Leaked Reports Show EU Police Are Planning a Pan-European Network of Facial Recognition Databases
The proposal to link the EU’s facial recognition databases would likely connect them to the U.S. as well, in a massive consolidation of biometric data.
theintercept.com
A police investigator in Spain is trying to solve a crime, but she only has an image of a suspect's face, caught by a nearby security camera. European police have long had access to fingerprint and DNA databases throughout the 27 countries of the European Union and, in certain cases, the United States. But soon, that investigator may be able to also search a network of police face databases spanning the whole of Europe and the U.S.
According to leaked internal European Union documents, the EU could soon be creating a network of national police facial recognition databases. A report drawn up by the national police forces of 10 EU member states, led by Austria, calls for the introduction of EU legislation to introduce and interconnect such databases in every member state. The report, which The Intercept obtained from a European official who is concerned about the network's development, was circulated among EU and national officials in November 2019. If previous data-sharing arrangements are a guide, the new facial recognition network will likely be connected to similar databases in the U.S., creating what privacy researchers are calling a massive transatlantic consolidation of biometric data.
The report was produced as part of discussions on expanding the Prüm system, an EU-wide initiative connecting DNA, fingerprint, and vehicle registration databases for mutual searching. A similar system exists between the U.S. and any country that is part of the Visa Waiver Program, which includes the majority of EU countries; bilateral agreements allow U.S. and European agencies to access one another's fingerprint and DNA databases.
Although new legislation following the report's recommendation is not yet on the table, preparatory work is ongoing. Information provided by the European Commission to the European Parliament last November shows that almost 700,000 euros (about $750,000) are going to a study by consultancy firm Deloitte on possible changes to the Prüm system, with one part of the work looking at facial recognition technology. The European Commission has also, separately, paid 500,000 euros to a consortium of public agencies led by the Estonian Forensic Science Institute to "map the current situation of facial recognition in criminal investigations in all EU Member States," with the aim of moving "towards the possible exchange of facial data," according to a project presentation sent to national representatives in Brussels.
"This is concerning on a national level and on a European level, especially as some EU countries veer towards more authoritarian governments," said Edin Omanovic, advocacy director for Privacy International. Omanovic worries about a pan-European face database being used for "politically motivated surveillance" and not just standard police work. The possibility of pervasive, unjustified, or illegal surveillance is one of many critiques of facial recognition technology. Another is that it is notoriously inaccurate, particularly for people of color.
As far back as 2004, the U.S. Embassy in Brussels was calling for a relationship with the EU that allowed "expansive exchanges and sharing all forms of data, including personal data." In recent years, efforts toward that goal have intensified. According to a Government Accountability Office report, in 2015, the Department of Homeland Security began demanding the implementation of the data-sharing agreements required of Visa Waiver Program countries. This has included the FBI providing assistance to other states to set up the necessary computer networks.
Austria, to take one example, began checking fingerprints against the FBI's criminal fingerprint databases in October 2017, explained Reinhard Schmid, a senior official in the Austrian criminal intelligence service. Since then, about 12,000 individuals' prints have been cross-checked, leading to 150 matches. "Around 20 of these identified persons were under investigation and suspected of membership of terrorist organizations," while in 56 cases individuals had attempted to use a false identity, said Schmid.
"Their logic here is, 'When I have a serious crime and I want to run someone's photo against a database, why shouldn't I have this?'" said Guliani. Yet, she added, the privacy implications were enormous. "Once you have the access, you ultimately have the ability to identify almost anyone, anywhere."
