Tuesday, May 12, 2009

Fingerprinting The Homeless

It's taken me a few days to absorb the implications of Calgary's DropIn Center scanning client fingerprints.

Superficially, the motives are all fine and reasonable - increased safety for the clients and staff of the center, and so on. But, something about it kept on niggling away at me as troublesome.

First, I'll raise the obvious problems of any organization having this kind of data.

The security of the data itself is an enormous problem. The DropIn Center is not an organization that is going to have a great deal of experience with data security. We don't know what steps they have taken to ensure that the actual data is not accessible to unauthorized users; nor do we have any sense if they have taken steps to ensure that the machines hosting the physical data are not readily accessible to anyone. (It takes about five minutes with a screwdriver to yank a hard drive out of most machines these days). What is the DropIn Center's plan for handling backups, for securing that backup media, and eventually for disposing of data? Perhaps they have dealt with these issues adequately, perhaps not.

This is a very real concern that we have to think about. Of all our personal information, our fingerprints, next to DNA, are among the most absolute markers of identity. To date, we have only allowed government organizations to have that data, and we routinely castigate them when someone makes an error in handling our personal data. (How many times have we heard of a computer with the records of thousands of citizens being stolen or lost? - plenty) In today's era of identity theft, this is a huge risk, and having databases of biometric data floating out there that are unsecured, or only minimally secured should give all of us pause for concern.

The second concern we have to think about is the isolation of that data. To the best of my knowledge, there are no mechanisms in law which would prevent the DropIn Center from sharing that data with various law enforcement agencies. While such sharing of data would no doubt be a gross violation of trust, I doubt that there is much to prevent the Center from granting law enforcement requests for access. I'm sure that the DropIn Center has good intentions of not doing this, but all it will take is one "emergency" where the Police apply to the courts for access to that data, and suddenly they have access to a large body of fingerprints that were gathered outside of legitimate law enforcement activity.

Now, you might look at that and say "well, if you haven't done anything wrong, you have nothing to fear". With the capriciousness with which governments can act (especially here in Alberta where the governing party has minimal opposition), it takes very little for something that wasn't criminal before to suddenly become a criminal act. It wasn't so long ago in this country that we jailed people on the basis of falling in love with someone of the same gender, and there are those who would quite happily recriminalize that. For that matter, some of Calgary's Aldermen have essentially tried to criminalize being homeless.

Lastly, we should not lose sight of the fact that fingerprints are generally seen by the public as something used as part of criminal investigation and law enforcement. The clients of the DropIn Center would rightly be upset at being treated like criminals, even though they may have done absolutely nothing illegal.


Niles said...

There's are Privacy Act laws provincial and federal that cover those exact questions. Plus the first and foremost reason to consider. IE: is there a dam' good reason to collect the information in the first place? And frankly, in this case, the answer is *no*.

When it's not a good reason to collect it anywhere else in society, what makes the residentially challenged suddenly appropriate to be lined up and treated this way?

Stephanie said...

Must be a pretty rich shelter if the have a spare $150,000 to spend on a fingerprint scanner!