In the final article of this series, Joshua Steinhauer discusses three important areas that should
be considered when evaluating the benefit of establishing a full spectrum identity management programme that would integrate a government’s intelligence capability with that of its law enforcement organisations to mitigate and combat extremist persons and organisations. These areas should be discussed to help foster a collaborative environment from which solutions to
these problems can be drawn upon.
The first section deals with the advancements in social media and the use of it by extremist individuals and organisations. Then we will discuss what a fully integrated identity management programme may look like and we end with a discussion on privacy rights versus the need for greater security.
Advancements in social media
We live in a day and age in which technology has enabled people to share ideas and to communicate across the globe on an individual level like never before. The internet has enabled a person living on one side of the world to share their ideas or views with anyone on the other side of the world. As phenomenal as the internet is, it is also a platform that can be used for evil purposes. As the Arab Spring unfolded in 2011, the use of social media to rally individuals in Tunisia and Libya to overthrow their governments was nothing short of amazing. Individuals who had never met each other, yet shared the same ideas and disdain for their government, were able to coordinate large‑scale demonstrations and riots that ultimately led to massive political changes within their country.
Islamic extremists also see social media as a tool that can be used to further their own agendas by leveraging the population’s disdain for their government to expand their own ranks and push for a new Islamic fundamentalist government. This was evident in the rise of the Muslim Brotherhood in Egypt and the ousting of the moderate Egyptian leader Mubarak.
As Egypt descended into chaos and disorder, the Brotherhood was elected to lead Egypt. They quickly began to reorganise the government with individuals who also believed in Sharia law and a pure Muslim state. The Arab Spring revolt quickly expanded into Syria, Yemen and several other countries. Instead of stepping down or allowing the protests to gain momentum in Syria, President Assad ordered his military forces to put down the uprising. The heavy tactics employed by the Assad regime quickly backfired and resulted in a fracturing of Syria along ethnic and political lines. Extremists operating in Iraq and the border region with Syria recognised this – and the effectiveness of social media – as an opportunity for them to capture land and create their own Islamic State. As the civil war dragged on, the ranks of the Islamic State of Iraq and Syria (ISIS) began to quickly swell to over ten thousand fighters. Through a very savvy social media group within ISIS, they have been able to develop numerous recruitment and propaganda programmes aimed at attracting young disenfranchised youth from Europe to join their cause. It is now estimated that over ten thousand Europeans alone have travelled through Turkey to join ISIS and be a part of the vision of an Islamic State that ISIS has established.
Given these advancements, the question facing governments and civilian law enforcement is how they are going to deal with what can only be described as a global Islamic extremist movement that has now engulfed several countries with civil war, and has expanded beyond the Middle East and North Africa. Going back to our discussion in part one of this series, ‘How anonymity was removed from the battlefield’, we know anonymity is the greatest tool extremists possess.1 As a global society, how far are we willing to go to contain this ideology of Islamic extremism from threatening the rest of mainstream Islam (which has renounced this ideology of hate) and protect our free and open societies? We need to pool our resources, putting aside our differences, and recognise that this is perhaps the greatest threat modern civilisation currently faces. The US Government and the Department of Defense (DOD), along with numerous allied and partnered nations across the world, collectively possess the capability to combat this threat to society. We need to find a way to build consensus among the various governments involved to integrate an identity management programme that spans across the intelligence community and fuses these data with civilian law enforcement.
Roadmap to a globally integrated identity management programme
To provide a reference point for this discussion, we will examine aspects of the US identity management programme and illustrate how it could be further advanced demonstrating what a global identity management programme could look like. As discussed in part three of this series, ‘The Electronic Border and the Biometric Passport’, the US maintains three bio-metric databases.2 These databases, held by the DOD, the FBI, and the Department of Homeland Security (DHS), are tied together allowing all three agencies to share and search biometric records against each other’s holdings. For instance, when someone purchases a plane ticket to the US, their biographical data are searched against the various biographical databases held in the US to determine if the individual poses a potential threat to the US. Once the individual has landed in the US, they proceed to customs where their biometrics are captured (facial images, ten‑print fingerprints and iris images) and then electronically searched against all three biometric databases and Interpol to determine if there is a match, and if so, what type of match it is.
Using biometrics as a PIN
Putting aside the issue of sovereignty and privacy for the moment, let us expand upon the US identity management programme and look at a potential future of what a more advanced programme may look like if it were to include the European Union and other European countries. Given the advancements in technology and high-speed communications, I believe this is a realistic possibility. Imagine a country establishing a biometrically-enabled national identity card that included the person’s ten‑print fingerprints, three‑point facial images and both iris images. If this concept were taken a little further and incorporated into the bank accounts of that card holder, it would require them to biometrically verify their purchases using their new identity card, similar to how an individual has to enter a PIN when using their debit card. Aside from the positive aspect of virtually eliminating credit/debit card fraud (since a user would need to verify their biometrics against those of the biometric identity card), such a card would greatly reduce the ability of extremists to maintain anonymity, restrict their movements and reduce their capacity to purchase items within that country.
Surveillance camera system
Most US and European cities employ some sort of surveillance camera system, with London probably being the most surveilled city in the world. Governments could place quick capture iris cameras at every road intersection, parks, and at public places to continuously and effectively identify individuals, creating an electronic fence to protect their citizens without a heavy police or military presence. These images would be searched against government databases to determine if the individuals are on any government watch list or wanted by local law enforcement, Interpol or any other government. If a match is made while the individual is going about their daily business, they can be tracked and monitored until a decision is made to either continue to monitor their movements or arrest them. Through the establishment of international data sharing agreements, governments can conduct searches against each other’s databases, allowing for greater law enforcement and counterterrorism efforts as well as sharing of information and capabilities.
The implications of such a programme on society as a whole would be immense; individuals who run a red light at a traffic intersection could be identified and fined immediately. Forensic evidence from an individual left at a crime scene could quickly be searched, and the individual found and detained within days if not hours. Identity theft and credit card fraud would be greatly reduced as individuals would be required to use their identity card and a biometric verification compared against that card to purchase everything from food to petrol. Individuals travelling from one country to another would use their identity card to check‑out of the country they are presently in and check‑in to the country they are entering; this would enable countries to know who is entering or exiting their country and track individuals who have overstayed their visa or committed a crime and are now trying to flee to another country.
Government overreach and privacy rights
Shortly after the 9/11 terrorist attacks on the US in 2001, it was determined that had the various intelligence, defence and law enforcement agencies been sharing information with each other, these terrorist attacks most likely could have been prevented. Although the creation of a Department of Homeland Security had been proposed in January 2001, its establishment was expedited in response to the terrorist attacks. According to the DHS website, the department works “through close federal and international partnerships (…) to ensure that resources and information are available to state and local law enforcement, giving those on the frontlines the tools they need to protect local communities.3PATRIOT Act
Despite the creation of DHS, law enforcement entities were still heavily restricted on the type of information that could be collected while still staying within the parameters of the US Constitution and the Bill of Rights. Numerous laws regarding the collecting of information on individuals were developed in the late 1970s and early 1980s. As these laws had not been updated to reflect the changes in technology, such as the internet and mobile cell phones, a new law needed to be created. On 26 October 2001, the US Congress and the then President George W. Bush established the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act). This law allows law enforcement officials to bring classified information of individuals or organisations they believe to pose a risk to national security to a secret federal judge under the old Foreign Intelligence Surveillance Act (FISA) of 1978 to obtain secret warrants against the individual(s) or organisations. This allows law enforcement entities to include the US intelligence community to actively collect information against US citizens, which is strictly against the US Constitution. Article Four of the US Constitution explicitly says
“The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Therefore, because the PATRIOT Act enables law enforcement and intelligence entities virtually unrestricted collection of data against an individual, many Americans believe this law goes beyond what is constitutionally authorised, as any warrant needs to be specific (for example, authorising the collection of a specific phone number the individual is calling or receiving a call from, or searching an individual’s home as opposed to their vehicle).
The National Security Agency (NSA) believes the PATRIOT Act along with secret Department of Justice memos give them the authority to collect metadata of every phone number, text, email and chat room conversation in the United States and globally. The argument they make is that they are only scouring metadata to see if any known aliases, phone numbers, emails and online names of Known or Suspected Terrorists (KST) or persons of interest are communicating with someone, and then monitoring those specific conversations. The problem is that none of the data that was collected from the individuals was given a warrant by a FISA court or other judicial process. Article Six of the Constitution states,
“In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defense.”
Yet if the data being leveraged against a person are classified or not available to be shared publicly, then an individual cannot confront the information or witnesses against them violating their constitutional rights.
Aside from the constitutional issues with the NSA activities and the PATRIOT Act, one has to question how much trust one can place in a government retaining this level of personal information of their citizens. This information may be used in the proper context as a counterterrorism tool now, but one cannot rule out the possibility that it could also be used against a person during a different presidential administration that may seek to use the power of the government to target their political enemies. A balance needs to be struck between the public and the government as to how much privacy a person should have versus the need for information to identify and prevent terrorist threats from materialising.
The cost of freedom versus security
Do we as a society want to move in the direction of a surveillance state in which the government electronically monitors our daily activities and prevents/intercepts terrorists prior to their attack without our knowledge, or do we work to maintain an open and free state and accept the risk that such a society may result in additional terrorist attacks happening? An argument could be made that the costs and invasive nature of a surveillance state outweigh the cost of a potential terrorist attack; that said, are people willing to forgive their government if an attack happened because they prevented the government from establishing a surveillance state and collecting more data? This is a difficult question to answer; however, there are other trade‑offs that could be made without having to make the idea of freedom vs. security a zero‑sum game. In part three of this series, a solution similar to what was described in Kosovo could be expanded to incorporate many more countries from around the world.2 The sharing of biometric and biographical data between government law enforcement entities through a global identity management programme would be less intrusive than a surveillance state, yet it would provide far more security both internally to the country and externally to their neighbours than a purely free and open society where individuals hold all of the privacy rights as opposed to the government maintaining some ability to intrude when necessary.
We have examined the problem and potential solutions and the privacy challenges those solutions will pose. Biometric security and data collection is a complex issue that does not have a clearly defined ‘correct’ answer that is appropriate for all parties. As countries move forward in evaluating the options put before them, there will be a lot to consider in terms of individual rights versus the need for collective protection. Culturally, some nations will gravitate towards a society that is more protective of privacy, whereas others will move farther on the spectrum towards group needs. These variations in beliefs and values will create a patchwork quilt of different policies in various countries and regions, ensuring that conversations about biometrics will need to be ongoing for many decades to come.
1 Steinhauer, J. (2014), US Biometric and Identity Intelligence Programme Part 1: How anonymity was removed from the battlefield. Keesing Journal of Documents & Identity,
Vol. 44, pp. 31‑35.
2 Steinhauer, J. (2015), US Biometric and Identity Intelligence Programme Part 3: The electronic border and the biometric passport. Keesing Journal of Documents & Identity,
Vol. 46, pp. 18-19.
3 Information Sharing. http://www.dhs.gov/topic/information-sharing.
Joshua Steinhauer worked in the area of Human Intelligence during the Iraq troop surge from 2006 through 2007 and then as a contractor in Iraq from 2008 through 2010. He then went on to become the Identity Operations Manager at US European Command in Germany before returning to the US in 2014. He has an MSc in Major Programme Management from the University of Oxford and holds degrees in International Studies and Political Science from the University of Wisconsin and an MBA.