It would be quite straightforward to make your biometric identity a public private key kind of setup. Companies have access to your public key and you yourself carry your private key as some sort of physical identification that is unlocked with a two-factor method. This way any physical biometric thing is done on a device you own that could be mandated to be open technology completely auditable to be secure and all you do is use your physical doodad to interface with their thing to authenticate that yes you are the private key holder for this given public key.
It would be much more secure than identification cards that we have now such as driver's licenses or passports. It would also be far more secure than the biometric style authentication they want to do now with them essentially owning a copy of your biometric data. But there is no profitability in true security and privacy for the citizens.
https://www.independent.co.uk/tech/taliban-afghanistan-biome... ("Taliban likely to have access to biometric databases of Afghan civilians who helped US" (2021))
- "The biometrics initiative was initially tested in 2002. Its goals then were to prevent criminals and Taliban insurgents from infiltrating the Afghan army and police force[...]"
- "The Taliban may also be using the Afghan government’s biometric-based ID card known as the Tazkira to track and target people, Ramanjit Singh Chima, Asia Pacific Policy Director at Access Now, told news agency Reuters."
- "Particularly at risk are individuals in central positions in the Afghan military, police and investigative units."
There is no repudiation, attestation or key rotation in this setup, with all the attendant problems that creates.
What I'm proposing puts the private key in your hands and requires you to locally do some sort of second Factor authentication to release it so it can be validated against the public key that the government or another entity has.
To issue or reissue or key rotate as you say can support the same methods we have now for determining identity and it also provides a better more secure method for determining identity.
You have to keep in mind perfect is the enemy of good and any solution that puts your identity in your own hands is massively better than what we have now and what any country has now.
But the above article is an example of the opposite case, where the authentication is for public security. In this situation, the individual cannot be entrusted with their own auth, so if each person were to use their own device, it would need to be quite tamper-proof. Seems far simpler at this point to do face / fingerprint auth, where the security guard ensures that no one is wearing a mask or fake finger. Yes, there is the concern that the bio-data could be stolen / misused, and for that reason I think that bio-auth for public safety should be limited to a single standard type (e.g. face), with the others being reserved only for private auth. That way, a compromise can be reached between public safety and individual privacy.
How would that work? Maybe the biometric part acts as a domain name from which the public key might be downloaded? Who is the custodian of face-public key pairs?
Las Vegas runs a fusion center which has some of the most invasive monitoring, capturing, metrics/data collection of most agencies.
They do the following: - license plate recognition on every intersection. - microphones through the city which listen to conversations - drones which fly into and above people’s back yards. - Weaponized drones, ie fly drones into windows to break them, or people to stop them - thermal imagine of people’s houses and backyards. - facial ID against social media from cameras, as well as NCIC and more. - they have fake social media profiles they use to follow pages, groups, individuals suspected of bad behavior - they purchase PI from brokers en masse and run against it. - they probably have more cameras than almost any city in the US. - they have taps into all casinos cameras and microphones.
… these are the same officers who are upset over the new facial ID policy.
Here’s a brief news clip. But I also know these details because I’ve seen them first hand.
https://www.fox5vegas.com/video/2023/11/14/fox5-takes-an-ins...
[1]:https://www.nytimes.com/2022/12/22/nyregion/madison-square-g...
"conversations with officers “making them very well aware of what they’re agreeing to.” But the decision may come down to what individual officers are comfortable with, Grammas said. Overtime security work is not mandatory for officers, but voluntary."
Maybe it's a cultural thing but blurring the line between an officer in their public capacity and what is basically private security at a sports event should be two separate things. Hiring the police out as a private security force where they then get to negotiate what rules they have to play by has a Judge Dredd vibe to it
It’s weird, and often sort of extortion
The work is voluntary overtime work.
They're not forced to accept voluntary overtime work. It's an optional thing they can choose to do above and beyond their base job, if the pay and terms are interesting enough.
I don't see why it's a problem. What are the alternatives? Forcing police to do security for private events inside of private venues as part of their job?
Police officers are public officials. As such, they do not have the right to have a second job or a side business by default. They may apply for a permit for a specific job, and it is usually approved if there are no obvious conflicts of interest or other reasons that could compromise their impartiality. Some jobs, such as private security, are automatically out of question.
If your event needs security, you hire private security. Police officers may have been involved in training the security personnel, but they can't work in the field. And if a uniformed police officer shows up at the event, it almost always means something has gone wrong.
If the stadium is such a hotbed of crime and disorder that private security can't handle it and they really need to escalate constantly to involve armed law enforcement, stop allowing it to host games at all.
There shouldn't be any middle ground - either the government sends the police to do whatever the government requires, or it does not - the policemen themselves should not get a choice, they exist to execute and enforce the government decisions, not make them.
These are usually pretty sweet overtime or moonlighting gigs, and where there’s a sweet gig for cops, there’s always an asshole or two ready to milk it.
Facebook’s Facial Recognition Data Collection and Potential Sales to Third Parties in Texas
Based on the provided search results, here are the key findings:
In 2022, Texas Attorney General Ken Paxton sued Meta Platforms, Facebook’s parent company, alleging that it collected facial recognition data without users’ consent, violating Texas state law.
The lawsuit claimed that Facebook repeatedly captured and commercialized biometric data in photos and videos for over a decade without informed consent, sharing the data with third parties and failing to destroy it in a reasonable timeframe.
The state alleged that Facebook’s actions put Texans’ well-being, safety, and security at risk, and sought damages of “billions of dollars.”
In 2024, Meta agreed to a $1.4 billion settlement in the biometric data lawsuit, related to the unauthorized use of personal biometric data from uploaded photos and videos on Facebook.
