Immigration Reform: Biometric Cybersurveillance Quid Pro Quo?
From a privacy perspective, it’s good news that House Speaker John Boehner (R-Ohio) just put the ice on the House Republican leadership’s immigration reform efforts this week. Since 9/11, proposals for comprehensive immigration reform = proposals for comprehensive biometric cybersurveillance (e.g., tracking and identity screening through digital photos, digitalized fingerprints, iris scans, DNA and other bodily characteristics). In recent years, cybersurveillance programs have been introduced as a bargaining chip for the creation of a pathway to citizenship for millions of undocumented immigrants. Sexual harassment quid pro quo in the employment discrimination context: sleep with me or you’re fired. Cybersurveillance quid pro quo in the immigration reform context: implement biometric-based “identity management” programs (e.g., biometric-based “E-Verify” Internet-based identity screening) and other cybersurveillance systems or we’re never legalizing undocumented immigrants.
What this might mean is that, eventually, in the name of advancing immigration reform and border security, everyone could be lining up to give up their fingerprints, iris scans, DNA samples, etc., to the government for the privilege of entering the U.S. border, the workforce, airplanes and other transportation carriers, etc. Sounds hyperbolic? One member of Congress has suggested that Americans should give up their DNA for a DNA-based Social Security Card in the name of immigration reform. Electronic Frontier Foundation (EFF) Attorney Jennifer Lynch describes how DHS is now collecting the DNA of refugees in her report, “From Fingerprints to DNA: Biometric Data Collection in U.S. Immigrant Communities and Beyond“ (May 2012). DHS is researching portable and instant DNA screening technology. Presumedly, this will allow for the collection of DNA at the border for identity screening purposes in the similar manner that DHS is collecting and planning to collect other biometric data of U.S. visitors, such as digital photos and fingerprints, and iris scans.
As the Snowden disclosures indicate, the government’s appetite for data and post-9/11 big data policymaking is near limitless. In a recently-published report, “What the Government Does with Americans’ Data“ (December 2013), the careful research of Rachel Levinson-Waldman, Counsel for the Brennan Center for Justice’s Liberty and National Security Program, suggests the many ways in which data gathered by the government can be shared across multiple agencies. This means that, potentially, the biometric and biographical data that DHS collects for border security and homeland security purposes can be shared with the NSA, CIA, and FBI, and other organizations. Georgetown Law Professor Laura Donohue, in her Article, “Technological Leap, Statutory Gap, and Constitutional Abyss: Remote Biometric Identification Comes of Age” (published in Minnesota Law Review in 2012), explains well that newly-emerging biometric tracking technologies may fall outside of existing statutory and constitutional protections.
In short, once the immigration reform train leaves the station in the House, “cybersurveillance quid pro quo” will likely take over as a driving force, as it has in the Senate. But, it is unlikely that most Americans will see the privacy body bags. Cybersurveillance quid pro quo is like a bedroom secret. It’s like a statutory-regulatory-boardroom and technocratic-technological-backroom secret–a behind-the-scenes, law-as-sausage-deal-making phenomenon. But, to try to see how cybersurveillance quid pro quo works, we can quickly look at two recent immigration reform efforts: (1) the January 2014 House Republican immigration reform outline and (2) the June 2013 Bipartisan Senate immigration reform bill.
Just about one week ago, on January 30, 2014, House Republican leadership released a one-page outline titled, “Standards for Immigration Reform”. Under the title of “Implement Entry-Exit Visa Tracking System”, the outline states: “A fully functioning Entry-Exit System has been mandated by eight separate statutes over the last 17 years. At least three of these laws call for this system to be biometric, using technology to verify identity and prevent fraud.” The House Republican outline is just one page, so it doesn’t discuss what type of biometric data would be required for a new Entry-Exit System. Under the current US-VISIT program, however, DHS collects digitalized fingerprints of visitors at the border and is exploring an expansion into facial recognition technology and iris scans. It is unclear whether, under immigration reform, US-VISIT-type biometric data collection and database screening would eventually expand beyond non-citizens and encompass all U.S. citizens as well.
A potential signal that immigration reform efforts might eventually encompass the biometric data collection and database screening of U.S. citizens, it’s useful to read the next paragraph of the January 2014 House Republican immigration reform outline, titled, “Employment Verification and Workplace Enforcement.” Under the Immigration Reform and Control Act of 1984, employers face civil and criminal penalties if they do not verify that new hires are lawfully authorized to work in the U.S. through paper-based document inspection (e.g., inspecting Social Security Cards and Passports of new employees). In this part of the January 2014 House Republican immigration reform outline, it reads: “In the 21st century, it is unacceptable that the majority of employees have their work eligibility verified through a paper-based system wrought with fraud. It is past time for this country to fully implement a workable electronic employment verification system.” Once again, the House Republican outline is just one page, so it is low on specifics on what “a workable electronic employment verification system” might look like or whether it would include biometric data collection and database screening.
For potential clues, it is helpful to turn to the Senate’s Bipartisan Comprehensive Immigration Reform Bill, S. 744, passed by the Senate on June 27, 2013 by a vote of 68-32. As I discuss in my Article, “Biometric ID Cybersurveillance” (published in Indiana Law Journal in 2013), the Senate’s Immigration Reform Proposal that was released in April 2013 used the word “biometric” 24 times in 11 separate provisions, predominantly in Titles II and III of the bill. Title III of the legislation requires that, within the next few years, employers must conduct Internet-database screening through E-Verify to “verify” the identity of all new employees. Under this bill, the E-Verify program will also require employers to conduct a forensic-like photo inspection: comparing a digital photo of the employee, uploaded over the Internet through E-Verify’s “Photo Tool,” with the individual who is applying for a job. Unfortunately, E-Verify won’t work.
First, E-Verify is still a test pilot program and, technically, it is still a voluntary program. Employers can currently volunteer with DHS to receive free online software to test the Internet-driven database screening system on new employees (e.g., volunteer to collect personally identifiable data such as Social Security Numbers, date of birth, etc., and run this information through government databases over the Internet in an attempt to verify the new employee’s identity). Through immigration reform, Congress is trying to turn this test pilot program into a nationwide, mandatory database screening system for all newly-hired employees. Unfortunately, this database screening program is an experimental technology that simply isn’t ready for prime time. Numerous reports have concluded that it is flawed because the underlying government databases are incomplete and error-filled, and also because employers misuse or fail to properly use the system. Next, E-Verify can’t detect identity theft-it can only match the data provided by the employee with the government’s databases. The “Photo Tool” is meant to correct this problem. But, the “Photo Tool” won’t work either. There is no universal digitalized photo database in existence right now, and the photo databases the government does have are not regularly updated to reflect our changing appearance (shaved mustache, new haircut, facelift, etc.).
The E-Verify “Photo Tool” basically invites employers to conduct a form of biometric analysis. At best, this analysis is likely to be highly subjective and not likely to conform to any reliable standards. At worst, the photo inspection process may invite racial profiling and other forms of discrimination. Studies have proven that E-Verify results in widespread discrimination and poses other significant challenges to U.S. workers. Potential racial profiling challenges under E-Verify are likely to be magnified with the implementation of the “Photo Tool.” Eventually, the government may try to “fix” E-Verify by adding an automated biometric database matching protocol through facial recognition technology, or perhaps with database screening of fingerprints or iris scans, etc. But, that would likely make things worse as well. Studies have concluded that biometric database screening and matching technologies are not accurate enough to conduct this type biometric identification verification on a national, mass scale. Plus, a biometric database screening protocol would invite an employer to engage in direct biometric data collection and forensic screening, which could layer new dimensions of other constitutional and other privacy law difficulties on top of a program that is already shaky.
In short, many employers fail to understand their obligations under E-Verify or how to correct problems that they encounter with the system. And many employees are confused about or unaware of the discrimination they may have suffered under the system. Also, because the database screening can occur in secret, and an employer may not let an employee know about the results of the database screening, an employee simply might not know about any potential denial of rights that may have occurred as a result of the screening and “Photo Tool” inspection. According to some research estimates, during the “testing” stage of the E-Verify pilot program, thousands of U.S. citizens and lawful immigrants may have been denied work opportunities. Sometimes E-Verify denies work opportunities as a result of simple database errors or other technological and bureaucracy issues. And other times, it is the result of discrimination or a lack of due process. Once E-Verify becomes mandatory, it is likely that perhaps many more thousands of U.S. citizens and others will suffer under the system.
Finally, E-Verify, once made mandatory, will create a national identification program that will likely result in significant, long-term cybersurveillance-body tracking and dataveillance-biographical tracking consequences. These consequences will likely test numerous constitutional and Bill of Rights protections. Former Congressman Bob Barr (R-Ga.) has referred to E-Verify as a “Stealth National ID” program. It appears that members of the Senate are sensitive to this criticism about E-Verify. The Senate bill, right before it introduces the requirement of E-Verify, states this: “Nothing in this section may be construed to directly or indirectly authorize the issuance, use, or establishment of a national identification card.” E-Verify is not a “national identification card.” It creates an entire Internet-based, database-driven national identification system. This is why Jim Harper, Director of Information Policy Studies at the CATO Institute, has called E-Verify a “cardless” national ID system. Therefore, E-Verify poses the same types of risks and challenges to an open democratic society as the “national identification card” that the Senate prohibits in the bill. E-Verify has been criticized by multiple organizations that fall on all sides of the political spectrum, various scholars, independent researches, and members of Congress. In addition to former Congressman Barr and Jim Harper, other prominent critics of E-Verify include: Representative Zoe Lofgren (D-Calif.), Chris Calabrese, Legislative Counsel for Privacy at the ACLU‘s Washington Legislative Office, Lewis and Clark Law Professor Juliet Stumpf, author of “Getting to Work: Why Nobody Cares About E-Verify (And Why They Should)” (published in UC Irvine Law Review in 2012), and others. (In recent years, multiple organizations have discussed E-Verify and have issued reports on E-Verify, including Westat, GAO, Migration Policy Institute, Immigration Policy Center, and the National Immigration Law Center).
The American public deserves to understand why E-Verify contains the metastatic cells of a cybersurveillance cancer and to debate it on those terms.
Finally, in the words of UCLA Law Professor Hiroshi Motomura, undocumented immigrants are “Americans in Waiting.” These “Americans in Waiting” deserve a pathway to citizenship. Professor Elizabeth Cohen at Syracuse University’s Maxwell School of Citizenship and Public Affairs addresses this issue in a February 2013 Washington Post Op-Ed, titled: “Should Illegal Immigrants Become U.S. Citizens? Let’s Ask the Framers.” Professor Cohen states: “The founders had a clear answer: People who immigrated and spent years building lives in this country deserved citizenship. They were also keenly aware that making new immigrants wait a long time for citizenship denied them the very rights that Americans had just fought to claim for themselves.”
It is critical not to hold a pathway to citizenship hostage to a biometric-based “E-Verify” program, a dramatic expansion of the DHS drone fleet, a “high-tech” national ID system like a DNA-based Social Security Card, or other biometric-based identity management systems and other cybersurveillance programs. But, for now, immigration reform has been shelved by the House. After the Republican House leadership issued its one-page outline on immigration reform on January 30, 2014: “A week later, Mr. Boehner shelved the issue, declaring Thursday that he could not move forward with a comprehensive overhaul of the nation’s immigration laws until President Obama won the trust of the Republican conference.”
Now that immigration reform has stalled, yet again, some are calling for an incremental approach to immigration reform rather than a comprehensive approach. Under this incremental approach, the Republican House leadership has previously emphasized the need for a “step by step” approach where immigration reform is tackled in “bite size pieces”. This step by step approach, for example, might include a strategy that pushes the passage of more border security legislation and mandatory E-Verify legislation first, and then promising to address legalization of undocumented immigrants in later bills, for instance, once the border is “secured”. The House has attempted to cut loose mandatory E-Verify legislation in the past. In other words, why tie mandatory national expansion of E-Verify to comprehensive immigration reform legislation? Just pass mandatory E-Verify legislation first as a separate bill. Yet, this is just a variation on the quid pro quo theme. Quid pro quo in the sexual harassment context: instead of sleep with me or you’re fired, it’s kiss me and you might get a raise. Quid pro quo in the immigration reform context: drones and E-Verify first and then let’s talk about the potential legalization of “Americans in Waiting” at some indeterminate, future date. If “Americans in Waiting” deserve a pathway to citizenship, they deserve a pathway with no cybersurveillance strings attached.
Biometric cybersurveillance quid pro quo is not just bad for privacy, it’s also immigration policy blackmail. The recommended implementation of increasingly invasive and expansive biometric cybersurveillance is a potentially unconstitutional bargaining chip for immigration reform legislation.