Turley To Give Keynote On Privacy and Security At IBIA Conference

This morning, I will have the privilege of giving a keynote address before the National Press Club at a symposium organized by The International Biometrics + Identity Association (IBIA) on privacy and security issues surrounding the rising use of facial identification technology.

The symposium will explore the concern raised over facial recognition systems and seek to place those concerns into a legal and technological context.  I have previously spoken on the tension between new technology and privacy rights — and the need to find pathways to protect privacy while recognizing the growth of these new systems in both governmental and private settings.

My address will discuss some of the guiding cases and principles in striking this type of balance.

I will be speaking 8:15 am at the National Press Club.

According to Tovah LaDier, IBIA managing director, “IBIA is excited for the opportunity to present this symposium to help the public better understand the benefits of facial recognition as the technology becomes widely used and accepted.”

7 thoughts on “Turley To Give Keynote On Privacy and Security At IBIA Conference”

  1. I keep coming back to a new legal foundation of Citizen Privacy in the digital era being necessary, while adapting our successful legal heritage of 240 years to the new situation. The cornerstone concept is that individuals own their personal information and all personally-identifiable information acquired from their behavior. Law enforcement would continue its position of privileged access to reach across this privacy shield, constrained by 4th Amendment criteria. Government could diminish its 4th Amendment obligations via contractors — private contractors working for law enforcement would be bound to the same restrictions as government itself. Other corporations would essentially have to micro-pay individuals for limited use rights to their personal information. And clients of Software-as-a-Service (SaaS) apps would have to micropay for such services. The “trade” of free software services for information gathering would be prohibited, based on the removal of such an arrangement from normal market pricing mechanisms.

    Children’s privacy rights would be administered by their legal guardians in the child’s best long-term interest.

    These are the same legal principles that, in the 1970s-1990s, obliged TV producers to get a signed release from any person who’s visage and identity are conveyed in a video/TV product. This principle broadens the protections in HIPPA to cover all matters of personal choice, behavior, commerce, and transit, not just in the medical sphere.

    This new legal foundation, in recognizing law enforcement’s privileged access to investigate personal behavior in the digital era, would resolve the debate over encryption. It would be a serious violation to offer personal privacy tools and technology that thwarted law enforcement’s investigatory reach. This principle would also preclude BitCoin (as currently configured), since it offers criminals a transaction and banking system that is effectively beyond the reach of law enforcement investigation.

    The new legal infrastructure strikes a balance of power….the key entities being law-abiding individuals and businesses, governments, and criminally-inclined individuals and businesses. The balance struck is to assure that the law-abiding actors of all shapes and sizes maintain the upper hand over the criminal element via government powers to investigate, prosecute and punish.
    The tech giants are effectively placed in a symmetrical position to their user-bases, whereby commerce in information is always informed and volitional. Unpermissioned use of information is strictly prohibited. This architecture is needed to prevent the systematic sapping of power and freedom away from individuals to organizations who monetize information for purposes that run counter to the individuals’ interests, such as blackmail, extortion, political intimidation, character assassinations, etc.

    I foresee a parallel infrastructure of Secure ID growing up with Citizen Privacy, making it unnecessary for various organizations to collect personal information for sake of bad-faith traceability. That latter function would be built into the Secure ID system as a core feature. The organization would merely have to remember an ID token for each account holder, which in the case of bad-faith always leads back rapidly to the bad actor. Each organization an individual deals with would be issued a different token for that same individual, precluding universal identifiers, and thus protecting against unpermissioned database correlation and dossier-building. The current system based on using email address as a universal identifier offers no such privacy protection — database correlation is used daily to amass personal dossiers, all against the wishes of the individuals.

    Once there is a fraud-proof system of Individual ID in place, Secure Organizational ID is the next step. This would make organizational accountability traceable in an unbroken fashion to responsible individuals, and make the use of shell corporations ineffective as a tactic in obfuscating accountability. One objection to Secure ID might come from law enforcement, who have been using ID fraud as a basis for issuing new identities to Witness Protection program enrollees. On balance, I believe that the bad-faith traceability tentacles erected to thwart organized crime under Secure ID and Secure Organizational ID more than offset the loss of the Witness Protection program’s current tactical benefits. It’s also technically possible to give the entire population the privacy shield afforded through Witness Protection, by limiting the ability to physically track down an individual absent a Warrant issued by a Judge. Private detectives would not be needed, since everyone would be traceable in a situation of bad-faith which rose to the level of law-breaking. A Trusted Actor architecture operating within law enforcement, with audit trails, will place limits on opportunities for official corruption.

    None of these ideas are “new”. All have a basis in our tradition of privacy, private enterprise, regulated commerce, and giving exclusive powers to law enforcement under Constitutional constraints.

  2. All information about everybody is collected and stored, including those naked body-scans at airports. Biometrics include more body parts than just the face.

  3. We need some devices to block and disrupt “facial reading or ID devices”. Pussface.com is one place where data on faces is stored. We need to outlaw newspapers from publishing “mugshots”. It is defamation.

  4. This is unlike any other nuanced technology, it can be used for good or not. However it is not only a matter of what becomes of the data, just having the surveillance being everywhere is a terrible outcome in itself, a softer side of tyranny.

  5. USC with it’s Bill of Rights as of now out the Window as far as Govt’s & Corporations are concerned. Social Contract Breaking anyone?

  6. Well then you’d better get to bed, JT. It’s past midnight when you posted this. Best wishes on your presentation.

Comments are closed.