A Proposed Amendment to the Chicago Municipal Code That Could Invade Biometric and Location Privacy



As the utilization of facial recognition programming in the private sector is on the high very aggressively and exponentially, a proposed amendment to the Chicago municipal code would now enable organizations to utilize this facial recognition innovation, as indicated by the Electronic Frontier Foundation (EFF).

The EFF proceeds to state that this law would likewise disregard the Illinois Biometric Information Act (BIPA) including further that it could "invade biometric and location privacy, and violate a pioneering state privacy law adopted by Illinois a decade ago.” 

EFF went ahead to add -

"At its core, facial recognition technology is an extraordinary menace to our digital liberties. Unchecked, the expanding proliferation of surveillance cameras, coupled with constant improvements in facial recognition technology, can create a surveillance infrastructure that the government and big companies can use to track everywhere we go in public places, including who we are with and what we are doing.
This system will deter law-abiding people from exercising their First Amendment rights in public places. Given continued inaccuracies in facial recognition systems, many people will be falsely identified as dangerous or wanted on warrants, which will subject them to unwanted—and often dangerous—interactions with law enforcement. This system will disparately burden people of colour, who suffer a higher 'false positive' rate due to additional flaws in these emerging systems."

The proposition looks to include a section of "Face Geometry Data" to the city's municipal code which would enable organizations to utilize the disputable face reconnaissance frameworks compatible to the licensing agreements with the Chicago Police Department.

The law basically requires organizations to acquire informed, opt-in consent from people before gathering biometric data from them, or revealing it to an outsider and also secure storage for the biometric data all the while setting a three-year constrain on maintenance of the acquired data after which it must be deleted.

The EFF has likewise not been in support of the FBI's accumulation of colossal databases of biometric information on Americans. The Next Generation Identification (NGI) incorporates fingerprints, face recognition, iris outputs and palm prints. The data is accumulated amid arrests and non-criminal cases, for example, immigration, individual verifications or background checks and state licensing.

Regardless of the huge potential the facial recognition technology and biometric innovation in general, holds for the increased welfare, keeping in mind the national security and the advancements to cyber security, many have advisedly forewarned that the technology should be improved before its continual utilization before something extreme impacts the users.


2 Gujarat Ration Shop Owners Held for Aadhaar Fraud

The Gujarat Police on Friday arrested two owners of government-funded ration shops, or “fair price shops”, in Surat for allegedly committing fraud using stolen biometric data to pilfer subsidised foodgrain.

They reportedly bought a software for ₹15,000 which contained a list of stolen Aadhaar numbers, ration card numbers, and thumb impressions.

The accused, Babubhai Boriwal (53) and Sampatlal Shah (61), were arrested on Friday and taken into police custody for five days.

"The state government had in April 2016 launched the Annapurna Yojana under the National Food Security Act-2013,” said Crime Branch Inspector BN Dave. “Fair price shops, renamed as Pandit Deendayal Grahak Bhandar, were computerised so that subsidised food items reached the actual beneficiaries."

He said that under the scheme, shop owners were, through an application called E-FPS, given access to biometric data bank of the beneficiaries to “create an electronic record of beneficiaries availing subsidised grains from their shops.”

According to Inspector Dave, to gain access to the data, the accused used a duplicate version of the software, the source of which is yet unknown.

Boriwal and Shah have reportedly been booked under various sections of the Indian Penal Code (IPC) including section 406, 409 (criminal breach of trust), 467, 468, 471 (forgery), as well as sections of the Information Technology Act and the Essential Commodities Act.

The police are investigating into the source of the duplicate software as well as the biometric data.

UIDAI Addresses Security And Privacy Concerns

The issue of protection of citizen data has once again picked up steam in the most recent week after The Tribune revealed that an unknown WhatsApp number was pitching access to the whole Aadhaar database for as low as Rs 500. So in an attempt to address security and privacy concerns around the leakage of Aadhaar numbers and information data, the Unique Identification Authority of India on Wednesday introduced two new measures - virtual ID and limited KYC.

The Aadhaar-card holder can utilize the idea or most likely the 'concept' of the virtual id through its website which can take into consideration different purposes, including SIM verifications, and save them the trouble of sharing the actual12-digit biometric ID.

The Virtual ID would be an arbitrary 16-digit number, complete with biometrics of the user and would give any authorised agency like a mobile company, restricted or limited details like name, address and photograph, which are more than sufficient for any confirmation and verification.
Then again the idea of 'limited KYC' will just give need based or finite details of a user to an authorised agency that is providing a specific administration or service.

From 1 June, 2018 it will be obligatory for all organizations and agencies that attempt verification to acknowledge the Virtual ID from their clients. Agencies that don't relocate to the new framework to offer this additional alternative to their clients by the stipulated due date will confront financial disincentives.

"Aadhaar number holder can use Virtual ID in lieu of Aadhaar number whenever authentication or KYC services are performed. Authentication may be performed using the Virtual ID in a manner similar to using Aadhaar number," a UIDAI circular said.

Clients (users) can go to the UIDAI website to create their virtual ID which will be valid for a definite time frame, or till the user decides to transform it. Since the system generated Virtual ID will be mapped to a person's Aadhaar number itself at the back end, it will get rid of the requirement for the user to share Aadhaar number for validation and decrease the collection of Aadhaar numbers by various organizations.

According to the UIDAI, organizations that attempt validation would not be permitted to generate the Virtual ID on behalf of the Aadhaar holder.The UIDAI is also instructing all agencies utilizing its authentication and eKYC services to ensure Aadhaar holders can give the 16-digit Virtual ID rather than Aadhaar number within their application. 


Needless to say the move mainly focuses to reinforce the protection and security of Aadhaar data and comes in the midst of uplifted concerns around the collection and storage of personal and statistical (demographic) information of individuals.