Facial recognition: harsh criticism for "all-round biometric surveillance"

With its "security package", which it hastily adopted on Thursday following the deadly Solingen knife attack, the German government wants to introduce "authorization for biometric comparison of generally publicly accessible Internet data ('facial recognition')" for the investigating authorities. The aim is to "facilitate the identification of suspects or wanted persons". This has sparked protests in civil society. For example, the Chaos Computer Club (CCC) and the Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung (FIfF) have warned of a "biometric surveillance excess". The planned automated collection of facial images from the Internet, which Federal Interior Minister Nancy Faeser (SPD) already envisaged with her draft amendment to the law for the Federal Criminal Police Office (BKA), is "an attack on the privacy of all – without clear necessity or benefit".

The CCC fears "a new low in the ongoing dismantling of fundamental rights" and a "dystopian future". This is in clear contradiction to the coalition agreement. In addition, the government is entangling itself in contradictions with its reference to the EU regulation on artificial intelligence (AI): this prohibits the use of AI systems to create or expand databases for biometric facial recognition through the mass, aimless reading of facial photos from the internet. However, this is precisely what the package is intended to do. According to the draft for the reform of the BKA law, "movement, action or speech patterns" are even to be collected from the internet.

The government also wants to enable the "automated analysis of police data by the BKA and the federal police" supported by AI as well as the testing and training of data for AI applications for big data analyses in the style of Palantir & Co. This practically means "that the entire zoo of police databases" should be brought together and searched automatically, complain the CCC and FIfF. The government is apparently "ignoring the susceptibility to errors and risks of AI and buying into the AI hype". Data protectionists and legal experts have long warned that the presumption of innocence would be lost if the police were allowed to use AI to search through huge amounts of data.

"More surveillance does not lead to more security"

The coalition "seems to be lapsing into blind actionism in these challenging times", criticizes Erik Tuchtfeld, Co-Chairman of the SPD-affiliated digital policy association D64. It is trying to "trump the conservative security policy of the past two decades that is hostile to fundamental rights". The Federal Office for Migration and Refugees should even be allowed to search the internet automatically for people without any initial suspicion of a criminal offense. This is only possible "if huge, indiscriminate facial databases are created". This is incompatible with EU law. Matthias Spielkamp, Managing Director of AlgorithmWatch, points out: "More surveillance leads above all to more lack of freedom, not more security." The German Bar Association believes that ultimately, "every smartphone would become a potential state video surveillance system".

North Rhine-Westphalia's Minister-President Hendrik Wüst (CDU), meanwhile, demanded in a special session of the NRW state parliament on Solingen: The security authorities need to know "what is going on on the internet – and also in messenger services". Data protection is a major obstacle to this. This safeguards a "supposed freedom" in the digital space and "too often prevents us from protecting our freedom in real life as effectively as we could have done a long time ago". The protection of data – for example through encryption – must take a back seat more often in terms of a new balance towards security. At the same time, the Christian Democrat emphasized: "We need constitutionally compliant data retention." Jochen Kopelke, Chairman of the Police Union (GdP), echoed this sentiment: "We expected more powers." Above all, he misses the specifications for storing IP addresses without cause.

(anw)