Updates in the war against terrorism

Bulletin of the American Society for Information Science & Technology, Jun/Jul 2002 by Strickland, Lee S

I. Civil Liberties vs. Security in the War

Against Terrorism

Part IV of our series (Bulletin, April/May 2002) on Information and the War Against Terrorism considered new security-related practices, including the use of biometrics, in government and business as security competes with civil liberties. Of course, the use of technology to enhance security has many independent drivers, including routine crime prevention. But many of these new processes have triggered extensive political and legal complaints based on a perceived improper invasion of civil liberties including the right of privacy and a more nebulous right of anonymity. Indeed, it appears that the more technology is utilized to verify identity, as with biometrics, the more vociferous the complaints.

On February 28, 2002, the Maryland Court of Special Appeals in Messing v. Bank of America, 2002 Md. App. LEXIS 40, became the first court to decide the issue of mandatory collection of biometric identification in the context of commercial transactions. Here a non-bank customer was required to provide a thumbprint before a check that he proffered would be cashed in accordance with "reasonable identification" requirements set forth in federal banking regulations and state commercial transactions law. The court found a thumbprint reasonable for multiple reasons. First, a thumbprint is specified as one of a number of means of signature and authentication in the Maryland Uniform Commercial Code (UCC). Second, a thumbprint is not unreasonably inconvenient, and the inkless method used here was even less intrusive than traditional fingerprinting, which has been repeatedly upheld as an "unobtrusive" form of identification. Third, it is reasonable and necessary, given the prevalence of bank fraud today; and fourth, the fact that a thumbprint does not permit immediate identification but only assists in remedial prosecution is irrelevant since both functions are valid purposes of a "reasonable identification" requirement.

Although this is the first known case to involve mandatory commercial use of biometric data, other cases have approved use in a number of other non-criminal situations. In Perkey v. Department of Motor Vehicles, 42 Cal. 3d 185 (1986), the California Supreme Court upheld a state law requiring an individual to provide a fingerprint as a condition for obtaining a drivers license. In Thom v. New York Stock Exchange, 306 F. Supp. 1002 (1970), the U.S. District Court for the Southern District of New York upheld a state law requiring employees in the securities industry to provide fingerprints. This decision was upheld on appeal and the Supreme Court denied review. In People v. Stuller, 10 Cal. App. 3d 582 (1970), a California appellate case upheld a municipal ordinance requiring bartenders to submit fingerprints to the local police department. And in Brown v. Brannon, 399 F. Supp. 133 (1975), the U.S. District Court for the Middle District of North Carolina similarly upheld a municipal ordinance requiring fingerprinting of applicants for business license. That decision was also affirmed on appeal.

These cases suggest that far from being a revolutionary concept, the use of new forms of biometric identification will be approved by the courts provided that the collection is reasonable in terms of scope and necessity and that the intended biometric has the necessary indicia of reliability. I suggest that the bottom line on biometrics vis-a-vis the rights of privacy and anonymity is threefold:

* First, with respect to government collection and privacy, the 4th Amendment protects reasonable expectations of privacy, and there is no such expectation for public acts whether a stroll in the park, a drive down the street, or a visit to store or government office. And, if there is no reasonable expectation of privacy, there is little question as to use of technology.

* Second, with respect to government collection and anonymity, an issue that arises today in the context of public act but subjective desire to be anonymous - defined as "being unknown or unacknowledged" - there is relatively little case law, some in the context of anonymous campaign literature (e.g., McIntyre, 514 U.S. 334 (1995)) and some in the context of the right of police to ask for identification on the street but only in circumstances involving reasonable suspicion (e.g., Hensley, 469 U.S. 221 (1985)). I believe that civil liberties advocates have not clearly cast their concerns as anonymity but have argued for privacy where there is none. Indeed, I believe that the scope of the right of anonymity has yet to be determined. If a police officer cannot demand to inspect my identification absent reasonable suspicion, should the officer be permitted to use technology to accomplish the same end? And third, with respect to use by commercial enterprises, the Constitution has no direct relevance (unless there were discrimination on legally-proscribed grounds), and the matter is one of contract or unreasonable acts of intrusion under state tort law or commercial law.