Concerns about the Server in the Sky

The Herald reports that New Zealand is to be part of an FBI-led consortium that plans a global database of personal biometric information to "catch criminals and terrorists".

Biometric details and measurements, such as iris scans, palm and fingerprints would be swapped between countries, namely the US, the UK, Canada, Australia and New Zealand. As Iain Thompson points out, these five countries already co-operate in running Echelon, the global eavesdropping service that listens and records global telephone, radio and email communications. So while the public face may be in terms of police co-operation, its a fair bet the intelligence agencies will also be able to access this data. Perhaps the GCSB and the SIS see our participation as a way to gain greater access to US intelligence data in return.

While 'officials' in this country claim New Zealand is still considering whether to join the consortium, Police National Forensic Services Adviser Inspector John Walker said it was likely we would do so.

The FBI told the Guardian: "Server in the Sky is an FBI initiative designed to foster the advanced search and exchange of biometric information on a global scale. While it is currently in the concept and design stages, once complete it will provide a technical forum for member nations to submit biometric search requests to other nations. It will maintain a core holding of the world's 'worst of the worst' individuals. Any identifications of these people will be sent as a priority message to the requesting nation."
...
The FBI is proposing to establish three categories of suspects in the shared system: "internationally recognised terrorists and felons", those who are "major felons and suspected terrorists", and finally those who the subjects of terrorist investigations or criminals with international links. Tom Bush, assistant director at the FBI's criminal justice information service, has said he hopes to see a pilot project for the programme up and running by the middle of the year.

The proposal to share information about subjects of terrorist suspects is the most concerning. Suspects are not criminals, and should not be treated like criminals unless you wish to throw out the entire principle of 'innocent until proven guilty'. It is yet another example of governments using the excuse of 'anti-terrorism' to undermine core principles of the legal system for their own convenience.

Some elements of the police and security services in New Zealand have wished for a national biometric database of all citizens, whether they have committed a crime or not. This proposal has faced some resistance. But 'Server in the Sky' has the potential to implement this policy by default. The US now subjects all passengers, even those in transit to compulsory digital finger scans and photographs (which are also stored for an unknown period). Could the proposed consortium allow our police to import the finger scans of New Zealanders they are unable to legally obtain at home?

Even for those with criminal records the system could lead to some unjust outcomes. As a purely hypothetical example, supposing someone picked up a minor conviction in their teens. Years later they are wrongly implicated in a so called anti-terror operation. Due to their old record, their biometric information and criminal history could be spread about the world with little chance for correction.

I don't have so much of a problem with coppers sharing information about internationally active criminals convicted of serious crimes - but I suspect there are procedures in place for this already without the need for massive data sponge.

Interestingly, the US defence contractor linked with the proposed database, Northrop Grumman Corp, is the same company who created the IDENT1 database, an enhanced fingerprint identification system currently used by British police.

It is pleasing to see that the Server in the Sky proposal greeted with an element of scepticism in the UK media. This follows the embarrassing leak of detailed personal information on 40% of the British population late last year, and the case where an arrest for a terror offence by US investigators was based on a misidentified fingerprint match.

In the Guardian Nick Clegg is calling for the proposal to be treated with caution, as nothing, including biometrics, is fail safe. He highlights the importance of safeguards to ensure data collected under UK law remains subject to high data protection standards.
And once data is in the hands of the US authorities, there is no getting it back. We already send them massive amounts of information about air passengers, through a deal brokered by the European Commission, without any guarantee it will be properly safeguarded once it reaches the US. It would be foolhardy to start sharing further information without a simple guarantee: that data collected under UK law should continue to be protected even after it leaves Britain. We should share information when other countries can guarantee data protection standards that match, or exceed our own. Otherwise, who knows which one of us will be on the no-fly list next.

If the Government sign us up for Server in the Sky, at the very least they should be demanding this too. There also needs to be clear procedures to remove all traces of incorrect information. As the Zaoui case and the recent so called 'anti-terror raids' showed, both the SIS and our police are prone to bouts of Groupthink, where erroneous bullshit can only feed presumptions of guilt before innocence.

I hope we stay well clear of Server in the Sky. It can only fall down sometime.