By Zachary J. Goldberg, PhD, Trilateral Research
9th November 2020
Document and identity verification and authentication have become increasingly important in light of a rise in identity document fraud upon entry to the EU/Schengen area. Improperly obtained, forged, or counterfeit documents are being used to facilitate human trafficking and movement by terrorists across borders.
The D4FLY project is researching different technological solutions to help address these various types of fraud including iris scans, facial recognition, thermal face scans, somatotype scans, mobile sensors and AI algorithms to identify spoofing attempts/attacks with 3D masks or heavy makeup as well as the use of forged or counterfeit documents.
Accompanying these innovative solutions are critical ethical, societal, and privacy and data protection concerns.
- Will the biometric data collected in the project be kept secure?
- Will it only be used for the limited purposes of the project?
- How can we protect and promote the autonomy and human dignity of data subjects and future travelers?
- What risks to societal and individual wellbeing do the D4FLY tools pose?
- Can vulnerable populations be disproportionately or negatively affected by the tools?
As a first step in its assessment of these questions, the D4FLY project distinguishes two phases of analysis. First, it identifies and examines the data protection and privacy questions arising in the research and development of the tools during the life of the 3-year project. Second, it assesses the ethical, societal, privacy and data protection issues that could possibly arise if the D4FLY solutions are actually deployed as part of EU border security in the future.
To ensure that only minimal data is collected and limited to the purposes of research in the project, all partners learned about GDPR relevant regulations and proper research conduct with human subjects at an ethics, privacy and data protection workshop organized by ethics partner Trilateral Research and held in Amsterdam in January 2020. All data protection and privacy regulations and steps are outlined in the project’s Data Management Plan as well as in 16 different ethics deliverables submitted to the European Commission produced during the first 6 months of the project.
To identify and assess the potential issues that could arise with the deployment of the tools, Trilateral has carried out a privacy impact assessment in April 2020 and will conduct an ethical impact assessment and a legal analysis in the coming months, all of which will be made public on the D4FLY website. These documents will help ensure that partners are aware of the ethical and privacy concerns related to, for example, algorithmic bias, including racial bias in facial recognition, potential hardships posed on migrants and refugees needing to enter Europe, and the assessment of varying lived experiences of the technologies due to differences across gender, ethnic, ability and age.
These impact assessments are not limited to ethical and privacy concerns only; they also identify ethical and privacy opportunities. For example, using contactless iris scans for identity verification is preferable to asking travelers to touch a screen to provide their fingerprints in an age of pandemics. Further, iris scans can allow individuals who wish to wear face and body coverings, such as a niqab, to remain covered while being identified as they cross the border.
In these ways, the D4FLY project is dedicated to introduce solutions – focused on the integration and application of identity verification and fraud detection technology – that are aligned with European societal values and applicable legislation, and to proactively propose which measures can be taken to mitigate and avoid any harm to fundamental rights and European societal values.