of biometrics and data protection technologies. Several social action groups, established research and development institutions on the bioethics, law enforcements, data privacy and protection regulatory bodies, system integrators, users and developers of biometrics technologies were located from all over the world and encouraged to submit the papers and participate in the conference. The call of papers for this conference is available on page 14 in this report. As can be noticed from the attached document, the call of papers clearly outlined the extended range of topics that would be of potential interest in the multidisciplinary domain of this conference.
A. Conference Venue and Logistics The prime consideration in selecting the conference hall and location was the ease of access, quality of amenities, convenience and importantly the cost. The venue was therefore selected as the Senate Room of The Hong Kong Polytechnic University which is located within the campus. The conference organizers also supported and supervised the accommodation arrangements for the speakers and the participants. We contacted three different hotels, all located within the walking distance from the conference venue, to seek the discounted accommodation for the participants. The accommodation rates has to be negotiated much in advance as the January is the high season month in Hong Kong that typically experiences highest tourist traffic flow. The accommodation arrangement for all the key note speakers was supervised and supported by the local staff in our university. B. Invitation for Speakers The ‘India Preparatory Meeting on Biometrics and Data Protection' that was held in New Delhi on September 24-25, 2009 provided another venue for the discussion on the agenda for the third international conference and the selection of speakers. Each of the submitted paper was reviewed by at least two reviewers and large number of papers submitted were highly technical in nature and therefore rejected since there are already several other venues for submitting/presenting such papers. The review results of the papers submitted for the conference was prepared and the authors were notified for the decision on their papers along with the comments from the reviewers. A preliminary list of key note speakers to be approached for their possible talk and participation during the Hong Kong conference was prepared during the India preparatory meeting. This list
4
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
was continuously revised and updated largely based on the outcome of the pursued invitations, feedback from the conference chairs. We selected 25 speakers for the conference and received their final confirmation for the talk. All of the nonlocal invited keynote speakers were supported for their travel and accommodation during the conference visit.
IV. The Third International Conference The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing was held in Hong Kong on January 4-5, 2010. This conference was the first major international event from the RISE project in the Asia Pacific region to promote the dialogue among the key stakeholders. The conference witnessed the participation of over 150 registered participants. The conference program invited world-wide attention, with the attendances from 19 countries and regions including – Belgium, China, France, Hong Kong, India, Italy, Israel, Japan, New Zealand, Belgium, Slovenia, Switzerland, Estonia, Taiwan, Malaysia, Australia, United Kingdom, United States. The conference program gave broad coverage to the social, cultural, ethical, legal and technical challenges in the deployment/development of biometrics applications and technologies; and government interests were also represented. Among those departments that participated were the representatives from the US and Israeli governmental agencies and representatives from the Hong Kong Police Force, Hong Kong Immigration Office, Office of Hong Kong Privacy Commissioner, and public media, including Radio Television Hong Kong (RTHK), Television Broadcast Limited (TVB), Ming Pao, and The Standard. The conference program witnessed 25 oral presentations, and promoting interactions and discussion among the conference participants that stimulated a wealth of new ideas. The breadth of international and social representation was one of the key advantages of lively discussions that prompted immediate feedback/comments on relevant issues.
The conference opened after a warm welcome opening address by Prof. David Zhang from The Hong Kong Polytechnic University, and three opening speeches by Dr. Hon Samson Tam, Legislative Councillor; Prof. Emilio Mordini coordinator of the RISE project and Director of the Centre for Science, Society and Citizenship, Italy; and Prof. Alex Wai from The Hong Kong Polytechnic University. Prof David Zhang highlighted that this was not a conventional biometrics conference and outlined on the raising concerns and issues with the deployment of biometrics and data security technologies. He motivated the conference delegates to develop some consensus on the policy issues, extensively review the current practices, evaluate the concerns and cost benefits from evolving technologies and outline the strategies to meet the privacy and socio-technological challenges. Dr. Hon Samson Tam noted that the biometrics characteristics are exploited not only for the automated personal identification to ensure security but also for the medical diagnosis. He congratulated the Biometrics Research Centre for successfully cultivating technological innovations from highly motivated researchers and actively participating in this dialogue to address the ethical and social concerns on the deployment of the new technologies. Prof. Emilio Mordini gave the historical perspective on the conference and provided an overview on the open issues from the previous two conferences organized in Brussels and Washington DC by the European Commission, US DHS and the US Visit Program respectively. He detailed on the organization of European Commission supported RISE
5
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Upper left: Prof. David Zhang, from The Hong Kong Polytechnic University, delivering the welcome address; Upper right: Dr. Hon. Samson Tam, JP, Legislative Councilor Hong Kong, speaking during the welcome session; Lower left: Prof. Emilio Mordini, RISE Project Coordinator, delivering welcome speech and introducing the RISE, BITE and HIDE projects; Lower right: Prof. Alex Wai, Dean of Engineering, The Hong Kong Polytechnic University, delivers the opening address.
project, the conference agenda, motivated the policy regulators and the participants to coming up with some consensus and policy recommendations on the ethical, medical, legal, social, cultural and political concerns in the deployment of biometrics and data security technologies. The welcome session was concluded by Prof. Alex Wai, who drew the attention of participants towards the successful usage of fingerprint based Hong Kong ID cards in Hong Kong which provides a model for the effective deployment of biometrics technologies for the benefits of citizens in e-governance and in high-speed border crossings. He noted that the utilities offered by Hong Kong identity cards seems to apparently outweigh the potential privacy concerns and the Hong Kong residents do not seem overly concerned with the privacy issues. He however necessitated international dialogue on privacy concerns and potential threats on the biometrics and data security technologies.
Mr. Roderick Woo, Privacy Commissioner for Personal Data, Hong Kong, addressed the first opening lecture on the challenges posed by the biometric technologies for the privacy protection and suggested tighter supervision of such sensitive data. “There has been a sharp rise in complaints concerning the collection of biometric data. Most concern the collection of employees' fingerprints by employers for attendance records,” he said. He proposed to classify the biometric data as sensitive personal data and said “The reconstruction of a fingerprint from the minutiae template with striking resemblance is not uncommon and there is a positive match in more than 90 percent of cases for most minutiae matchers.” Mr. Woo noted that healthy society should embrace different and sometimes conflicting interests. Therefore he called up on the users of biometrics data to offer less privacy intrusive alternatives and measures to lessen the adverse privacy impact.
6
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Left: Mr. Roderick Woo, Privacy Commissioner for Personal Data, Hong Kong, delivering the opening keynote address on Challenges posed by Biometric Technology on Data Privacy Protection in Hong Kong and the Way Forward; Right: Dr. Nalini Ratha, from IBM J. Watson Research Centre New York, speaking on Privacy Protection in High Security Biometrics Applications.
The second keynote speaker Dr. Nalini Ratha, from IBM J. Watson Research Centre, deliberated on the technological advances in the privacy and biometrics data protection technologies. He illustrated the concepts behind the cancellable biometrics and emphasized this as one of the most promising solutions to jointly ensure high security and privacy for the sensitive biometrics data. His speech defended on the promises from evolving biometrics technologies that can offer extremely higher degree of privacy. In this context he detailed on the technical strength of cancellable biometrics developed to protect the biometrics data and ensure privacy. In this context, Dr. Ratha cautioned on the vulnerabilities of typical biometrics system to sophisticated cyber attacks and outlined range of open issues yet to be addressed by the researchers.
Top Left: Nataša Pirc Musar, Information Commissioner of the Republic of Slovenia, presenting her paper on The Dangers of Electronic Traces: Data Protection Challenges Presented by New Technologies; Top Right: Benedicte Havelange, European Data Protection Supervisor, speaking on Data Protection in Post Lisbon EU; Left: John Kropf, Deputy Chief Privacy Officer, Department of Homeland Security, delivering the speech on The Crossroads of Privacy and Biometrics.
The next session, i.e. session A, started with a lively talk from Ms. Nataša Pirc Musar, Information Commissioner of the Republic of Slovenia. She started her speech by stating that strong tools were needed for ensuring safety in modern digital technologies and discussed on range of issues concerning legal and 7
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
technological aspects in the protection of personal data. Ms. Nataša Pirc Musar further extended the discussion on the privacy while using the internet and concluded that personal privacy can be violated while using popular commercial services like electronic road toll system, CCTV, GPS, etc. Ms. Benedicte Havelange, European Data Protection Supervisor continued the discussion as next speaker and highlighted on current data protection practices in Europe and the main changes of the Lisbon Treaty. The second speaker in this session Mr. John Kropf, from the US Department of Homeland Security (DHS), outlined the critical needs for biometrics technologies in the government departments and cited live examples to illustrate the seriousness with which DHS takes privacy. He also gave an example on US-VISIT to illustrate US privacy framework and noted that the existing privacy oversight and accountability in this framework has been recognized internationally. The third speaker of this session, Prof Stan Li, could not make it for this conference due to snow storm related cancellation of all flights from in Beijing. However, the session chair Dr. René von Schomberg used this opportunity to extend the general debate before the scheduled lunch break.
Upper left: Dr. Helen Chan, from Hong Kong Immigration Department, speaking on Deployment of Biometrics Systems and Challenges; Upper right: Dr. Alessandro Acquisti, from Carnegie Mellon University, delivering keynote talk on Of Frogs and Herds: Behavioral Economics, Malleable Privacy Valuations, and Context-dependent Willingness to Divulge Personal Information; Lower left: Tim Parker, from The University of Hong Kong, speaks on Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting Privacy in the Biometric Age; Lower right: Prof. H. Raghav Rao, from State University of New York, University at Buffalo, presenting his paper on The Unique Identification Number Project: Challenges and Recommendations.
The post lunch session, i.e. Session B, was firstly addresses by Dr. Helen Chan from the Hong Kong Immigration Department. Her presentation was largely focused on the challenges with the usage of biometrics technologies in the Hong Kong Immigration department. She showed examples of how the DNA, fingerprints, iris, and face traits are effectively exploited to improve the services delivered to the public as well as enhance the security of the identity cards and the travel documents. Prof. Alessandro Acquisti from Carnegie Mellon University gave next presentation that on behavioural economics and privacy related to revelation of personal data. He illustrated the results from a recent a study performed at Carnegie Mellon University which suggested that methods of soft paternalism and nudging privacy may be the best for increasing individual and 8
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
societal welfare related to privacy concerns. His study pointed out that the privacy valuations measured by willingness to trade-off personal information for monetary rewards and concerns about privacy measured by divulgence of private information are highly sensitive to contextual factors. Mr. Tim Parker from The University of Hong Kong gave his address which analysed biometrics and privacy protection framework from the legal aspects in Hong Kong and also in the (mainland) People’s Republic of China. Prof. H. Raghav Rao from University at Buffalo, State University of New York, presented his paper on the Unique Identification Number project (UID) recently launched in India. He discussed on some key challenges and made several recommendations for this project to increase the public awareness on the UID program, facilitate faster enrolment and handling, and amend the legal framework for its implementation.
Top Left: Prof. Massimo Tistarelli, from Università di Sassari, delivering his keynote talk on Human Face Analysis: from Identity to Emotion and Intention Recognition; Top Right: Dr. Richa Singh, from IIIT Delhi, speaking on Face Recognition and Plastic Surgery: Social, Ethical and Engineering Challenges; Left: Prof. Chi-Shing Chen, from National ChengChi University, Taiwan, delivers his talk on Biometrics Governance: H1N1 as a Case Study.
The invited talk and paper presentations in Session C were focused on privacy and socio-technological challenges in the biometrics based human identification. Prof. Massimo Tistarelli from the Università di Sassari, Italy, presented a technical analysis on the current and future face recognition technologies and compared them with the conventional human perception capabilities. He expressed concerns on the developing technologies which can be highly privacy invasive and cited recent examples from the facial expression analysis research which is intended to covertly recognize human emotions and intentions. Dr. Richa Singh from IIIT Delhi spoke on the ethical, social and engineering challenges of face recognition while encountering human faces with plastic surgery. Prof. Chi-Shing Chen from National ChengChi University, Taiwan, discussed on the governance with biometrics using the recent challenges involved in the usage of biometrics during H1N1 outbreak.
The theme of session D was on ethical values for the e-Society. Mr. Stephen Mak, Deputy Government Chief Information Officer, Hong Kong, firstly on information, security and privacy. He pointed out that with the emerging business models in the information and communication technology industry like “cloud computing” and “anything as a service” that offer users with easiness and flexibility in more dynamic ways, it is necessary to ensure the security, privacy and ethical issues in many more combinations that would have been required in the past. He also stated that prudent and proper use of biometrics is necessary on technological innovation, security and respect for privacy. Prof. Margit Sutrop, from University of Tartu,
9
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
delivered her invited talk on ethical issues in governing biometrics. She pointed out that in order to maintain public trust, it is important to let the public have some basic understanding of the biometrics technologies.
Left: Mr. Stephen Mak, Deputy Government Chief Information Officer, Hong Kong, speaking on Information, Security and Privacy; Right: Prof. Margit Sutrop, from University of Tartu, Estonia, delivers her keynote address on Ethical Issues in Governing Biometric Technologies – How to Maintain Public Trust?
The first keynote speech on the second day of conference was delivered by Prof. Xiaomei Zhai, Director Centre for Bioethics, Chinese Academy of Medical Sciences, Beijing. The ethical concerns outlined by Prof. Xiaomei Zhai included privacy, stigmatization, discrimination, the loss of identity, and some relevant decisions that concerns public welfare. She reported several incidents and public concerns on ethics and also suggested several alternatives to achieve good governance. Mr. Blair Stewart, Assistant Commissioner Office of the Privacy Commissioner, New Zealand, gave the next presentation titled “The International Standards on the Protection of Personal Data and Privacy”. In his speech, Mr. Blair made a major digression to explain the promising, but incomplete, attempt to synthesise the sensitive categories approach of the European instruments and the risk-assessment approach of the APEC framework. In doing so he explicitly picked upon on the Hong Kong Commissioner’s suggestion that biometric data be declared ‘sensitive’. He further commended that a special note being made of the Madrid Declaration endorsement of PIA (Privacy Impact Assessment) and other proactive measures from this conference.
Upper left: Prof. Xiaomei Zhai, Center for Bioethics, Chinese Academy of Medical Sciences, presents “The Status Quo and Ethical Governance in Biometric in Mainland China”; Upper right: Mr. Blair Stewart, Office of the Privacy Commissioner, New Zealand, talks regarding international standards on protection of personal data and privacy.
The post lunch session E was devoted for invited speeches and paper presentations on the applications of biometrics for security and forensics. Mr. Wing-On Chan, Francis, from Hong Kong Police Force, used the example of Facebook and the famous Tracy Turkish Brooks case, to effectively argue that the personal 10
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
information sent out every second while using internet and just replacing password control with biometrics authentication would not help. He expressed concerns on the vulnerability of biometric information and how a careless user who pays little attention to protect his password can also leave his biometric profile unprotected. Ms. Kim Legg from INTERPOL delivered next invited talk on international fingerprint and DNA exchange using INTERPOL. She reminded that the criminals do not respect borders and therefore the fingerprint and DNA information should be actively shared among countries. She cited several examples to illustrate successful usage of such facility at INTERPOL which resulted in successful conviction of criminals for the crimes committed in different countries. Dr. Elazar Zadok, Former Director, Identification and Forensic Science Division, Israel, presented his paper on the legislative and ethical questions regarding forensic ‘biometric’ databases. He pointed out that although in forensic the usage of these databases is very effective, they pose a lot of legislative and ethical concerns at the same time. He also argued that a DNA database generates more concerns since it contains sensitive genetic information regarding its owner, but this information may not necessarily be needed for the identification.
Top left: Wing-On Chan, Francis, from Hong Kong Police Force, speaking on Biometrics: The Hope or Gloom to Crime and Identity?; Top Right: Kim Legg, from INTERPOL, gives her speech on international fingerprint and DNA data sharing; Left: Dr. Elazar Zadok, former director of Identification and Forensic Science Division, Israel delivering his keynote lecture on legal and ethical issues regarding forensic biometrics databases.
The session F witnessed four invited talks on relevant topics related to digital identity and e- governance. Mr. Raymond Wong, from Jiaotong University, Shanghai, spoke on the fundamentals behind the popularity of biometrics and associated challenges with its usage in e-governance. He stated that the identity should be certified from the very beginning and the contradictions between identity and identification can be effectively resolved with the usage of B (Breeder document), C (Certainty, clarity, cogency), and D (DNA). Mr. Raymond Wong also outlined the issues like consent, shared use, twins, etc. and suggested some solutions. Mr. Ho Chang from BioID AG, Switzerland, focussed his talk on the privacy and data protection in the social 11
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
networks. He firstly overviewed on the objectives and popularity with the wide usage of social networks. He noted that the anonymity and physical distance in social networking using Facebook, MySpace, LikedIn, Twitter, etc., can lead to false sense of security. Mr. Chang cautioned on the risks bore by users and service providers, including for the privacy and data protection, while visiting social networking sites and suggested the potential usage of biometrics to enhance the trust in such scenarios. The next speaker in this session, Mr. Vinayak Godse from the Data Security Council of India, gave his talk on building a new ecosystem for cyber security and data protection. He firstly introduced the new trends in Indian e-economy. He introduced the key legal features of recent IT (Amendment) Act, 2008, which brings legal regime for cyber security and privacy to its citizens. He noted that the most law enforcement challenges are aggravated due to trans-border nature of crimes, which can be more effectively addressed by building healthy and responsible international collaboration. Mr. Nicolas Delvaux, from Sagem Sécurité, spoke on the effective usage of biometrics for identity trust. He outlined the technical differences between the traditional passport and the e-passport and discussed on the strengths of biometrics to enhance the protection of identity. He brought out that biometrics security can be used to enhance privacy and anonymity. Mr. Nicolas called for developing new technologies to protect citizen’s identity, against misuse, abuse and corruption of identity, so that the privacy and security becomes positive sum paradigm. This concluded the session on digital identity and e-governance, which was also the final keynote session of this conference.
Upper left: Mr. Raymond Wong, from Jiaotong University, Shanghai, gives his keynote talk on ABCD of BI; Upper right: Ho Chang, from BioID AG, speaks on Privacy and Data protection in Social Networks; Lower left: Mr. Vinayak Godse, from Data Security Council of India, presents on the Data Protection and Cyber Security; Lower right: Mr. Nicolas Delvaux, from Sagem Sécurité, speaks on Protected Biometrics for Identity Trust.
The last or concluding session of this conference was chaired by Prof David Zhang and was intended to summarize the deliberations from this conference. The coordinator of RISE project, Prof. Emilio Mordini drew the conclusion that even though biometrics technologies may cause potential problems and risks, the use of this technology should not be restrained, and the solution for all the problems will be found by continuing 12
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
dialogue and world-wide collaboration. This result underscores the importance that world-wide collaboration would play in the future usage of biometrics across the world. Dr. René von Schomberg from the European Commission, DG Research, Ethics and Governance and Project Officer of RISE, summarized that the public awareness should be raised on the biometrics technologies, to ensure more effective protection of personal privacy and biometrics data. Without adequate measures to protect the biometric profile of an individual, no widespread scheme to utilize biometric data would be successful, this necessitates further research into ensuring safety of biometric data and researchers must take this challenge with priority. Mr. John Kropf, from the Department of Homeland Security, USA, concluded that the challenges of using biometrics versus privacy intrusion and human rights violation are world-wide, and to address these issues authorities would need world-wide collaboration, dialogues among different communities and communications among various domains of expertise ranging from bureaucrats to research scientists.
The proceedings of this conference were published as post conference proceedings by Springer, Lecture Notes in Computer Science, LNCS 6005. The authors of each of the accepted papers were provided ten additional days following this conference so that they can submit the revised version of their papers that incorporates the comments and feedback received during the conference. The third international conference on ethics and policy of biometrics and international data sharing witnessed wide consensus on designating biometric data as sensitive. The conference debates also outlined the need to bring more public awareness for higher privacy and security controls in popular social networking websites. In summary this conference was highly successful in bringing the awareness on the ethics and policy of biometrics and a significant step forward in developing consensus, collaborations and understanding on ethical, medical, legal, social, cultural and political issues among researchers, policymakers, consumers and privacy groups which usually address these issues from different perspectives.
13
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
V. Call for Papers
14
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
VI. Abstracts and Biographies Opening Session 09:00 – 09:10 Hon. Samson Tam, JP, Legislative Councillor (Information Technology Functional Constituency) Biography: Samson Tam is a home-grown IT man with an international orientation, with a bachelor degree from CUHK and a doctorate from Hong Kong Polytechnic. He was bitten early by the business bug. In 1989, at age 24, he successfully launched his first invention. By 1993, Tam’s company, with him as Chairman, was listed on the Stock Exchange of Hong Kong. It now counts iconic multinationals among its blue-chip clients. Tam himself was named one of the “Ten Outstanding Young Persons” in year 1997.
Tam takes his civic duties seriously, serving bodies both within and without the IT industry. He is currently Deputy Chairman of the HKPC. Previously, he also sat on the government’s Commission on Strategic Development. He represented the Information Technology Sub-sector in the 2006 Hong Kong Chief Executive Election Committee. He is a member of VTC’s Information Technology Training and Development Committee, the Digital 21 Strategy Advisory Committee and the Small and Medium Enterprises Committee.
He knows that creativity is the essence of the IT industry. Nurturing creative entrepreneurship keeps the industry growing. He has been willing to participate in angel investments to help out local budding IT entrepreneurs.
In June 2008, in recognition of his service and leadership in technology and the community, Tam was awarded an Honorary Fellowship by HKUST, the leading technological university in Asia. He is successfully elected to be the Legislative Councillor (ITFC) in September 2008.
09:10 – 09:20 Emilio Mordini RISE Project Coordinator, Centre for Science, Society and Citizenship, Rome, Italy Biography: Dr. Mordini is an M.D. from the University “La Sapienza” of Rome, and an M.A. in Philosophy from the Pontifical University “S. Thoma” of Rome. Since March 2002 he has been managing director of the Centre for Science, Society and Citizenship (CSSC) an independent, interdisciplinary research centre that addresses ethical and policy issues in healthcare and biomedical research. Emilio Mordini is certified scientific expert of the Italian Ministry of Education, University and Research.
Dr. Mordini is a practising psychiatrist (sub specialized in psychodynamic psychotherapy) and he is ordinary member of the Italian Association of Psychiatry. Since 1996 he has been members of the Bioethical Commission of the National Research Council (CNR) where he currently serves as scientific secretary. He is also member of the Bioethical Commission of the Medical Association of Rome. He is coordinator (together KWM Fulford) of the Psychiatric Network of the International Association of Bioethics, and member of the executive council of the Association for the Advancement of Psychiatry and Philosophy (AAPP).
Dr. Mordini has coordinated various research projects in bioethics both at Italian and European level, among which “Brain Elsa: ethical, legal, and social aspects of brain research”, “EURO ELSAV: ethical, legal and social aspects of vaccine research and vaccination policies in Europe”, and “Big – Bioethical Implication of Globalisation Processes”. He is past treasurer and past secretary of the European Association of Centres of Medical Ethics (EACME). He has also served as a member of the board of directors of the International Association of Bioethics (IAB).
15
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
09:20 – 09:30 Alex Wai Dean of Engineering, The Hong Kong Polytechnic University, Hong Kong Biography: Prof. P. K. Alex Wai received the Bachelor of Science (Hons) degree with first class honours from the University of Hong Kong in 1981, and the M.S. and Ph.D. degrees from the University of Maryland, College Park, USA, in 1985 and 1988, respectively. In 1988 he joined Science Applications International Corporation in McLean, VA, where he worked as a Research Scientist on the Tethered Satellite System project. In 1990 he became a Research Associate in the EE Department of the University of Maryland, Baltimore County, USA. In 1996 he joined the Department of Electronic Engineering, Hong Kong Polytechnic University as an Assistant Professor, in 1997 he became Associate Professor, in 2002 he became Professor and Head of the Department, in 2005 he became Chair Professor of Optical Communications and Dean of Faculty of Engineering.
His research interests include theory of solitons, modeling of fiber lasers, simulations of integrated optical devices, long distance fiber optic communications, and neural networks. Prof. Wai is an active contributor to the technical field, having over 80 international publications. He is a reviewer for many international journals and was an invited speaker in international conferences. Prof. Wai is a member of Optical Society of America and a Senior member of IEEE.
Session A
11:00 – 11:20 Nataša Pirc Musar Information Commissioner of the Republic of Slovenia
The Dangers of Electronic Traces: Data Protection Challenges Presented by New Technologies
Abstract: Modern IT technologies are more and more invasive for peoples’ privacy. E-ticketing involves processing of a significant amount of personal data at the time the cards are issued to users and every time the card is used. Personal data is being processed thanks to the identifiers that are associated with every subscriber and collected by the validation devices to be subsequently stored in the databases of transport companies. Biometric data always refers to an identified or at least identifiable person. And even when stored electronically in a form of a template it is still personal data, as it is not impossible to identify an individual. In terms of data protection rules applicability to online marketing practices a common misconception and the position usually held by the industry is that the processed data is anonymized due to the fact that IP-address is removed and supplemented by a unique identifier to differentiate between different users. Data Protection Authorities in Europe claim that the data collected and processed in the course of behavioural advertising definitely represents personal data as its core purpose is to differentiate between users.
Biography: Nataša Pirc Musar was born in 1968 in Ljubljana. After graduating from the Faculty of Law in Ljubljana in 1992, she passed the bar examination in 1997. After completing her studies she was employed for six years at the Slovenian national television as a journalist and news presenter of the main news TV Dnevnik. Subsequently, she worked for five years as news presenter on “24 ur”, the central information programme of the largest commercial television broadcaster in Slovenia, POP TV.
She gained additional experience in journalism at CNN, and attended the Media Department of the Salford University in Manchester in the UK for two semesters. During her studies she did her professional practice at BBC, Granada TV, Sky News, Reuters TV and Border TV.
16
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
She has also contributed newspaper articles and worked on radio. Striving for new knowledge, she moved in 2001 to the financial sector where she joined the largest Slovenian private financial corporation Aktiva Group as a Head of Corporate Communications. In April 2003 she became Director of Training and Communications Centre at the Supreme Court of the Republic of Slovenia. On July 15th, 2004, she was elected in the National Assembly to become the second slovenian commissioner for access to public information. She was nominated by the President of the Republic of Slovenia. From December 31, 2005 onwards, when Office of the Commissioner for Access to Public Information merged with the Inspectorate for Personal Data Protection, Nataša Pirc Musar performs her function as an Information Commissioner and s fluent in Croatian/Serbian and English.
11:20 – 11:40 Bénédicte Havelange European Data Protection Supervisor, Brussels Data Protection in Post Lisbon EU
Abstract: The Lisbon Treaty just entered into force and will change profoundly the institutional and legal landscape in Europe. In the context of biometrics, I will discuss the outstanding issues and on the role of European Data Protection Supervisor. My talk will extensively discuss on the impact of the Lisbon Treaty on the development of an EU area of Freedom, Security and Justice.
Biography: Bénédicte Havelange works for the policy and Information Unit of the European Data Protection Supervisor; she is coordinator of the EDPS' activities related to EU large-scale IT systems and to border management/immigration/asylum issues. Before her appointment at the EDPS, she worked for the Belgian Data Protection Authority as a legal officer and later as the Secretary- General. She represented the DPA in several international fora such as the Joint Supervisory Authorities of Schengen, Europol and CIS or the Article 29 Working Party. Her main tasks at the EDPS are organising the coordinated supervision of Eurodac (EU database on asylum seekers), drafting legal opinions on EU legislative proposals, providing advice on EDPS policy, following up on the development of new EU large-scale IT systems (i.e. SIS II, Visa Information System, Customs Information System).
11:40 – 12:00 John Kropf Deputy Chief Privacy Officer, Department of Homeland Security, USA The Crossroads of Privacy and Biometrics
Abstract: Three-part presentation intended to provide an overview of the Department of Homeland Security biometric systems and how they incorporate privacy protections. The presentation will summarize the basic privacy framework used by DHS. Part three of the presentation reports on developments in biometrics between governments.
Biography: John W. Kropf serves as the Deputy Chief Privacy Officer and Senior Adviser for International Privacy Policy in the Privacy Office with the DHS. He serves as a key adviser to DHS's Chief Privacy Officer and other DHS leadership on issues related to compliance with privacy laws, DHS polices programs and agreements that adhere to fair information principles as well as chief operation officer and policy strategist for the Privacy Office. Kropf also oversees the Office’s international privacy work and has represented the Department on U.S. Government delegations to the OECD, APEC and served as adviser to various international negotiations. Before joining DHS, Kropf worked for ten years as an international lawyer with the U.S. Department of State in the Office of the Legal Adviser. He also served two years with the American Embassy in Turkmenistan where he was served as Country Director for USAID. He began his federal career as an attorney with the U.S. Department of Justice Honors Program. Kropf earned his law degree and a
17
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Masters of Public and International Affairs from the University of Pittsburgh. He is a member of bars of Pennsylvania and the District of Columbia. He and has published numerous articles on global privacy issues.
12:00 – 12:20 Stan Li Chinese Academy of Sciences, Beijing, China Biometrics in China: Trends, Opportunities, Challenges
Abstract: In this talk, China's national facts related to biometrics and introduce governmental and research organizations is reported, and followed by a presentation of recent advances in biometrics R&D and significant deployments of biometrics applications. Situations of biometric standardization and privacy concerns are reported and discussed.
Biography: Stan Li received the PhD degree from Surrey University, UK. He is currently a professor at National Laboratory of Pattern Recognition (NLPR), the director of Center for Biometrics and Security Research (CBSR), Institute of Automation, Chinese Academy of Sciences (CASIA); and co-director of Joint Laboratory for Intelligent Surveillance and Identification in Civil Aviation (CASIA-CAUC). He worked at Microsoft Research Asia as a researcher from 2000 to 2004. Prior to that, he was an associate professor at Nanyang Technological University, Singapore.
His research interest includes pattern recognition and machine learning, image and vision processing, face recognition, biometrics, and intelligent video surveillance. He has published over 200 papers in international journals and conferences, and authored and edited 5 books including "Markov Random Field Modeling in Image Analysis" (Springer, 1st edition in 1995 and 2nd edition in 2001). He is currently an associate editor of IEEE Transactions on Pattern Analysis and Machine Intelligence and has been actively participating in organizing a number of international conferences and workshops in the fields of his research interest.
Stan Li is an expert in face recognition, biometrics and intelligent video surveillance. The Eye-CU face recognition system he developed at Microsoft Research Asia was demonstrated by Bill Gate on a CNN interview. He has been leading several national and international collaboration projects in biometrics and intelligent video surveillance. The AuthenMetric face recognition system and intelligent video surveillance system have been deployed in many applications. He acted as the program chair for the Asian Biometrics Forum 2006 and a co-chair for the International Conference on Biometrics 2007. He delivered a speech on Biometrics in China, on behalf of the China National Body, at the 2006 ISO/IEC JTC1 SC37 meeting in London. He co-edited Handbook of Face Recognition (Springer, 2005), and is acting as editor-in-chief for Encyclopedia of Biometric Recognition (Springer, to be published 2008).
Session B
14:00 – 14:20 Helen Chan Hong Kong Immigration Department, Hong Kong Deployment of Biometrics and Challenges
Abstract: Speedy and accurate identity verification is a common requirement for performing various functions of the Immigration Department effectively. The presentation will share with the audiences how the Department makes use of biometrics technology to enhance the security of the identity card and the travel documents as well as to improve the services delivered to the public.
18
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Biography: Dr. Helen Chan joined the Immigration Service in 1982 as an Assistant Immigration Officer. She was promoted to Chief Immigration Officer in 1998, Assistant Principal Immigration Officer in 2001, Principal Immigration Officer in 2002 and Assistant Director in 2006.
Dr. Chan had vast experience in immigration work, including the issue of documents to Hong Kong residents, the planning and implementation of large-scale computer systems in the Immigration Department, lobbying for visa-free arrangements for Hong Kong Special Administrative Region passport holders to other countries, and visa and policies related work.
14:20 – 14:40 Alessandro Acquisti Carnegie Mellon University, USA Of Frogs and Herds: Behavioral Economics, Malleable Privacy Valuations, and Context-dependent Willingness to Divulge Personal Information
Abstract: The results of a number of experiments investigating privacy valuations and decision making through the lenses of behavioral economics will be reported. Contrary to the assumption in much social science that people have stable, coherent preferences with respect to personal privacy, we find that privacy valuations measured by willingness to trade-off personal information for monetary rewards and concerns about privacy measured by divulgence of private information are highly sensitive to contextual factors. Results from a number of experiments will be reported, one of which was designed to measure individual willingness to pay to protect and willingness to accept to divulge personal data; while others were designed to elicit or to suppress privacy concerns. This research raises questions about whether individuals are able to navigate in a self-interested fashion increasingly complex issues of privacy.
Biography: Alessandro Acquisti is Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University, a member of Carnegie Mellon CyLab, and a fellow of the Ponemon Institute. His research investigates the economics, and behavioral economics, of privacy and information security, as well as privacy in online social networks. Alessandro has been the recipient of the PET Award for Outstanding Research in Privacy Enhancing Technologies and the IBM Best Academic Privacy Faculty Award. His discovery of the predictability of Social Security numbers made headlines on US and international newspapers in July 2009, and was featured in the “Year in Ideas” issue of the New York Times Magazine. Alessandro’s research has been disseminated through journals (including the Proceedings of the National Academy of Science, Marketing Science, Marketing Letters, Information Systems Research, IEEE Security & Privacy, Journal of Comparative Economics); edited books and book chapters; and leading international conference proceedings and keynotes. His findings have been repeatedly featured in media outlets such as NPR, the New York Times, the Wall Street Journal, the Washington Post, the New Scientist, MSNBC.com, Wired.com, NBC, CNN, and Fox News. He holds a PhD from UC Berkeley and Masters from UC Berkeley, London School of Economics, and Trinity College Dublin.
14:40 – 15:00 Tim Parker The University of Hong Kong, Hong Kong Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting Privacy in the Biometric Age
Abstract: The creation of a record containing biometric data would, in most legal systems, engage laws governing when, how and by whom that record may be accessed, stored, copied, destroyed, etc. However, there remain grave concerns amongst privacy advocates that existing privacy laws - which in many jurisdictions are general or 'principle-based' in nature – are insufficient to protect the individual from specific and distinct threats to privacy said to attach to biometric data. This talk will analyse the legal properties
19
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
intrinsic to biometric data as against other established categories of protected data. The survey is cross- jurisdictional, with emphasis upon the laws of the Hong Kong SAR and the People's Republic of China.
Biography: Hailing originally from Australia, Tim has been based in Hong Kong for the past 10 years. Tim is a practicing Barrister in Hong Kong, with Denis Chang S.C.’s Chambers. His practice deals predominantly with public law and international law litigation and advice, including in particular: immigration law, human rights and refugee law.
Tim also teaches at the University of Hong Kong, providing instruction on public international law, international humanitarian law, human rights law, and advocacy. He holds a Bachelor of Arts degree (with a major in Chinese Studies) from the University of Melbourne, and a Bachelor of Laws and Postgraduate Certificate in Laws from the University of Hong Kong.
15:00 – 15:20 H. Raghav Rao State University of New York, University at Buffalo, USA The Unique Identification Number Project: Challenges and Recommendations
Abstract: This paper elucidates the social, ethical, cultural, technical, and legal implications / challenges around the implementation of a biometric based unique identification (UID) number project. The Indian government has undertaken a huge effort to issue UID numbers to its residents. Apart from possible challenges that are expected in the implementation of UID, the paper also draws parallels from Social Security Number system in the US. We discuss the setbacks of using the Social Security Number as a unique identifier and how to avoid them with the system being proposed in India. We discuss the various biometric techniques used and a few recommendations associated with the use of biometrics.
Biography: Professor Rao graduated from Krannert Graduate School of Management at Purdue University. His interests are in the areas of management information systems, decision support systems, e-business, emergency response management systems and information assurance. He has chaired sessions at international conferences and presented numerous papers. He also has co-edited four books of which one is on Information Assurance in Financial Services. He has authored or co-authored more than 175 technical papers, of which more than 100 are published in archival journals. His work has received best paper and best paper runner up awards at AMCIS and ICIS. Dr. Rao has received funding for his research from the National Science Foundation, the Department of Defense and the Canadian Embassy and he has received the University's prestigious Teaching Fellowship. He has also received the Fulbright fellowship in 2004. He is a co-editor of a special issue of The Annals of Operations Research, the Communications of ACM, associate editor of Decision Support Systems, Information Systems Research and IEEE Transactions in Systems, Man and Cybernetics, and co-Editor-in-Chief of Information Systems Frontiers. Dr. Rao also has a courtesy appointment with Computer Science and Engineering as adjunct Professor. Professor Rao's PhD students have placed at Sogang U, UNCG, ASU, USF, FAU, MSU, OKState, FSU, PennState and others. Professor Rao teaches Information assurance, Networks and e-commerce. Prof Rao is also the recipient of the 2007 State University of New York Chancellor's award for excellence in scholarship and creative actitivities.
Session C
16:00 – 16:20 Massimo Tistarelli Università di Sassari, Alghero, Italy Human Face Analysis: from Identity to Emotion and Intention Recognition
20
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Abstract: Face recognition is the most natural mean of recognition by humans. At the same time, images (and videos) of human faces can be captured without the user’s awareness. The entertainment media and science fiction has greatly contributed in shaping the public view of these technologies, most of the times exaggerating the potential impact in one’s privacy. Even though face images can be acquired, in any place, with hidden cameras it is also true that face recognition technology is not dangerous per se. Rather, whenever properly deployed, it can result for the protection of the citizens and also enhance the user convenience.
Face recognition today has achieved a quite high performance rate and most of the problems hindering the use of this technology have now been solved. Faces can be analyzed and characterized on the basis of several features. Then, a face can be tagged with several properties, not only the bearer’s identity, but also his gender, approximate age and possible familiarity with others. Moreover, the analysis of the facial expression may also lead to understanding the mood, maybe the emotional state and intentions of the analyzed subject. May this lead to a ”Big Brother scenario”? Is this technology going to hinder a person’s freedom or privacy? These questions are still to be answered and mostly depend on tomorrow’s good use of this emerging technology. As for today, many scenarios can be envisaged where face recognition technologies can be fruitfully applied. Among them, the border control at airports and other ports of entry are just the most addressed in the recent past. Other applications still exist which have been overlooked and are yet worth a more extensive study and deployment from both the Academia and Industry.
Biography: Massimo Tistarelli was born on November 11, 1962 in Genoa, Italy. He received a degree in Electronic Engineering from the University of Genoa, Italy in 1987 and the Phd in Computer Science and Robotics in 1991 from the same university. Since 1986 he has been involved as project coordinator and task manager in several projects on computer vision and image analysis funded by the European Community.
During 1986, 1991 and 1996 he has been visiting the Department of Computer Science, Trinity College, Dublin Ireland, developing methodologies aimed at the investigation of low-level visual processes. In 1989 he was a visiting scientist at Thinking Machines Co. and MIT in Cambridge, Massachusetts, developing parallel algorithms for dynamic image processing on the Connection Machine system. Since 1994 he has been the director of the Computer Vision Laboratory at the Department of Communication, Computer and Systems Science of the University of Genoa, leading several national and European projects on computer vision applications and image-based biometrics.
His main research interests cover biological and artificial vision (particularly in the area of recognition and dynamic scene analysis), biometrics, robotic navigation and visuo-motor coordination. He is author of more than 80 papers in scientific conferences and international journals. In 2000 he was the chairman for the International workshop on "Advances in Facial Image Analysis and Recognition Technology," in 2002 for the International workshop on “Biometric Authentication” and in 2007 for the fifth Int. Workshop on Automatic Identification Advanced Technologies. Prof. Tistarelli is the general chairman for the 3rd Int. Conference on Biometrics. He was associate editor for the journal Image and Vision Computing. Since 2003 he is the director for the International Summer School for Advanced Studies in Biometrics held in Alghero, Italy. Massimo Tistarelli is currently Full Professor in Computer Science at the Department of Architecture and Planning at the University of Sassari, Italy. He is fellow member of IAPR and senior member of IEEE.
16:20 – 16:40 Richa Singh IIIT Delhi, New Delhi, India Face Recognition and Plastic Surgery: Social, Ethical and Engineering Challenges
Abstract: Face recognition systems has engrossed much attention and has been applied in various domains, primarily for surveillance, security, access control and law enforcement. In recent years much advancement
21
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
have been made in face recognition techniques to cater to the challenges such as pose, expression, illumination, aging and disguise. However, due to advances in technology, there are new emerging challenges for which the performance of face recognition systems degrades and plastic/cosmetic surgery is one of them. In this paper we comment on the effect of plastic surgery on face recognition algorithms and various social, ethical and engineering challenges associated with it.
Biography: Richa Singh received her M.S. and PhD degrees in Computer Science in 2005 and 2008 respectively from the Lane Department of Computer Science and Electrical Engineering at West Virginia University. She have over 80 research publications in refereed journals, book chapters, and conferences and is the recipient of five best paper awards. She is a member of the IEEE, Computer Society, ACM, Golden Key International, Phi Kappa Phi, Tau Beta Pi, Upsilon Pi Epsilon, and Eta Kappa Nu honor societies.
She is also a member of the Indian Biometrics Standards Committee and the United States ANSI/NIST Committee to Define an Extended Fingerprint Feature Set. Her current areas of interest are pattern recognition, image processing, machine learning, granular computing, and biometric authentication.
16:40 – 17:00 Chi-Shing Chen National ChengChi University, Taiwan Biometrics Governance: H1N1 as a Case Study
Abstract: From a legal point of view, governance has specific meaning in the context of bottom up and dialogical approach to regulation instead of top down, command and control. H1N1, like previous SARS, poses great threat to public safety. There are already hospital applications, using RFID and biometrics to manage and track people who has virus that are dangerous to others. But it is not a technological issue alone; more technological innovation may be developed and at the same time without hurting personal right if different disciplines can communicate effectively to build best practices to response to the public safety crisis. In this talk, I will discuss and propose an interdisciplinary (technological, legal, medical/ethical, and administrative) dialogical approach thru a internet governance web to have a better and more effective responsive scheme toward H1N1 and future virus threatening public safety. Current legal framework is not adequate enough to develop such an integrated response mechanism and will also be discussed.
Biography: Professor Chi-Shing Chen received his S.J.D. from the University of California, Berkeley. He is specialized in History of Western Jurisprudence, Introduction to the Study of Law, Information Technology and Literacy, Law and Information.
Session D
17:00 – 17:20 Stephen Mak Deputy Government Chief Information Officer, Hong Kong Information, Security and Privacy
Abstract: Biometrics is increasingly taking on expanded meanings and contexts. It has certainly gone way beyond the traditional boundaries of application in identity management. The traditional capture of biometric data is more explicit and usually on a more large scale. With the advent of the explosive use of the Internet, social networking/engineering, remote sensing, wearable computers, etc., devices and machines that themselves can perform biometric-like functions are opening up new applications on the one hand, and creativity new issues on security, privacy and ethics on the other. In the foreseeable future, further major developments in information and communications technology (ICT) and associated service platforms will add 22
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
to the complexity of addressing these issues, especially when the responsibilities for these issues are being changed, or even lost in transit. With the emerging business models in the ICT industry like “cloud computing” and “anything as a service” that offer users with easy-to-acquire and flexible-to-expand services in more dynamic ways, it is necessary to consider the security, privacy and ethical issues in many more combinations that would have been required in the past. By the same token, in considering public policies and regulatory frameworks that touch upon these issues, it is also important that we recognize the evolving and even amorphous nature of the issues, and do not consider them as part of a zero-sum game such that something is achieved only at the expense of another. Prudent and proper use of biometrics is compatible with Hong Kong’s policy and strategy on technological innovation, security and respect for privacy. We encourage innovators, entrepreneurs, vendors, regulators and governments to collaborate in striking a balance in the effective use and deployment of biometrics.
Biography: Stephen Mak is the Deputy Government Chief Information Officer (Operation) of the Hong Kong Special Administrative Region Government. The Office of the Government Chief Information Officer (OGCIO) is responsible for formulating policies and strategies and implementing measures to drive IT development in Hong Kong. Mr. Mak is responsible for IT industry development policy and strategy, including cooperation with the Mainland and countries that have ICT collaboration agreements with Hong Kong. He also directs the provision of programme management and application integration services; IT infrastructure and security, technology management and sourcing; standards and IT security policy; IT manpower and professional development; and programmes to facilitate the development of the local IT industry, promote the adoption of e-business and bridge the digital divide.
Mr. Mak has 35 years of experience in the IT field. He joined the Hong Kong Government in 1975 and has since held a number of IT strategic planning, programme and technology management, professional services and corporate management positions. He holds an MBA degree from the Chinese University of Hong Kong, and is a Chartered Engineer and a Chartered Information Technology Professional.
17:20 – 17:40 Margit Sutrop University of Tartu, Estonica Topic: Ethical Issues in Governing Biometric Technologies – How to Maintain Public Trust?
Abstract: Public discussion on the ethical issues of biometrics has been lacking so far. Such discussion is mandatory, as authentic public trust is depending on the information and understanding of the issues at stake. As biometric technologies are based on measurements of physiological or behavioral characteristics of the human body, biometrics raises a host of ethical concerns such as protection of privacy, autonomy, and bodily integrity, risk of social exclusion, etc. Most of these concerns seem to be more or less similar to the questions raised by the ethics of technology in general. On the other hand biometrics is considered to be one of the most significant examples of how complex it is to match individual and collective needs and values.
In the first part of the paper it will be asked whether there are any specific ethical issues raised by the development and use of biometric technologies. In the second part of the paper it will be asked how standard ethical questions are changed by biometric technologies and whether these technologies require new ethical frameworks.
Biography: Margit Sutrop is a Professor of Practical Philosophy, Head of the Institute for Philosophy and Semiotics and the founding Director of the interdisciplinary Centre for Ethics at Tartu University. She has published widely on aesthetics, moral and political philosophy, bioethics, and ethics of technology. Her current research interests are value pluralism, moral motivation, and ethical issues of new technologies. She is the author of “Fiction and Imagination. The Anthropological Function of Literature” (Paderborn: Mentis, 2000)
23
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
and editor of 10 books. She has been guest editor of a special issue of Bioethics (vol. 18, 2004) on pharmacogenetics and of Trames (vol. 8, 2004) on the ethical, legal and social issues of human genetic databases. She has coordinated numerous national (10 grants) and international (8 grants) R&D projects. She is member of the Estonian President’s Advisory Board, member of the Estonian Council of Bioethics, member of the Clinical Ethics Committee of Tartu University Clinic, member of the Council of the Academia Europaea, of the European Commission’s Advisory Board for Humanities in the 7th FP and an independent ethical expert of the European Commission.
Session E
10:00 – 10:20 Wing On Chan, Francis Superintendent of Police, Hong Kong Police Force, Hong Kong Biometrics: The Hope or Gloom to Crime and Identity?
Abstract: While eye-witness was perhaps the only lead to crime detection in ancient times, social and technological progression enabled a huge leap from visual identification, physical, biological, biochemical to biotechnological identification. What lies the future in biometrics? What about cyber identity? What are the challenges and opportunities they are bringing towards identity and crime?
Biography: Chan Wing On, Francis, has extensive service and expertise with the Hong Kong Police Force in the realm of criminal investigation, intelligence-led policing, cybercrime and information security. His proactive and insightful policing style earned him recognitions whether he was bashing the triad groups, dissolving organized swindlers or eliminating security threats. His policing experience spans from the Regional Anti-Triad Unit, Organized Crime and Triad Bureau, Technology Crime Division, and currently Information Systems Wing. Francis will present, from the angle of crime busters, whether biometrics is the hope or could be the gloom to future crime situations and in particular the issue on identity and crime.
10:20 – 10:40 Kim Legg General Secretariat, INTERPOL, Lyon, France International Fingerprint and DNA Exchange Using INTERPOL
Abstract: INTERPOL is the world's largest international police organization, with 188 member countries. INTERPOL has international fingerprint and DNA databases and encourages member countries to utilize these by submitting fingerprints and DNA profiles from non nationals including those from crime scenes. The presentation, hopefully, will demonstrate the need for sharing of such data.
Biography: Ms Kim Legg is fingerprint examiner and currently works with INTERPOL based in France.
10:40 – 11:00 Elazar Zadok Former Director, Identification and Forensic Science Division, Israel Legislative and Ethical Questions Regarding Forensic 'Biometric' Databases
Abstract: Forensic Science is gaining more importance in criminal justice, since the development of new sensitive and accurate scientific tools, and the construction of large computerized databases. Although very
24
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
effective, these databases pose a lot of legislative and ethical concerns. In case of DNA concerns are deeper since it contains sensitive genetic information regarding its owner, not necessarily needed for his identification. This paper focuses on issues related to the collection, utilization and retention of DNA samples and profiles of legally innocent populations, illustrated by a case study where a voluntarily given DNA sample for a murder investigation successfully solved three non related rape cases.
Biography: Elazar (Azi) Zadok got his Ph.D in organic chemistry from the Weizman Institute of Science in Rehovot, Israel in 1983. He served in different senior scientific positions in the Israeli Defense Forces (IDF) and the Israeli chemical industries. During the years 2000-2007 he was the Director of the Division of Identification and Forensic Science (DIFS) of the Israel National Police, ranking Brigadier General. He was deeply involved in the legislation and the establishment processes of the Israeli National Forensic DNA Database, becoming operational early in 2006. He also led the process of accreditation of the National Forensic Labs. He is now retired, serving as consultant for forensic services construction in developing countries, and is still active in lecturing on legislative and ethical perspectives of forensic databases.
Session F
11:20 – 11:40 Raymond Wong Visiting Professor, Jiaotong University, Shanghai, China ABCD of BI
Abstract: Biometrics is not something new. Applying biometrics for identification purposes has long existed for centuries. One interesting question is whether biometrics should be taken for identification purposes or biometrics should be adopted as cogent means for identity, hence the biometric identity. The former tells you the identity of a person which may be false while the latter attempts to impress that a particular identity is unique and trustworthy. There is a subtle difference between the two. To bridge this gap of the two, a convincing method should be in place. Raymond will explain his concept of ABCD for this purpose.
Biography: Raymond served the Hong Kong Immigration Department over 35 years, 25 years of which were related with information technology and identification documents. Heading the Information System Branch of the Department, he was the CIO cum CTO of the Department from 2002 till 2007 when he retired.
He was involved in all major computer systems and personal document projects of the Hong Kong Immigration Department from 1980’s until his retirement. Being the master mind, helmsman and lead engineer in implementing the 32 projects of the Second Information Systems Strategy from 1999 till 2007, he had delivered high quality and award winning systems for the Department. These include, inter alia, the Smart Identity Card Information System, the Control Point System, the Face Recognition System, the e- channel systems and the e-passport system.
He received two Bachelor’s degrees of Laws in China and UK respectively and has been awarded five Master’s degrees in Comparative Law, Chinese Laws, Management, Information Systems and Business Administration from universities in U.K., Hong Kong and China. He also holds a Doctor’s degree in Business Administration from University of Newcastle, Australia.
Raymond was awarded the ID People Awards (Honorable Mention) in the ID World International Congress, Milan in November 2006. He was selected the Hong Kong Computer Society Outstanding IT Achiever
25
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Awards 2008: IT Leadership Award in early 2009. He has been appointed to be member of the Editorial Board of the Keesing Journal of Documents and Identity since 2009.
11:40 – 12:00 Ho Chang BioID AG, Switzerland Privacy and Data Protection for Social Networks
Biography: Ho Chang, founder of the BioID AG, has been CEO and Chairman of the Board since the inception of the company. BioID AG is a leading Swiss company in multimodal biometrics with its R & D facilities based in Germany. Mr. Chang has been in the industry since 1981. Despite of his involvement in the industry, Mr. Chang is an advocate of Bioethics and has been a regular speaker and participant for various events such as BITE (Biometric Identification Technology Ethics) conference, conferences and workshops organized by EU on Ethical and Social Implications of Biometric Identification Technology, Asia Biometric Workgroup etc. as well as a guest speaker on biometrics at various institutes. Mr. Chang graduated from the University of Toronto in Mathematics and Computer Science and has worked for companies such as Hewlett- Packard and Northern Technologies in Canada.
12:00 – 12:20 Vinayak Godse The Data Security Council of India, India Building a New Ecosystem for Cyber Security and Data Protection
Abstract: Expanding cyber security threats, evolution of cyber terrorism, rapid cyber crime investigation requirements, increasing awareness of security of personal data gathered by organizations, data protection requirements of Indian IT/BPO companies serving global clients and Increased security requirements for expanding e-governance and e-commerce demand a national level security ecosystem. This should be supported by government initiatives, strong legal framework, and effective law enforcement. Industry, on the other hand, should share this responsibility by deploying competent solutions at their end, and partner with government in its endeavour to build the capacity.
IT (Amendment) Act, 2008 enacted by Government of India, operational since 27th Oct 2009, offers a strong lever to “address all contemporary cyber security challenges” and promises establishing a “strong data protection regime” in India. Measures such as passing investigation power to a lower level officer and setting up of the cyber appellate tribunal will ensure speedier trial of cyber crimes. On the one hand, it introduces the concept of “sensitive personal information”, and liability of the ‘body corporate’ to protect the information, and on the other hand, it fixes the liability of individual for breach of confidentiality and privacy. This will go a long way for establishing a strong data protection regime in India, and certainly boost the confidence of global clients who are sending their data as a part of outsourcing to Indian IT/BPO companies.
Strengthened role of Role of CERT-In will contribute to improvement of security of critical infrastructure. Government’s policy initiative on encryption will provide the necessary impetus to the growth of e-commerce and e-governance. Government is also increasingly investing towards the cause of cyber security, which includes nationwide awareness initiatives, taking cyber safety messages to community, home users and the most vulnerable population like students. A key initiative of providing unique identity, would significantly add reliability and security of transactions. The UIDAI project will contribute to limit the identity threats that are posing significant challenges to increasing internet transactions. Law Enforcement bodies are gearing up to these new challenges upgrading their skills and building their competencies. Industry is also partnering with Law Enforcement bodies in their effort of building competencies.
26
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Industry, on the other hand, is extending its support, working closely with government, and collectively contributing to build “strong National Security Ecosystem”. An industry initiative, Date Security Council of India, has been set up to focus on security and data protection to promote India as a trustworthy outsourcing destination. On the one hand, it works closely government in its policy enablement, and, on the other hand, it collaborates with international institutes and bodies that are working for the same cause. Being a leader in IT/ITES services, many companies are now augmenting security capabilities. Security has been seen a key interest of industry and academia, many security organizations flourished in recent past that are contributing to the building the ecosystem. This session will take a review on how different the different forces in India are working together to creating and strengthening the security ecosystem.
Biography: Mr. Vinayak Godse holds a BE (Electronics), and is Certified Information Security Manager (CISM), a certification conducted by Information System and Control Association (ISACA).
He is currently working as a Senior Manager, Security Practices with Data Security Council of India (DSCI). Vinayak Godse is managing a program for defining data security and privacy practices, based on which self regulation mechanism will be established. Along with this program he is also engaged in DSCI outreach program at national and international platforms for establishing collaboration with different legal and regulatory bodies, data protection authorities, global clients and outsource service providers of all categories including small and medium players.
Godse is working closely with Department of Information Technology (DIT), Govt of India, on cyber security initiatives, security and privacy surveys and making of rules for IT Act. Vinayak Godse has 14 years of experience in Information Security, IT Transformation, Telecom Switching Infrastructure, Intelligent Networking and Broadband Infrastructure.
Prior to joining DSCI, he was working with Global Consulting Practice of Tata Consultancy Services (TCS) as a Consultant, Information Risk Management. Under the consulting wing of TCS, he executed different security consulting engagements for different clients across the globe and in different industry domains. Prior to TCS, Godse was working with a public sector telecom service provider in India, where he got an exposure to telecom infrastructure, intelligent networking and Internet backbone infrastructure.
12:20 – 12:40 Nicolas Delvaux Sagem Sécurité Protected biometrics for Identity Trust
Abstract: Biometrics is more and more deployed as the trusted mechanisms to establish a link between an individual and an identity attributed by any identity provider. The aim of the presentation is to show the necessity to protect biometrics sample. Indeed, mass deployment of biometrics aims to fight against identity usurpation. The mass deployment must be associated with appropriate measure to ensure that biometrics modalities are preserved against attacks. Mechanisms are legal and technical. Mixed approach to protect biometrics information is the method to trust new identity management approach.
Biography: Nicolas obtains engineer cum laude from Université Catholique de Louvain in 1988. Nicolas is a technical expert who will participate in several research projects. Since 1992 at Sagem, Nicolas has a solid experience in R&D projects. He worked in telecommunication field and contributed to emergence of GSM-R. Since 2002, Nicolas is working in biometric domain. Nicolas is coordinating research efforts of TURBINE (http://www.turbine-project.org). Nicolas has been participating for a long time in standardisation efforts on the ISO sub-committee dedicated to biometrics: head of the French delegation to ISO/IEC JTC1 SC37, chairman of the Biometric Focus Group at CEN, chairman of the Biometrics committee at AFNOR.
27
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
VII. Media Coverage The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing received wide media coverage and publicity from regional Chinese media as well as the international media. The public media coverage was extensive and both newspapers and electronic media showcased this event to their readerships and viewership. Amongst the newspapers which covered this event were Ming Pao, and The Hong Kong Standard, The Oriental Daily, while the electronic media coverage was done by Radio Television Hong Kong (RTHK) and Television Broadcast Limited (TVB) amongst others. The conference also received greater online coverage as well and created a buzz on the web and initiated discussions. News of this conference was posted on prominent news sites, forums, and highly influential blogs related to biometrics such as Silobreaker.com, LeScienze Web News, Findbiometrics.com, Asia Research News, European Biometrics Forum and TechBiometrics.com.
Samples from the media coverage in Newspapers and Websites
1. Biometrics Security News and Information http://biometricnews.typepad.com/biometric_news_and_inform/2010/01/lets-see-the-substance.html 2. Le Scienze Web News http://www.lswn.it/en/press_releases/2009/conference_on_ethics_biometrics_policy_and_international_dat a_sharing
3. European Biometrics Forum http://www.eubiometricsforum.com/index.php?option=com_content&task=view&id=833&Itemid=95
4. Findbiometrics.com http://www.findbiometrics.com/industry-news/i/7645
5. Asia Research News http://www.researchsea.com/html/article.php/aid/4852/cid/2/research/polyu_plays_host_to_international_co nference_on_ethics_and_policy_of_biometrics.html?PHPSESSID=oej3f8canb8i4u1nlhniuudjq6
6. ThirdFactor.com http://www.thirdfactor.com/2010/01/06/polyu-hosts-biometrics-ethics-conference#top
7. TechBiometric.com http://techbiometric.com/trade-events/the-3rd-international-conference-on-ethics-and-policy-of-biometrics- and-international-data-sharing/
8. SiloBreaker.com http://www.silobreaker.com/researchsea--asia-research-news-4_17339
9. TheStandard.com http://www.thestandard.com.hk/news_detail.asp?pp_cat=11&art_id=92645&sid=26589906&con_type=1& d_str=20100105#
10. PolyU Press Releases http://www.cpa.polyu.edu.hk/cpa/polyu/index.php?search=&press_section=&press_category=All&press_d ate=&mode=pressrelease&Itemid=223&option=com_content&page=3&order=desc&orderby=news_date& press_id=1271&lang=en
28
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Media Coverage of Conference in China’s Business Newspaper “The Standard”
A newspaper clipping of an article about the Third RISE meeting in Chinese daily “The Sun” 29
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Newspaper clipping of an article about the conference in the “Oriental Daily News”
30
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
VIII. Organization and Contents of Conference Proceedings
Organization
General Chairs: David Zhang (The Hong Kong Polytechnic University, HK) Emilio Mordini (Centre for Science, Society and Citizenship, Rome, Italy)
Program Chair: Ajay Kumar (The Hong Kong Polytechnic University, HK)
Program Committee: Christopher Megone (University of Leeds, UK) Frank Leavitt (Ben Gurion University, Israel) Frederik Kortbak (The European Privacy Institute, Denmark) Glenn McGee (The American Journal of Bioethics, USA) Kai Rannenberg (Goethe University Frankfurt, Germany) Nicolas Delvaux (Sagem Securite, France) Irma van der Ploeg (Zuyd University, The Netherlands) Cong Ya Li (The Chinese Medical Association on Medical Ethics, China) Kamlesh Bajaj (Data Security Council of India, India) Paul Mc Carthy (University of Lancaster, UK) Max Snijder (European Biometric Forum, Brussels) Kush Wadhwa (Global Security Intelligence, USA) Margit Sutrop (University of Tartu, Estonia) Niovi Pavlidou (University of Thessaloniki, Greece) Anil Jain (Michigan State University, USA) Massimo Tistarelli (University of Sassari, Italy) Michael Thieme (International Biometric Group, USA) Roland Chin (Hong Kong University of Science and Technology, HK) Nigel Cameron (Centre for Policy on Emerging Technologies, USA) Xiaomei Zhai (Chinese Academy of Medical Sciences, Beijing, China) Richa Singh (IIIT Delhi, India) Asbjorn Hovsto (ITS, Norway) Stan Li (Chinese Academy of Sciences, Beijing, China) Jaihie Kim (Biometrics Engineering Research Center, Korea) Mia Harbitz (Inter-American Development Bank, USA) Mark Riddell (SUBITO Project, UK)
Organizing Chair: Lei Zhang (The Hong Kong Polytechnic University, HK)
31
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
Organization of Conference Proceedings
Privacy Protection and Challenges
(a) Challenges Posed by Biometric Technology on Data Privacy Protection in Hong Kong and the Way Forward Roderick Woo (b) The Dangers of Electronic Traces: Data Protection Challenges Presented by New Technologies Nataša Pirc Musar and Jelena Burnik (c) Privacy and Biometrics for Authentication Purposes: A Discussion of Untraceable Biometrics and Biometric Encryption A. Cavoukian, M. Snijder, A. Stoianov and M. Chibba (d) From the Economics to the Behavioral Economics of Privacy: A Note Alessandro Acquisti
Legal Challenges
(a) Legislative and Ethical Questions Regarding DNA and Other Forensic "Biometric" Databases Elazar (Azi) Zadok (b) Are We Protected? The Adequacy of Existing Legal Frameworks for Protecting Privacy in the Biometric Age Tim Parker (c) Have a Safe Trip Global Mobility and Machine Readable Travel Documents: Experiences from Latin America and the Caribbean M. Harbitz and D. King
Engineering and Social Challenges
(a) On Analysis of Rural and Urban Indian Fingerprint Images C. Puri, K. Narang, A. Tiwari, M. Vatsa, and R. Singh (b) Privacy Protection in High Security Biometrics Nalini K. Ratha (c) Face Recognition and Plastic Surgery: Social, Ethical and Engineering Challenges H.S. Bhatt, S. Bharadwaj, R. Singh, and M. Vatsa (d) Human Face Analysis: from Identity to Emotion and Intention Recognition Massimo Tistarelli and Enrico Grosso (e) Creating Safe and Trusted Social Networks with Biometric User Authentication Ho B. Chang and Klaus G. Schroeter
Ethical and Medical Concerns
(a) Ethical Values for E-Society: Information, Security and Privacy Stephen Mak (b) Ethical Issues in Governing Biometric Technologies Margit Sutrop
32
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
(c) Interdisciplinary Approaches to Determine the Social Impacts of Biotechnology Pei-Fen Chang (d) Medical Safety Issues Concerning the Use of Incoherent Infrared Light in Biometrics Nikolaos Kourkoumelis and Margaret Tzaphlidou
Policy Issues and Deployments in Asia
(a) The Status Quo and Ethical Governance in Biometric in Mainland China Xiaomei Zhai and Qiu Renzong (b) Building a New Ecosystem for Cyber Security and Data Protection in India Vinayak Godse
Challenges in Large Scale Biometrics Identification
(a) The Unique Identification Number Project: Challenges and Recommendations Haricharan Rengamani, Ponnurangam Kumaraguru, Rajarshi Chakraborty and H. Raghav Rao (b) The Unique ID Project in India: A Skeptical Note Ramakumar
33
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
IX. List of Participants 1 Aini Zhong HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 2 Ajay Kumar The Hong Kong Polytechnic University, Hong Kong 3 Alessandro Acquisti Carnegie Mellon University, USA 4 Alessandro Italian Ministry of Public Administration and Technology Innovation, Alessandroni Rome, Italy 5 Miss Caroline Fan Immigration Department, HK SAR Government, Hong Kong 6 Anye Cai HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 7 Benedicte Havelange Office of European Data Protection Supervisor, Brussels 8 Blair Stewart Office of the Privacy Commissioner, New Zealand 9 Bo Fang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 10 TS Chui Immigration Department, HK SAR Government, Hong Kong 11 Gary KC Ng Immigration Department, HK SAR Government, Hong Kong 12 Gavin Wah Immigration Department, HK SAR Government, Hong Kong 13 Chao Chen HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 14 Chi-Shing Chen National ChengChi University, Taiwan 15 Chun Wai Tan Universiti Tunku Abdul Rahman, Malaysia 16 Chun Yuan HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 17 Jodie Lee The Hong Kong Polytechnic University, Hong Kong 18 Cong Wang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 19 David Leung Hong Kong Immigration Department, Hong Kong 20 David Zhang The Hong Kong Polytechnic University, Hong Kong 21 Dongmin Guo The Hong Kong Polytechnic University, Hong Kong 22 Elazar Zadok Identification and Forensic Science Division, Israel 23 Emilio Mordini Centre for Science, Society and Citizenship, Rome, Italy 24 Emily Lam Chief Inspector of Police, Hong Kong Police Force, Hong Kong 25 Fangmei Chen The Hong Kong Polytechnic University, Hong Kong 26 Feng Han HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 27 Feng Liu The Hong Kong Polytechnic University, Hong Kong 28 Fengxi Song The Hong Kong Polytechnic University, Hong Kong 29 Fengxi Song HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 30 Francis Chan Superintendent of Police, The Hong Kong Police Force, Hong Kong 31 Amy Tsang The Hong Kong Polytechnic University, Hong Kong 32 Coria Cheung Immigration Department, HK SAR Government, Hong Kong 33 Guangming Lu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 34 H. Raghav Rao University at Buffalo, SUNY, Buffalo, USA 35 Hao Li HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 36 Haoyin Xu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 37 Helen Chan Hong Kong Immigration Department, Hong Kong 38 Helen Shen The Hong Kong University of Science and Technology, Hong Kong 39 Hemi Pecker Technology Department, Counter-Terrorism Bureau, Israel 40 Hin Wing Yeung International Society for Chinese Medicine, Macau SAR 41 Ho Chang BioID AG, Switzerland
34
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
42 Huihui Wang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 43 Ian Christofis Director, Biometix Asia, Hong Kong 44 Jairline M. Samuel Federal Bureau of Investigation, USA 45 James Loudermilk Federal Bureau of Investigation, USA 46 Jane You The Hong Kong Polytechnic University, Hong Kong 47 Jiajie Xu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 48 Jiandong Zhang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 49 Jiannong Cao The Hong Kong Polytechnic University, Hong Kong 50 Jin Xie The Hong Kong Polytechnic University, Hong Kong 51 Jinrong Cui HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 52 John Wong Office of the Government Chief Information Officer, Hong Kong 53 John Kropf Deputy Chief Privacy Officer, Department of Homeland Security, USA 54 Joyce Sut I Chong Office of Personal Data Protection, Macau SAR 55 Jun Liu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 56 Shao Zilli The Hong Kong Polytechnic University, Hong Kong 57 Roland Chung Immigration Department, HK SAR Government, Hong Kong 58 Katja Jacobsen Lancaster University, UK 59 Kenneth Lam The Hong Kong Polytechnic University, Hong Kong 60 Kent Lau Office of the Government Chief Information Officer, Hong Kong 61 Kim Legg General Secretariat, INTERPOL, Lyon, France 62 Kush Wadhwa Global Security Intelligence, USA 63 LaRue Williams West Virginia University, USA 64 Lei Zhang The Hong Kong Polytechnic University, Hong Kong 65 Lin Zhang The Hong Kong Polytechnic University, Hong Kong 66 Luo Nan The Hong Kong Polytechnic University, Hong Kong 67 Collagan Thomas Federal Bureau of Investigation, USA 68 Margit Sutrop University of Tartu, Estonia 69 Mark Riddell SELEX Sensors and Airborne Systems Limited, Essex, UK 70 Max Snijder European Biometric Forum, UK 71 Mayank Vatsa IIIT Delhi, New Delhi, India 72 Meng Yang The Hong Kong Polytechnic University, Hong Kong 73 Messimo Tistarelli Università di Sassari, Alghero, Italy 74 Mingjie Fan HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 75 Nalini Ratha IBM Watson Research Centre, New York, USA 76 Nan Luo HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 77 Nataša Pirc Musar Information Commissioner of the Republic of Slovenia 78 Nicolas Delvaux Sagem Sécurité, France 79 Nigel M. de S. President and CEO, Centre for Policy on Emerging Technologies Cameron 80 Niovi Pavlidou University of Thessaloniki, Greece 81 P. C. Yuen The Hong Baptist University, Hong Kong 82 Pak Hin Tang The Hong Kong Polytechnic University, Hong Kong 83 Paul Mc Carthy University of Lancaster, UK 84 Pei Fen Chang National Central University, Taiwan
35
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
85 Qin Li The Hong Kong Polytechnic University, Hong Kong 86 Qinghua Hu The Hong Kong Polytechnic University, Hong Kong 87 Qingmin Liao Tsinghua University at Shenzhen, Shenzhen, China 88 Raymond Wong Jiaotong University, Shanghai, China 89 René Von European Commission, Brussels Schomberg 90 Richa Singh IIIT Delhi, New Delhi, India 91 Roderick Woo Privacy Commissioner for Personal Data, Hong Kong 92 Ruijie Hou HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 93 Samson Tam Legislative Councillor (Information Technology Functional Constituency) 94 Sankar VS ATAL Technologies Ltd, Hong Kong 95 Shanshan Zhu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 96 Shouyu Ma HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 97 Shuanwei Zhang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 98 Simon Siu The Hong Kong Polytechnic University, Hong Kong 99 Gordon HY Ma Immigration Department, HK SAR Government, Hong Kong 100 Stanley Chan Office of the Government Chief Information Officer, Hong Kong 101 Stephen Mak Deputy Government Chief Information Officer (Consulting and Operations), Hong Kong 102 Toi Seong Ian Office of Personal Data Protection, Macau SAR 103 Tianyang Liu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 104 Tim Parker The Hong Kong Law Society, Hong Kong 105 Valeria Balestrieri Centre for Science, Society and Citizenship, Rome, Italy 106 Victor Zeng Managing Director, Just Marketing Company Limited, Hong Kong 107 Vinayak Godse The Data Security Council of India, India 108 Vivek Kanhangad The Hong Kong Polytechnic University, Hong Kong 109 Wilfred Tan NCS Hong Kong 110 Xiao Li HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 111 Xiaomei Zhai Centre for Bioethics, Chinese Academy of Medical Sciences, China 112 David Leung Immigration Department, HK SAR Government, Hong Kong 113 Xiaorui Zhang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 114 Xingpeng Xu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 115 Xu Yao HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 116 Ya Su The Hong Kong Polytechnic University, Hong Kong 117 Yahui Liu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 118 Yan Li HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 119 Yanxue Mu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 120 Yetian Huang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 121 Yingbo Zhou The Hong Kong Polytechnic University, Hong Kong 122 Yinghui Chen The Hong Kong Polytechnic University, Hong Kong 123 Yong Xu HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 124 Yunlian Sun HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 125 Zechao Shang The Hong Kong Polytechnic University, Hong Kong 126 Zhen Hua Guo The Hong Kong Polytechnic University, Hong Kong
36
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
127 Zhengui Song HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 128 Zhenyu He HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 129 Zhian He HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 130 Eddie Chan The Hong Kong Polytechnic University, Hong Kong 131 Zhiyin Yang HIT Shenzhen, Shenzhen Graduate School, Shenzhen, China 132 Zhizhao Feng The Hong Kong Polytechnic University, Hong Kong 133 Zhu Li The Hong Kong Polytechnic University, Hong Kong 134 Lai Siu Chung The Hong Kong Polytechnic University, Hong Kong 135 Chiu Chi Pang The Hong Kong Polytechnic University, Hong Kong 136 Sze Mei Lam The Hong Kong Polytechnic University, Hong Kong 137 Denise Lui Communications Officer, Office of Hon Samson Tam, Hong Kong 139 Qijun Zhao The Hong Kong Polytechnic University, Hong Kong 140 Kenneth Lee The Hong Kong Polytechnic University, Hong Kong 141 David Dagan Feng The University of Sydney, Australia 142 Liu Yan The Hong Kong Polytechnic University, Hong Kong 143 Alex Wai The Hong Kong Polytechnic University, Hong Kong 144 Edward Zheng The Hong Kong Polytechnic University, Hong Kong 145 CW Kwok Immigration Department, HK SAR Government, Hong Kong 146 Miranda Leung The Hong Kong Polytechnic University, Hong Kong 147 Carmen Au The Hong Kong Polytechnic University, Hong Kong 148 King Hong Cheung The Hong Kong Polytechnic University, Hong Kong 149 Rosa Kwan The Hong Kong Polytechnic University, Hong Kong 150 Alice Lam The Hong Kong Polytechnic University, Hong Kong 151 CY Or Immigration Department, HK SAR Government, Hong Kong 152 WY Lau Immigration Department, HK SAR Government, Hong Kong 153 Andy Luk Immigration Department, HK SAR Government, Hong Kong 154 Ray Cheng Immigration Department, HK SAR Government, Hong Kong 155 Clement Lee Immigration Department, HK SAR Government, Hong Kong 156 Althay Cheng Immigration Department, HK SAR Government, Hong Kong
37
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong
HONG KONG 4.5 JANUARY 2010
RISING PAN EUROPEAN AND INTERNATIONAL AWARENESS OF BIOMETRICS AND SECURITY ETHICS www.riseproject.eu
EMILIO MORDINI, M.D. 1 MhMarch 2009 28F8 Fe b 2012 DIRECTOR OF THE CENTRE FOR SCIENCE, SOCIETY AND CITIZENSHIP A RESEARCH PROJECT FUNDED BY THE EUROPEAN ROME (IT) COMMISSION ETHICS AND GOVERNANCE UNIT INTHEIN THE SCOPE OF THE FP7
1. Centre for Science, Society and Citizenship (Italy) 2. Aristotle University of Thessaloniki (Greece) 3. The Hong Kong Polytechnic University Biometric Research Center (China) 4. CfPliEiThli(UidCentre for Policy on Emerging Technologies (United States) 5. Lancaster University (United Kingdom) 6. European Biometric Forum (Ireland) 7. Global Securityyg Intelligence LLC (United States) 8. Data Security Council of India (India) 9. University of Tartu (Estonia)
12/March/2009 RISE KOM 12 13 march 2009, Rome 4
http://www.riseproject.eu
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 38 From 01/10/2004 to February 2007
BITE 2004 2007 HIDE 2008 2011 RISE 2009 2012
Convened by DHS and BlBrussels 15 16D6 Dec 2005 US Visit Program Convened by DG Research EU delegates from DG Art. 29 WP chair Research , BEPA , Director and delegates from Art.29 WP US DHS Privacy Office 80 partipants from 9 50 experts mainly from EU, different countries USA
November, 28 – 29 2006 Washington DC
HOMELAND SECURITY, Jerusalem 2 4 September BIOMETRIC 2006: IDENTITY. SECURITY IDENTIFICATION & AND DEMOCRACY PERSONAL DETECTION ETHICS 30 participants from 14 countries, Israel, France, Belg www.hideproject.eu ium, Italy, Slovenia, Bulgaria, Netherlands, Denmark, USA, Latvia, UK, Germany, Poland, Pal esti ni an A uth or ities. 1 FbFeb 2008 31 Jan 2011
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 39 1. ARISTOTLE UNIVERSITY OF 1. IBMG UNIVERSITY OF ROTTERDAM HIDE THESSALONIKI (GREECE) (NETHERLANDS) 2. CENTRE FOR POLICY ON EMERGING 2. INTERNATIONAL BIOMETRICS GROUP + Technology TECHNOLOGIES (()UNITED STATES) (()USA) Oriented 3. CENTRE FOR SCIENCE, SOCIETY AND 3. INTERNATIONAL ORGANISATION OF PERMANENT CITZENSHIP (ITALY) – COORDINATOR MIGRATION (UNITED NATIONS) INTERNATIONAL 4. UNIVERSITY OF ROME LA SAPIENZA 4. LANCASTER UNIVERSITY (UNITED (ITALY) KINGDOM) BITE INITIATIVE ON 5. DATA SECURITY COUNCIL OF INDIA 5. NATIONAL UNIVERSITY OF SINGAPORE (INDIA) (SINGAPORE) EXPLORATORY ETHICS AND 6. ESA COMMUNICATION (ITALY) 6. OPTEL (POLAND) 7. EUROPEAN BIOMETRIC FORUM 7. SAGEM SECURITE’ (FRANCE) POLICY OF (IRELAND) 8. THE HASTING CENTER (USA) RISE 8. EUTELIS (ITALY) 9. THE HONG KONG POLYTECHNIC RISE BIOMETRICS 9. FRAUNHOFER INSTITUTE (GERMANY) UNIVERSITY (CHINA) 10. GLOBAL SECURITY INTELLIGENCE LLC 10. UNIVERSITY OF LIJBLJANA (SLOVENIA) + Policy (UNITED STATES) 11. UNIVERSITY OF TARTU (ESTONIA) 11. HUMANSCAN (SWITZERLAND 12. ZUYD UNIVERSITY(THE NETHERLANDS) OiOrien te d GERMANY)
Ukraine Turkey Switzerland Spain Slovenia Singapore Portugal NZldNew Zealand Malta Latvia Italy Series1 Ireland Greece France European Commission Czech Republic Canada Brazil AiAustria Argentina 0 5 10 15 20 25 30 35 40 16
1) Glbllbllobal HumanHumanMo bilibilibility
Mass of People in transit too huge to be handled in traditional ways
2) UUliblnreliable Identi ty Documents
Too many people without reliable documents. Too many unreliable States 3) Global Identity Management
Digital Identities, dispersed and globalised
17
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 40 1960 -75-75
Advances in transport and communications are determining factors in the globalization process, and wider access to these technologies has increased the mobility of people, goods and services
Source: Population Action International 1994
20
Current Mobility …….
Source: Population Action International 1994 Estimated Global Mobile Populations > 800 million
21
21st Century’s Migration…….
In a world syst em wh ere nearl y a ll St a tes in devel opi ng count ri es are not able to provide their citizens with reliable identity documents, biometrics is likely to be the sole hope for most third world inhabitants to have trustworthy identity documents
Source: Population Action International 1994
23
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 41 Around 51 million children born in 2006 have not had their births registered. Forty four per cent of these children live in South Asia.
One in three developing countries has birth registration rates of less than 50 per cent.
Two out of three African children under age five are not registered.
29
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 42 UNREGISTERED CHILDREN
An increasing numbflber of online app lications require a Internet banking, online reliable means of identification of users, the whole trading, remote management of confidential databases and webhb architecture is increasingllbdy based on certain access to personal information require certain digital digital identities identities. The conventional means of identification (e.g .passwords , personal identification numbers) can be easily compromised, observed or forgotten.
Identity management is going to become a more critical factor in grid and cloud computing given the need to manage interactions between hubs and perihiphery cli ents. Biometr ics – including voice recogg,nition, human machine interactions, touch user interfaces with the Internet – will be m oepeaeore prevalen t in odeorder to create trusted digital identities
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 43 If one focuses only on privacy The idea that privacy is only an risks, it is unlikely that he finds issue of western countries is solu tions. milisleadi ng and sh ould ldb be Enlarged conversation should abandoned. foster both respect for privacy and technology innovation. In a globalized, borderless world, India and China are not The concept of privacy aware “fast moving, unregulated technology can be misleading: competitors” but are policy actors all technology must become which can offer interesting privacy aware. solutions to governance problems in this area.
RISE
The development and deployment of biometric technologies, systems , and It was not those who used brute applications show that privacy and force who would prevail biometrics ppyolicies are inextricably but those who’ll use schemes interdependent. Biometrics and Privacy involve politics and public and plots policy as much as it d oes l aw an d technology. Aeschylus “Prometheus Bound” By involving different stakeholders and perspectives it is possible to overcome dead ends and to find win win solutions.
And thank to the Polytechnic of HK, Prof Zhang, and all his staff for the great efforts !
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 44 Law, IT and personal data protection - legislative Modern Digital Technologies framework lags behind the IT development • Leg iltiislative F ramework( k(lalways lags ages behind the IT) • Law of the Net (Global Agreement) • “We miggpht not be able to stopyyou from doing bad things, but if we catch you, there will be consequences” • If we…, regarding data protection, Nataša Pirc Musar strong inspection tools are needed Information Commissioner, Republic of Slovenia • A lot of media support, quality prevention, awareness campaigns
Hong Kong, 4th of January, 2010
Proportionality Principle Privacy on the Internet?! • Data prevention v. data retention Contradiction per se • everybody is a potentional criminal GiGoing b ac ktitkto interne t… Legal office in USA – checked 5000 divorce files Facebook was a reason for a German Constitutional Court divorce in 989 cases!!! has set strict limits to the law enforcement authorities (especially to the secret services) with regard to secret Quotes from a wall of a supervision of the computers. They are only allowed to Facebook profile were used to supervise the computers in possession of individuals with prove infidelity special programmes (types of Trojan horses) in extreme cases when concrete threat to life or state exists. CClltiollection o fdtifdata in a dvance ‘th‘to have in st ock’ an dfrom Not to talk about randomly chosen individuals should thus not happen. Google/Dashboard
“If you have something that you don't want anyone to know, maybe you shouldn't be doinggp it in the first place!“
Eric Schmidt, Google CEO
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 45 Electronic Road Toll System Electronic Road Toll System On-board Unit:
Is there any 1.determining the position of the personal data: vehicle, 2.determining the segment of the • Position road and the corresponding tariff, • Journey time 3.calculating the sum spent for that segment, 4.sum total. • The control center does not have the position of the car
Employer v. Employee Telephone Traffic Data How to strike the right Facts: balance? 1. Dippylomatic mail was secretlyggiven to the media 2. Ministry wants to catch a bad guy • Internet 3. Let’s check all the telephone calls - • E mail data base with 110. 000 calls (in • Telephones house telephone system) • GPS • RFID - No need to contact the operator • CCTV 4. Who out of 700 employees was • Microsoft Software (heart beat) calling the media
Science fiction? Science fiction?
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 46 Do we wish the old times to come • Easily accesible back? biometrics – face recognition for up to 500 people = 318,29 € • Sloven ian biometric regime Mission impossible
“I have nothing to hide” argument Thank you for your "Our lives begin to attention end the day we biltbecome silent about things that matter."
Martin Luther King Jr.
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 47 General outline sor sor i i v v
• EU Data protection and the EDPS Super Super Data protection in the EU Area of freedom, security and justice ection ection t t • Biometrics – increased use for border undthLibTder the Lisbon Treat y management ta Prota Prota • The Lisbon Treaty: main changes in the an Da an Bénédicte Havelange Da an e 4 January 2010 e area offf free dom, secur ity an djd jus tice an d data protection Europ Europ
International Conference on Ethics and Policy of Biometrics and Data sharing January 2010 International Conference on Ethics and Policy of Biometrics and Data sharing January 2010
Role of EDPS Biometrics and data protection: sor sor i i v v OttOutstandi ng i ssues (1) • Regulation (EC) 45/2001 Super Super » Independent authority > EC institutions and bodies – Recognise limitations of biometrics • Supervision » Make informed decisions ection ection t » Monitoring compliance t » Introduce fall-back procedures • Consultation – Policy choices must be made ta Prota » Advising on new legislation Prota » Biometrics are not only about technology • Cooperation
an Da an Da an – Fight against the risk of exclusion by biometric
e » National DPA , WP29 , JSA e systems » Age limits, physical or ethnic differences Europ Europ
International Conference on Ethics and Policy of Biometrics and Data sharing January 2010 International Conference on Ethics and Policy of Biometrics and Data sharing January 2010
Biometrics and data protection: The Lisbon Treaty : sor sor i i v OttOutstandi ng i ssues (2) v MiMain ch anges (1) Super Super
– The purpose of each biometric application • Abolition of the Pillars structure should be clearly specified ection ection » Decision-makinggp process t t » Involvement of EU Parliament – Embedment of privacy-enhancing features in ta Prota the systems Prota » Improved consistency » No need anymore for a sometimes artificial an Da an Da an distinction e e Europ Europ
International Conference on Ethics and Policy of Biometrics and Data sharing January 2010 International Conference on Ethics and Policy of Biometrics and Data sharing January 2010
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 48 The Lisbon Treaty : The Lisbon Treaty : sor sor i i v MiMain ch anges (2) v MiMain ch anges (3) Super Super
• Emphasis on fundamental rights • Data Protection as a fundamental right
ection » EU Charter of fundamental rights made ection » Direct application t t legally binding » Core elements » Accession of the EU to the European ta Prota Prota » Need for data protection authorities Convention on Human Rights
an Da an » Affirmation of “values” of the EU Da an e e Europ Europ
International Conference on Ethics and Policy of Biometrics and Data sharing January 2010 International Conference on Ethics and Policy of Biometrics and Data sharing January 2010
What’s next? sor sor i i v v More information:
Super • Stockholm Programme: EU Information Super
Management Strategy www.edps.europa.eu
ection » Existinggy information systems need to be ection edpp@s@edp s.euro pa.eu t assessed t » Privacy by design ta Prota Prota Postal address: • Need for increased international dialogue Rue Wiertz 60 - MO 63 an Da an Da an B-1047 Brussels e e Europ Europ
International Conference on Ethics and Policy of Biometrics and Data sharing January 2010 International Conference on Ethics and Policy of Biometrics and Data sharing January 2010
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 49 What is Privacy? The Crossroads of Privacy andBid Biometr ics Privacy is the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about John W. Kropf U. S. Department of Homeland Security them is communicated to others. Privacy Office Alan Westin, Privacy and Freedom, ETHICS AND POLICY OF BIOMETRICS AND Atheneum, New York , 1967 , p . 7 INTERNATIONAL DATA SHARING Hong Kong Polytechnic University January 4, 2010
Biometr ics – WldidWorldwide Why Privacy Is Important to Biometrics % ICAO: Standard for Passports % EU: Passpp(orts (ICAO +fin ger scans ) % FdFundamen tliht(UNCtal right (UN Conven ti)tion) % US: US – VISIT; BioVisa % Jappyan: Entry and Exit % Good government % UK: Borders % Legal compliance % Israel : Legislation on a National Biometric Data Base % Budiliidget implications % UAE: Borders % Pakistan: National IDs % Registered Traveler Programs (US, The Netherlands, others) % Many others
Overview: U.S. Privacy Framework Application of the Privacy Act Information Protected Domestic (USG only not private sector) Information about an individual containing their name or other Privacy Act of 1974 personal identifier in a Federal agency record system. Examples: education, financial transactions, medical history, Freedom of Information Act (()FOIA) criminal history, employment history, digital photographs, E-Government Act of 2002 fingerprints Applies to a “system of records” (SORNs) Presidential Orders , Directives and Guidance Any group of records containing information about U.S. persons International Under the control of a Federal agency AND agency retrieves information by the individual ’snameor s name or Information Sharing Agreements other personal identifier including biometrics. International Frameworks
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 50 DHS Privacy Office Example: US-VISIT and Privacy
New technologies do not erode privacy " US Congress, through a series of statutes, required Personal information used in compliance with US law. the creation of a biometric entry -exit system . Laws follow the Fair Information Practice " Resulted in US-VISIT. Principles (FIPPs) " US-VIS’SIT’s goa ls: Evaluate new legislation Enhance the security of U.S. citizens and visitors Coordinate with DHS Civil Rights and Civil Liberties Facilitate legitimate travel and trade Report to Congress Ensure the integrity of the U.S. immigration system FdFreedom o fIff Informat iAion Act Protect the privacy of visitors.
SORNs and PIAs are Publicly Example: US-VISIT and Privacy Available " Transparency: IDENT PIA and SORN " Minimization: Collects only the information needed to achieve US-VISIT statutory authority " Use Limitation: Sharing this information must be consistent with http://www.dhs.gov/privacy thfhihilldhe purpose for which it was collected. " Security and Privacy: Success of the US-VISIT measured by ability to identify threats but to protect against ID theft and fraud . " Accountability: US-VISIT PO and DHS CPO; periodic audits " Robust Privacy Policy: Privacy protections extended to non -U.S. citizens " Access and Redress: Freedom of Information Act, Privacy Act and TRIP.
Biometrics: Critical to Government Sharing Biometrics Across Borders " Lost and Stolen Passports " Bordlder Controls FIPPs " Advance Screening Mutual Recognition of Systems HLCG Principles
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 51 Contact Us
U. S. Department of Homeland Security Privacy Office Washington, DC 20528-0550 Tel: 1 -703-235-0780 Email: [email protected] Website: www.dhs.gov/privacy
The Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, 2010, Hong Kong 52 Of Frogs and Herds: The economics (and behavioral Protection &