Digital dragnet search: Government votes for biometric matching and AI analysis

Contents

The federal cabinet on Wednesday set in motion a package of laws that significantly expands the powers of security authorities in the digital space. Under the leadership of the Interior and Justice Ministries, the Federal Criminal Police Office (BKA), the Federal Police, and the Federal Office for Migration and Refugees will in the future be allowed to use technologies such as artificial intelligence and automated biometric matching.

The government wants to react to technological developments with this. Previously, officers often had to manually search social networks for photos of suspects. A tedious process that is now to be replaced by automation.

At the center of the new regulations of the three drafts, which are based on controversial preliminary drafts from the leading ministries, are changes to the Code of Criminal Procedure. The new Paragraph 98d StPO is intended to provide the basis for automated biometric online image matching. This would allow dragnet searches with biometric data from ongoing proceedings and publicly accessible information on the internet. Investigators could in the future automatically compare photos of suspects with images on social media to determine identity or whereabouts.

No permanent image database?

The government emphasizes that no permanent state image database will be built and real-time surveillance via public webcams will remain excluded. Experts consider these restrictions a farce: automated comparison of millions of web images in fractions of a second is technically impossible without first creating a structured, searchable database of all available faces. The measure is linked to the suspicion of a crime of “considerable importance,” which is considered broad. It now requires a judicial order, whereas initially a prosecutor's announcement should have been sufficient.

The second pillar of the reform is automated data analysis according to § 98e StPO. This involves networking previously isolated police databases and analyzing them using analysis software to identify cross-connections between cases more quickly.

Justice Minister Stefanie Hubig (SPD) emphasized: It would be negligent to withhold such instruments from the authorities. She assured that decisions would continue to be made by humans and not by AI systems. However, IT systems could also be trained in the future with real data from police databases to increase the performance of the algorithms.

Doubts about constitutionality

An alliance of 14 civil society organizations, including the Chaos Computer Club (CCC) and AlgorithmWatch, warned in advance of a paradigm shift towards mass surveillance. They complained that the new powers could mean the end of anonymity in public spaces. Especially the possibility of conducting biometric scans across the entire internet would be a massive infringement of fundamental rights. Critics point out that investigators could use services like Clearview AI or PimEyes, which endangers state control over sensitive data.

Konstantin von Notz, deputy faction leader of the Greens, sees the rule of law in danger: The planned instruments concern “by no means only persons in the direct focus of security authorities, but potentially everyone, including completely blameless citizens.” He accuses the Interior Ministry of neglecting the protection of citizens and questions the constitutionality of the drafts. The attempt to circumvent European civil rights by outsourcing data comparisons abroad is a delicate maneuver.

Lex Palantir and national security

Linked to the cipher of automated data analysis is the concern about a Lex Palantir. Civil society complains that the laws create the legal prerequisites for the use of this software, leading to technological dependence on a US corporation with an “anti-democratic agenda.” Von Notz calls the potential use of Palantir “maximally negligent.” Instead of modernizing the police's federal IT systems, backlogs are being masked with opaque algorithms.

Civil rights advocates also consider the measures incompatible with the EU's AI Regulation, which strictly regulates biometric remote identification. It should not be the case that every selfie on the net potentially becomes fodder for the security authorities' analysis software. The package, against which a petition with over 140,000 signatures is already running, now moves to the Bundestag and Bundesrat.

(vbr)