Welcome to the Surveillance State: Biometrics Data Collection is All Around You

By The Sharp Edge

The worldwide digital panopticon isn’t coming – it’s already here.  While China has the most surveillance cameras in operation overall, reaching a total of 200 million throughout the country, most people would be shocked to know that the United States has the largest number of surveillance cameras per person than any other country in the world.  China may be considered the most advanced in their mass surveillance and control system, but with exports of this technology, regimes around the globe are quickly catching up.  In the age of information, “the world’s most valuable resource is no longer oil, but data.”  Biometric identifiers such as facial geometry, fingerprints, voiceprints, and even your DNA are now highly prized commodities.  Rapid developments in biometric data collection implemented in every aspect of our daily lives has made the public vulnerable, while lawmakers fall behind in protecting the private data of their citizens.

While the global biometrics technology market is estimated to be worth about $49 billion in 2022, the industry is projected to more than double its worth at $102 billion by 2027.  The driving factors for this booming market are the integration of biometric systems into smartphones and IoT (Internet of Things) devices such as Amazon’s Echo, as well as the rising demand for biometric systems by public and private sectors alike.  As the worldwide surveillance system takes shape, consumers have justifiably become more wary.  A recent survey found that 86% of respondents have growing concerns over their data privacy, and 78% of those surveyed have fears over the amount of data collected on them.

Federal legislation to protect citizens from mass surveillance and data collection in the U.S. has failed to catch up with the development and implementation of these technologies, as some states are struggling to fill in the gaps.  While at least 35 states plus the District of Columbia have proposed nearly 200 privacy protection bills in 2022, at least 7 states have introduced laws specifically addressing biometric data collection including California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York.  Currently, the Illinois ‘Biometric Information Privacy Act,’ passed in 2008, is the strongest legislation in the country to protect citizens from unauthorized biometric data collection, allowing citizens the right to sue for violations.  Texas and Washington have enacted laws to address protections against the collection of biometric data as well.  The ‘California Consumer Privacy Act’ and the New York ‘Stop Hacks and Improve Electronic Data Security’ laws do also address some protections against biometric data collection.  While Massachusetts passed state-wide restrictions on facial recognition use for law enforcement purposes, Virginia replaced their state’s complete ban on facial recognition used by law enforcement for a bill that allows the use of facial recognition within certain limitations.

As lawmakers fail to effectively regulate the ever-growing appetite for our biometric information, the responsibility lies on the public to stay well informed as to the many ways this private data is collected and exploited.

On Your Body

The global market for smart watches and smart wearable devices has grown to roughly $20 billion in 2022, and is expected to reach over $30 billion by 2026, with about one-in-five adults in the United States wearing them regularly.  Despite the fact that most privacy policies for wearable devices admit that user information is shared with third parties, consumers are not well informed about who has access to their data and how it may be used.  Concerns over the exploitation of users’ private health information have grown since Google acquired Fitbit, one of the largest wearable technology companies.  We have seen how this technology has been weaponized against the people in China, where citizens are forced to wear devices that collect their biometric information, track their location, and can even scrape data from the users’ cell phones.

Aside from wearables, a market is emerging for ‘ingestibles’ that read biometric information.  During a 2018 World Economic Forum Conference, Pfizer CEO Albert Bourla referred to a pill that had received FDA approval, which contains a “chip that is in the tablet, and once you take the tablet and [it] dissolves into your stomach, [it] sends a signal that you took the tablet.  So, imagine the implications of that – compliance.”  When discussing the risks for patient privacy and data breaches, professor of neurology at Georgetown University Medical Center responded, “Could this type of device be used for real-time surveillance?  The answer is of course it could.”

On Your Phone

While the market for mobile biometrics was valued at over $18 billion in 2019, it is projected to reach nearly $75 billion by 2025.  By 2020, an estimated 80% of smartphones in Asia, Western Europe and North America have enabled biometrics data collection.  With features such as facial recognition and fingerprint authentication, users compromise the privacy of their biometric identifiers in exchange for the convenience of no longer using passwords or PIN numbers.  The popular iPhone company, Apple, has faced a class action lawsuit based on its Photos app, which was alleged to perform facial scans of users’ photos and store them in secret facial recognition databases, violating the Illinois Biometric Information Privacy Act.  Biometric authentication algorithms from cell phone company, Samsung, were stolen and leaked by a hacker group, raising questions about the privacy and security of biometric information collected and stored from mobile devices.

Meanwhile, popular mobile apps like Facebook, Snapchat and TikTok have been collecting users’ biometric identifiers without their knowledge or consent.  Facebook recently reached a $650 million settlement in a class action lawsuit which alleged that the social media company collected and stored digital scans of users’ faces in violation of the Illinois Biometric Information Privacy Act.  Facebook claims they have since shut down their facial recognition system and deleted facial recognition templates for over 1 billion people.  Texas filed a similar lawsuit against Facebook for the collection of biometric information without informed consent, as well as the failure to destroy that information within a reasonable timeframe.  Additionally, Snapchat is facing a class action lawsuit over claims that the popular social media app’s face scan technology to create, obtain and store users’ biometric identifiers is in violation of the Illinois Biometric Information Privacy Act.  As for TikTok, the Chinese-connected company updated their privacy policy last year to notify users that the app “may collect biometric identifiers and biometric information,” including “faceprints and voiceprints.”  The popular mobile app has been under scrutiny for its close association with the Chinese government as well as the collection of personal data from U.S. citizens.

In Your Home

Google Chrome and Microsoft Edge are the 2 dominating web browsers commonly found on personal computers in U.S. homes, with a combined market share of about 72%.  Google has agreed to pay $100 million in the settlement of a class action lawsuit for facial recognition features used to automatically identify individuals from photos and videos uploaded to Google Photos.  Microsoft is facing a similar lawsuit for biometric identifiers collected by its Photos application.

Amazon has also faced lawsuits for the collection, usage and storage of users’ voiceprints through Alexa without their knowledge or consent.  Furthermore, Amazon has admitted that its Ring security camera recordings have been submitted to law enforcement without the knowledge or consent of the owners, raising broader questions about Amazon’s role in creating a web of surveillance systems throughout the home and around the world.

Last year, the IRS quietly updated their login page to announce that taxpayers would no longer have the ability to access their records from personal computers at home using their passwords, rather they would be required to set up an ID.me account with an identity verification service that collects biometric information.  Fortunately, pushback from citizens and lawmakers forced the IRS to backtrack on their plans, but ID.me still has approximately 64 million users, most of whom were forced to sign up in order to receive state or federal assistance in the form of Covid assistance funds, child tax credit payments and unemployment insurance.

In Your School

Just as the public became aware of the gruesome Robb Elementary School shooting, within hours Clearview AI announced that it will be working with a U.S. company to sell “visitor management systems” to schools.  Clearview AI is a surveillance company facing legal challenges for its collection of 20 billion facial scans harvested from social media platforms, and which aims to collect 100 billion photos within the year to ensure “almost everyone in the world will be identifiable.”  Following the deadly attack in Uvalde, a panel of educators, legal professionals and biometrics experts convened a ‘School Safety Emergency Summit,’ to press for the expansion of biometrics in schools.  Despite a ban in New York State schools, two school districts plan to implement facial recognition security systems with biometric tools.  Several public school systems throughout the country have already installed facial recognition systems under the justification that they may help to prevent school shootings, while in fact these systems are designed to monitor much more.  For example, the facial recognition system deployed in Fulton County, Georgia was reportedly used to police student compliance with mask mandates.

The biometric information of children has also been collected in schools for the purposes of cashless payments for meals, tracking attendance, gauging their moods and behaviors, and entraining children to accept the reality of constant surveillance.  A recent report on ‘The State of biometrics 2022: A Review of Policy and Practice in UK Education,’ suggests that a staggering 75% of secondary schools in the UK are using biometric technology, from “facial recognition and fingerprints in canteens [cafeterias] to AI using bodily data to make inferences of emotional detection and attentiveness through articulated human pose estimation.”  Widespread use of biometric systems in UK schools have renewed calls for urgently needed legal protections of privacy, especially for children.  For example, the Swedish Data Protection Authority fined a local authority for the use of facial recognition on high school students in violation of regulations protecting their biometric data.

As for students in China, biometric information is constantly collected to monitor everything from attendance to their level of attention.  According to a recent report, classrooms in China “have robots that analyze students’ health and engagement levels.  Students wear uniforms with chips that track their locations.  There are even surveillance cameras that monitor how often students check their phones or yawn during classes.”  The report adds that the biometric data collected goes to Chinese government funded research projects and “there is likely no privacy protection at all.”

At Your Work

The market for monitoring biometric information in the workplace has exploded, with the amount of businesses “using biometric authentication on smartphone apps for workforce access” growing from less than 5% in 2018 to 70% in 2022.  However, a recent survey found that only 31% of employees “are willing to share biometric data to ensure safe entrance into a workplace.”  The use of biometric identifiers for the purposes of opening doors, logging into computers, using shared devices like printers, and monitoring time and attendance are becoming common practice in the workplace.  Some employers even offer an opportunity to reduce the cost of health benefits if workers complete a biometric screening.

Several companies in Illinois have been hit with class action lawsuits, in violation of the Biometric Information Privacy Act, for the collection and storage of fingerprints from their employees which were used to clock in and out of work.  Another Illinois-based lawsuit in violation of the BIPA law alleged that a major vendor of biometric time clocks used an off-site third-party company to store biometric identifiers of employees.  In West Virginia, an employee was awarded damages for the use of a biometric time clock by his employer.  The employee was denied a religious accommodation by his employer based on his beliefs that biometric scanning “would make him take on the Mark of the Beast.”

At Your Bank, Your Store & Your Clinic

The Federal Trade Commission issued an alert on July 13, 2022, warning businesses about misuse of consumer information, stating that the agency would “vigorously enforce the law if [it] uncovers[s] illegal conduct that exploits Americans’ location, health, or other sensitive data.”  Consumers are faced with biometric data collection at every turn, with banks, retailers, hospitals, and clinics deploying these technologies at a rapid pace.  This year, banks are focused on a mass deployment of biometric payment cards with embedded chips containing biometric identifiers such as fingerprints, eye retina, iris scanning, facial patterns and voice recognition.  The global market for biometric payment cards was valued at over $15 million in 2021 and is expected to reach $2.7 billion by 2027, with increasing demand across banking and retail sectors.

The use of biometric surveillance systems in retail is also gaining momentum.  In 2018, Amazon developed the concept of using surveillance systems, machine learning, biometric information, and QR codes in their Amazon Go convenience store to offer consumers a ‘checkout-free’ experience.  With the wave of their palm, the scan of a QR code or the scan of a payment card, customers enter the store and are surveilled as they shop.  Their computer technology recognizes the items each individual takes from the shelves and charges the customers as they exit the store.  Amazon’s “Just Walk Out” technology and palm scanning “Amazon One” technology has since expanded to Whole Foods as well as other stores, and the innovation is making impacts on the entire retail sector.

Hospitals and clinics are also expanding their usage of biometric surveillance and data collection.  The healthcare biometrics market is valued at over $29 billion in 2022 and expected to reach a value of $79 billion by 2030.  North America has the highest growth of the healthcare biometrics market as hospitals and clinics push to modernize their systems.  European nations account for the second largest market for healthcare biometrics as governments have driven the initiative to modernize healthcare facilities.

Wherever You Travel

Biometric data collection is already operational in dozens of U.S. airports.  A frequent flyer program known as CLEAR offers fingerprint or iris authentication for boarding in more than 32 airports in the U.S.   American Airlines has announced they will be using facial recognition to verify U.S. passengers’ information.  Passengers may enter checkpoints using QR codes and facial scans, which shares biometric data with the Department of Homeland Security.  Tampa International Airport has become the latest to introduce biometric screening for international flights.  By 2024, U.S. Customs will require the use of biometric scanners for all U.S. international flights.  In 2022, TSA has deployed a phased rollout of digital IDs in which a scanning device will “display the passenger’s biometric match and digital ID authentication results,” at the checkpoint. The UK government just announced plans to deploy the widespread use of biometrics systems for travel and border entry of both immigrants and British citizens by 2025.

Travelers on the road are also facing more intrusion from biometric surveillance and data collection.  Mobile driver’s licenses (mDLs) are digital credentials that store all of the same information as traditional driver’s licenses.  The difference is that mDLs store this information on a user’s smartphone or digital wallet and mDLs will likely have a biometric component as well. Mobile driver’s licenses are on the rise in about 30 states in the United States, with the pace of adopting mDLs tripling in 2021.  TSA will be allowing mDLs for identity authentication at airport checkpoints through its phased rollout of digital ID.

Additionally, drivers have recently noticed new LED street lamps along the roadside that emit a blue or purple color, and according to Dr. Carrie Madej, may have the ability to “instantly have facial recognition… then the frequencies could be changed at such a fast rate that the intracranial pressure would increase… you would get nauseated and usually you puke.  Your vision would be disoriented.  You’d just be disabled… These particular lights that have been going up… can be used for that… They’re all connected within their own intranet.  They communicate with each other… It’s designed for AI to ultimately be able to control it.”

Final Thoughts

In the age of information, our biometric data is the ultimate prize.  At every turn, citizens, employees, and consumers are coerced into exchanging their privacy for convenience or safety.  Services offered freely to consumers come with the cost of handing over personal biometric identifiers, which reinforces the old adage that, “if it is free, then you’re the product.”  The public is sleepwalking into a global surveillance prison of our own creation.  The slow creep of these invasive technologies into every aspect of our lives must be resisted by the masses if we ever hope to break free from what has become the worldwide digital panopticon.

Subscribe to Corey’s Digs so you don’t miss a Dig!