Hostname: page-component-586b7cd67f-t7fkt Total loading time: 0 Render date: 2024-11-24T01:21:16.378Z Has data issue: false hasContentIssue false

Distinguishing Friend from Foe: Law and Policy in the Age of Battlefield Biometrics

Published online by Cambridge University Press:  09 March 2016

Alison Mitchell*
Affiliation:
(Queen’s University), (University of Ottawa), (New York University), Foreign Affairs, Trade, and Development Canada
Get access

Summary

In the space of just over ten years, the collection and use of biometric data in the context of international military operations has gone from being virtually unheard of to being an everyday occurrence. The Canadian and US armed forces operating in Afghanistan, for example, have together collected the digital fingerprints, eye scans, and digital photographs of more than 2.5 million Afghans. The introduction of biometrics technology to warfare has undoubtedly increased the security of the armed forces that use it and made it easier for them to kill or capture their enemies. Its effectiveness, reliability, and convenience have all been praised. Due in part to its novelty, however, law and policy relating to the use of biometrics in conflict situations remain underdeveloped. This underdevelopment poses considerable risks for the already vulnerable populations who are being subjected to these programs, potentially including violations of their right to privacy, misuse of their personal data, or their misidentification as enemies or threats. This article weighs these benefits and risks associated with biometrics technology. It analyzes the extent to which law and policy already govern the collection and use of biometrics by armed forces at both the domestic and international levels. It explores why the United States and Canada — the two states whose armed forces appear to be the most heavily engaged in the collection of biometric data abroad — have adopted such different policies with respect to the use of biometrics. It explains why the current international legal and policy vacuum in relation to battlefield biometrics is unacceptable and concludes that the time to discuss best practices is now. Ten non-legally binding guidelines are proposed for consideration and potential adoption by states.

Type
Notes and Comments / Notes et commentaires
Copyright
Copyright © The Canadian Council on International Law / Conseil Canadien de Droit International, representing the Board of Editors, Canadian Yearbook of International Law / Comité de Rédaction, Annuaire Canadien de Droit International 2013

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 Fisher, MatthewBiometrics Help to Separate Good from Bad,” Alberni Valley Times (4 August 2010), online: Postmedia News ˂http://wwwg.canada.com/ albernivalleytimes/news/story.html?id=f3b7edb5-ci4f-4d35-bgg9-g650078a4ff3˃.Google Scholar

2 Also sometimes called Handheld Interagency Identity Detection Equipment (HIIDE).

3 Graveland, BillBiometrics New Tool in War against Taliban” (3 August 2010), online: Canadian Press ˂http://news.ca.msn.com/canada/cp-article.aspx?cp -documentid=25080352˃.Google Scholar

4 Fisher, supra note 1.

5 Ibid.

6 Graveland, supra note 3.

7 This term appears to have been coined by an unknown reporter for GovInfoSecurity, a multimedia website published by the Information Security Media Group (ISMG). See Retooling Battlefield Biometrics for the Home Front (20 October 2009), online: ISMG˂http://www.govinfosecurity.com/articles. php?art_id=i872˃.

8 Safety and Security of US Borders, online: US Department of State ˂http://travel. state.gov/visa/immigrants/info/info_1336.html˃. See also Biometrics (2 November 2011), online: Citizenship and Immigration Canada ˂http://www.cic.gc.ca/english/department/biometrics.asp˃.

9 National Research Council, Biometric Recognition: Challenges and Opportunities (Washington, DC: National Academies Press, 2010) at 11, online: ˂ttp://www.nap.edu/openbook.php?record_id=12720&page=1˃.

10 National Science and Technology Council (NSTC), Subcommittee on Biometrics, Biometrics History (7 August 2006) at 1, online: ˂http://www.biometrics.gov/ documents/biohistory.pdf˃.

11 Ibid.

12 Hansell, SaulUse of Recognition Technology Grows in Everyday Transactions,” New York Times (20 August 1997), online: ˂http://www.nytimes.com/1997/08/20/ business/use-of-recognition-technology-grows-in-everyday-transactions.html˃.Google Scholar

13 Ibid. In 2006, Disney World began using thumb geometrics scanners to foil ticket cheats.

14 Lewis Hilburn, Staff SergeantSoldiers Learn the Importance of Biometrics” (9 March 2012), online: Defense Video and Imagery Distribution System ˂http://www.dvidshub.net/news/85025/soldiers-learn-importance-biometrics˃.Google Scholar

15 US Department of Defense (DOD), Biometrics Task Force Annual Report FY07 (October 2007), online: DOD ˂http://www.biometrics.dod.mil/Files/ Documents/AnnualReports/fy07.pdf˃ [Biometrics Task Force Annual Report FY07]. See also “Memorandum from Stenbit, John P Assistant Secretary of Defense, Department of Defense to Secretaries of the Military Services: DoD Strategic Plan for Biometrics” (28 June 2002), online: Department of Defense ˂http://www.biometrics.dod.mil/Files/Documents/PolicyFoundation/DoD_strategic_ plans.pdf˃.Google Scholar

16 DOD, supra note 15.

17 Ibid at 6.

18 DOD, Biometrics Task Force Annual Report FY11 (October 2011) at 7, online: DOD ˂http://www.biometrics.dod.mil/Files/Documents/AnnualReports/fy11.pdf˃. According to an article in The Economist, by July 2012 the US military and the Afghan government had collected the biometrics of 2.5 million Afghans. See “Biometrics in Afghanistan: The Eyes Have It,” The Economist (7 July 2012) 40, online: The Economist ˂http://www.economist.com/node/21558263˃.

19 “Biometrics in Afghanistan,” supra note 18.

20 See, for example, several of the photographs on the following webpage of an organization named “Public Intelligence.” ISAF/DoD Biometrics Tracking Afghanistan Photos (7 September, 2010), online: Public Intelligence ˂http://publicintelligence.net/isafdod-biometrics-tracking-afghanistan-photos/˃.

21 Nakashima, EllenPost-9/11 Dragnet Turns up Surprises; Biometrics Link Foreign Detainees to Arrests in US,” Washington Post (6 July 2008), online: Washington Post ˂http://www.washingtonpost.com/wp-dyn/content/article/2008/ 07/05/ AR2008070501831.html˃.Google Scholar

22 Magnuson, StewDefense Department under Pressure to Share Biometric Data,” National Defense: The NDIA’s Business and Technology Magazine (January 2009), online: National Defense Magazine ˂http://www.nationaldefensemagazine. org/archive/2009/January/Pages/DefenseDepartmentUnderPressureto ShareBiometricData.aspx˃.Google Scholar

23 Nakashima, supra note 21.

24 Monks, KieronUS Retains Private Biometric Data on Millions of Iraqis,” The Week (23 December 2011), online: The Week ˂http://www.theweek.co.uk/middle -east/43922/us-retains-private-biometric-data-millions-iraqis˃.Google Scholar

25 Ibid.

26 Office of the Press Secretary, National Security Presidential Directive and Homeland Security Presidential Directive, News Release (5 June 2008), online: White House Archives ˂http://georgewbush-whitehouse.archives.gov/news/releases/2008/ 06/20080605-8.html˃.

27 Department of Homeland Security (DHS), Testimony of Deputy Assistant Secretary for Policy Kathleen Kraninger, Screening Coordination, and Director Robert A Mocny, US-VISIT, National Protection and Programs Directorate, before the House Appropriations Committee, Subcommittee on Homeland Security, “Biometric Identification,” 111th Congress (19 March 2009), online: DHS ˂http://www.dhs.gov/ynews/testimony/ testimony_1237563811984.shtm˃. US-VISIT is a biometrics collection program that collects biometric data from visitors to the United States.

28 Ibid.

29 Quoted in Seffers, George IUS Defense Department Expands Biometrics Technologies, Information Sharing,” SIGNAL Magazine (October 2010), online: SIGNAL Magazine ˂http://www.biometrics.dod.mil/Files/Documents/Media/ 1010_SIGNAL.pdf˃.Google Scholar

30 DOD, “Introductory Video on Biometrics,” online: Biometrics Identity Management Agency h˂http://www.biometrics.dod.mil/˃.

31 Ibid at 2:56.

32 Graveland, supra note 3.

33 DOD, supra note 30 at 5:05.

34 Magnuson, supra note 22, quoting Konrad Trautman, Director of Intelligence, US DOD Special Operations Command.

35 Monks, supra note 24.

36 DOD, supra note 30 at 4:55.

37 Shanker, ThomTo Track Militants, US Has System That Never Forgets a Face,” New York Times (13 July 2011), online: New York Times ˂http://www.nytimes.com/ 2011/07/14/world/asia/14identity.html?pagewanted=all˃.Google Scholar

38 Ibid.

39 Ibid.

40 Graveland, supra note 3.

41 Biometric News Portal, Multimodal Biometrics, online: Biometric News Portal ˂http://www.biometricnewsportal.com/multimodal-biometrics.asp˃.

42 Adkins, Lauren DBiometrics: Weighing Convenience and National Security against Your Privacy” (2007) 13 Mich Telecomm & Tech L Rev 541 at 546.Google Scholar

43 Homeland Security News Wire, The Promise, and Risks, of Battlefield Biometrics (10 August 2010), online: Homeland Security News Wire ˂http://www.homeland securitynewswire.com/promise-and-risks-battlefield-biometrics˃.

44 Ibid.

45 See, for example, Walton, Patricia Biometrics Must Balance Privacy and Security (22 December 2004), online: CNN News ˂http://articles.cnn.com/2004-12-02/ tech/biometrics.story_1_biometrics-identification-technology-research-credit -card?_s=PM:TECH˃.Google Scholar

46 See, for example, Laban, JamesPrivacy Issues Surrounding Personal Information Systems” (April 1996) at 1112, online: State of Connecticut ˂http://www.ct.gov/ dss/lib/dss/PDFs/diprivac.pdf˃.Google Scholar

47 Conseil constitutionnel, Loi relative à la protection de l’identité, Doc JORF 5607, 2012-652 DC (22 March 2012), online: Conseil constitutionnel ˂http://www.conseil-constitutionnel.fr/conseil-constitutionnel/francais/les-decisions/acces -par-date/decisions-depuis-1959/2012/2012-652-dc/decision-n-2012-652-dc-du -22-mars-2012.105165.html˃. See also Rodriguez, Katitza and Sutton, Maira French Constitutional Court Bans Law Enforcement Use of National Biometric ID Database (30 March 2012), online: Electronic Frontier Foundation ˂https://www.eff.org/ deeplinks/2012/03/french-constitutional-court-bans-law-enforcement-use -biometric-data˃.Google Scholar

48 See, for example, DHS, supra note 27: “DHS and DOD have begun identifying ways the two departments can exchange information in a more systematic manner to further each other’s missions consistent with legal authorities and privacy” [emphasis added]. See also Office of the Press Secretary, supra note 26, which says its purpose is to establish a framework for sharing individuals’ biometrics “while respecting their information privacy and other legal rights under United States law.”

49 The study, which was once available online on the website of the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, is no longer accessible. It is, however, quoted and referred to in other sources, such as a Washington Post article by Ellen Nakashima, “Post-9/11 Dragnet Turns up Surprises: Biometrics Link Foreign Detainees to Arrests in US,” Washington Post (6 July 2008), online: Washington Post ˂http://articles.washingtonpost.com/ goo8-o7-o6/news/368ll733_l_terrorist-attacks-criminal-justice-information -services-thomas-e-bush-iii˃.

50 DOD, Directive Number 8521.01E (21 February 2008) at para 4.5, online: Defense Technical Information Centre ˂http://www.dtic.mil/whs/directives/corres/ pdf/852101p.pdf˃.

51 Ibid at para 5.4.5.

52 Magnuson, supra note 22.

53 There is a possibility, of course, that the United States’s decision not to share biometric data collected in Iraq with the Iraq government was informed partly by privacy concerns. It is more likely, however, that it had to do with concerns about the misuse of data.

54 Prabhakar, Salil, Pankanti, Sharath, and Jain, Anil KBiometric Recognition: Security and Privacy Concerns” (March-April 2003) 1 IEEE Security and Privacy 33 at 3435, online: Scribd ˂http://www.scribd.com/doc/45603576/ Biometric-Recognition-Security-and-Privacy-Concerns˃.CrossRefGoogle Scholar

55 National Research Council, supra note 9 at 1.

56 Ibid at 4.

57 Prabhakar, Pankanti, and Jain, supra note 54 at 34.

58 Ibid.

59 “Biometrics in Afghanistan,” supra note 18.

60 Giannelli, Paul CFingerprints: Misidentification” (2005–06) 20 Crim Just 50 Google Scholar

61 Mayfield v United States, 504 F Supp (2d) 1023 (Or Dist Ct 2007).

62 Ibid.

63 FBI National Press Office, Statement on Brandon Mayfield Case, Press Release (24 May 2004), online: FBI ˂http://www.fbi.gov/news/pressrel/press-releases/ statement-on-brandon-mayfield-case˃.

64 Prabhakar, Pankanti and Jain, supra note 54. See also Angwin, JuliaIris Recognition: The New Fingerprinting,” Wall Street Journal (13 July 2011), online: Wall Street Journal ˂http://blogs.wsj.com/digits/2011/07/13/iris-recognition -the-new-fingerprinting/˃ Google Scholar. Angwin cites a National Institute of Standards and Technology study in which iris recognition was found to have an error rate of one in a million.

65 Leonidou, MiltiadesIris Recognition: Closer Than We Think?” (2002) SANS Institute 9, online: SANS Institute ˂http://www.sans.org/reading_room/whitepapers/authentication/iris-recognition-closer-think_143˃ Google Scholar. These figures are from before 2002 and have no doubt improved in the meantime. Surprisingly, more recent figures appear to be publicly unavailable.

66 Nordland, RodAfghanistan Has Big Plans for Biometric Data,” New York Times (19 November 2011), online: ˂http://www.nytimesxom/2011/11/20/world/asia/ in-afghanistan-big-plans-to-gather-biometric-data.html?_r=1&pagewanted=all˃.Google Scholar

67 Ibid.

68 Prabhakar, Pankanti and Jain, supra note 54 at 40.

69 See Daugman, JohnHow Iris Recognition Works” (2004) 14 IEEE Transactions on Circuits and Systems for Video Technology 21, online: ˂http://www.l1id.com/ files/254-How_20Iris_20Recognition_20Works_20by_20Daugman.pdf˃.CrossRefGoogle Scholar These studies appear to have been conducted prior to 2000, and the technology has no doubt improved since then.

70 Ibid.

71 See Chachere, VickieBiometrics Used to Detect Criminals at Super Bowl,” ABC News (13 February 2001), online: ABC News ˂ttp://abcnews.go.com/Technology/ story?id=98871&page=1˃ Google Scholar. See also McCullagh, DeclanCall It Super Bowl Face Scan I,” Wired (2 February 2001), online: Wired ˂http://www.wired.com/politics/ law/news/2001/02/41571˃.Google Scholar

72 McCullagh, supra note 71.

73 See, for example, Letter from Electronic Privacy Information Center, Privacy International and Human Rights Watch to Robert Gates, Secretary of Defense (27 July 2007), online: Electronic Privacy Information Center ˂http://epic.org/ privacy/biometrics/epic_iraq_dtbs.pdf˃ [Human Rights Watch Letter]. The letter addresses the US military’s collection of biometric data from Iraqi citizens.

74 See the manufacturer’s product description, “HIIDETM 4,” online: L-1 Identity Solutions ˂http://www.l1id.com/pages/47-hiide-series-4˃.

75 Human Rights Watch Letter, supra note 73.

76 Homeland Security News Wire, supra note 43.

77 See, for example, Adkins, supra note 42 at 547-48, concluding that it does.

78 Magnuson, supra note 22.

79 International Committee for the Red Cross (ICRC), What Is International Humanitarian Law? (July 2004), online: ICRC ˂http://www.icrc.org/eng/assets/files/ other/what_is_ihl.pdf˃.

80 Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts (Protocol I) (8 June 1977) 1125 UNTS 3 [Additional Protocol I]; Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts (Protocol II) (8 June 1977), 1125 UNTS 609 [Additional Protocol II]. Additional Protocol I and Additional Protocol II have been ratified by Canada and Afghanistan but not by the United States. That said, the United States recognizes all but a few provisions of Additional Protocol I as customary international law.

81 Additional Protocol I, supra note 80, Article 48. The principle of distinction is listed, for instance, as the first rule of customary international law in Henckaerts, Jean-Marie and Doswald-Beck, Louise Customary International Humanitarian Law, volume 1 (Cambridge: Cambridge University Press, 2005), online: ICRC ˂http://www.icrc.org/customary-ihl/eng/docs/v1_cha_chapter1_rule1˃.CrossRefGoogle Scholar

82 Geneva Convention Relative to the Protection of Civilian Persons in Time of War, 12 August 1949, 75 UNTS 287, Can TS 1965 No 20, online: ICRC ˂http://www.icrc. org/ihl.nsf/full/380˃ [Geneva Convention IV]. It is worth noting here that the 1949 Geneva Conventions are not currently applicable, as a strict matter of law, in Afghanistan because the conflict is not between two or more High Contracting Parties. That said, their provisions are generally recognized as customary international law and are usually applied de facto, if not de jure.

83 Geneva Convention Relative to the Treatment of Prisoners of War, 12 August 1949, 75 UNTS 135, Can TS 1965 No 20, online: ICRC ˂http://www.icrc.org/ihl.nsf/ FULL/375?OpenDocument˃ [Geneva Convention III].

84 As observed in note 83 in this article, the 1949 Geneva Conventions do not apply as a strict matter of law in the current conflict in Afghanistan. Moreover, even if the conflict in Afghanistan were an international armed conflict, Taliban fighters and other terrorists would nevertheless likely not meet the requirements necessary to qualify for prisoner of war status under Geneva Convention III, supra note 83.

85 See Canada and Afghanistan, Arrangement for the Transfer of Detainees between the Canadian Forces and the Ministry of Defence of the Islamic Republic of Afghanistan (December 2005), online: ˂http://www.afghanistan.gc.ca/canada-afghanistan/ assets/pdfs/Dec2005.pdf˃. In Article 10 of the Arrangement, both parties “[r]ecogniz[e] their obligations pursuant to international law to assure that detainees continue to receive humane treatment and protections to the standards set out in the Third Geneva Convention” [emphasis added].

86 Additional Protocol I, supra note 80, Article 48 [emphasis added].

87 Ibid, Article 51(1). See also Additional ProtocolII, supra note 80, Article 13(1), which contains similar language: “The civilian population and individual civilians shall enjoy general protection against the dangers arising from military operations.”

88 Additional Protocol I, supra note 80, Article 57(1).

89 Pilloud, Claude and Preux, Jean de Commentary on the Additional Protocols I and II of 8 June 1977 (Norwell: Kluwer Academic Publishers, 1987) at 600 [emphasis added].Google Scholar

90 Schmitt, Michael N “‘Direct Participation in Hostilities’ and 21st Century Armed Conflict” in Fischer, Horst et al, eds, Crisis Management and Humanitarian Protection (Berlin: Festschrift fur Dieter Fleck, 2004) 505 at 528, online: ˂http://www.uio.no/studier/emner/jus/humanrights/HUMR5503/h09/undervisnings materiale/schmitt_direct_participation_in_hostilties.pdf˃.Google Scholar

91 Henckaerts and Doswald-Beck, supra note 81 at 3. Rule 1 reads as follows: “The parties to the conflict must at all times distinguish between civilians and combatants. Attacks may only be directed against combatants. Attacks must not be directed against civilians.”

92 Pilloud and de Preux, supra note 89 at 680.

93 Ibid at 617.

94 Ibid: “Article 51(1) is an introductory paragraph which confirms the principle of the general protection of civilians against the dangers arising from military operations.”

95 International Covenant on Civil and Political Rights, 19 December 1966, 999 UNTS 171, Can TS 1976 No 47 [ICCPR].

96 It should be noted that Article 17 is one of the rights in the ICCPR, supra note 95, from which derogation is permitted in times of emergency pursuant to Article 4. For this purpose, a state must follow the procedures set out in Article 4(3). No state collecting biometrics in any context — whether domestically or abroad — has availed itself of this provision. This may suggest that no state views its biometrics programs as inconsistent with the covenant.

97 Human Rights Watch Letter, supra note 73. The three non-governmental organizations did not specify how exactly the right to privacy was being violated.

98 Organisation for Economic Co-operation and Development (OECD), Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (23 September 1980), Article 2, online: OECD ˂http://www.oecd.org/internet/interneteconomy/oecdguidelinesontheprotectionofprivacyandtransborder flowsofpersonaldatabackground.htm˃ [emphasis added].

99 UN Human Rights Committee (HRC), General Comment No 16: The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation (Art. 17), 32nd Sess (4 July 1988), online: ˂http://www.unhchr.ch/tbs/doc.nsf/ (Symbol)/ 23378a8724595410c12563ed004aeecd?Opendocument˃ [General Comment 16]. General Comments are papers published by the Human Rights Committee setting out its interpretation of the content of human rights provisions of the ICCPR. Most states view these interpretations as persuasive but not legally binding.

100 EC Directive 95/46 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, [1995] OJ L281/31, Article a(a), online: European Union Law ˂http://eur-lex.europa.eu/LexUriServ/ LexUriServ.do?uri=CELEX:31995L0046:en:NOT˃ [EC Directive 95/46].

101 S and Marper v the United Kingdom, No 30562/04, [2008] ECHR at para 86, online: ECHR HUDOC ˂http://hudoc.echr.coe.int/sites/eng/pages/search. aspx?i=001-90051˃. Convention for the Protection of Human Rights and Fundamental Freedoms, 213 UNTS 221.

102 See, for example, the website of the Canadian Office of the Privacy Commissioner, which states: “By definition, any collection of personal information has implications for privacy.” Office of the Privacy Commissioner, Data at Your Fingertips: Biometrics and the Challenges to Privacy (1 November 2011) at 6, online: Office of the Privacy Commissioner ˂http://www.priv.gc.ca/information/pub/gd_ bio_201102_e.asp˃. See also Privacy Act, RSC 1985, c P-21. While this legislation does not define “privacy,” its overall purpose is to protect personal information: “The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution” (at s 2).

103 See, for example, the Privacy Act, supra note 102 at s 3, which defines “personal information” as “information about an identifiable individual that is recorded in any form including… (c) any identifying number, symbol or other particular assigned to the individual [and] (d)…fingerprints.” See Office of the Privacy Commissioner, supra note 102 at 2: “Biometric systems record personal information about identifiable individuals. That means their use by the federal government falls under the provisions of the Privacy Act.”

104 General Comment 16, supra note 99.

105 Ibid.

106 USA PATRIOT Act, Pub L No 107-56, 115 Stat 272 (2001); Enhanced Border Security and Visa Entry Reform Act, Pub L No 107–73, 116 Stat 103 (2002). The Office of Biometric Identity Management (OBIM) replaced US-VISIT in March 2013. See online: OBIM ˂http://www.dhs.gov/obim˃. For discussion of numerous other federal US laws that authorize the collection of biometric data, see Laban, James Privacy Issues Surrounding Personal Information Systems (April 1996), online: Connecticut Department of Social Services ˂http://www.ct.gov/dss/lib/dss/ PDFs/diprivac.pd˃.Google Scholar

107 Polgreen, LydiaScanning 2.4 Billion Eyes, India Tries to Connect Poor to Growth,” New York Times (1 September 2011), online: New York Times ˂http://wwwnytimesxom/2011/09/02/world/asia/02india.html?_r=1˃.Google Scholar

108 Ibid.

109 “VS Achuthanandan Voices Misgivings about UID Project,” India Times (27 July 2011), online: ˂http://articles.economictimes.indiatimes.com/2011-07-27/ news/29820754_1_uid-unique-identification-number-global-downturn˃.

110 General Comment i6, supra note 99 at para 10.

111 EC Directive 95/46, supra note 100. In January 2012, the European Commission proposed significant reforms to the directive aimed at strengthening online privacy rights. The proposed updates include making it easier for individuals to know which public authorities and companies have their personal information and a so-called “right to be forgotten,” which will ensure that once an individual no longer wishes his or her data to be retained or processed, it must be deleted unless there are legitimate grounds for retaining it. See European Commission, “Commission Proposes a Comprehensive Reform of Data Protection Rules to Increase Users’ Control of Their Data and to Cut Costs for Businesses,” Press Release (25 January 2012), online: European Union ˂http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en˃. As of May 2013, the reforms have yet to be adopted.

112 EC Directive 95/46, supra note 100, Article 7(a).

113 Organization of American States, Inter-American Juridical Committee, 80th Sess, Proposed Statement of Principles for Privacy and Personal Data Protection in the Americas, Doc OEA/Ser.Q/CJI/RES. 186 (LXXX-O/12) (2012), Sixth principle, online: OAS ˂http://www.oas.org/en/sla/iajc/docs/ijc_current_agenda_ privacy_personal_data_protection.pdf˃.

114 For the best known articulation of this stance, see UN Human Rights Committee, General Comment ji[8o]: The Nature of the General Legal Obligation Imposed on States Parties to the Covenant, UNHRCOR, 80th Sess, UN Doc CCPR/C/21/Rev1/Add13 (2004) at para 10, online: ˂http://daccess-dds-ny.un.org/doc/UNDOC/GEN/ G04/419/56/PDF/G0441956.pdf?OpenElement˃: “States Parties are required by article 2, paragraph 1, to respect and to ensure the Covenant rights to all persons who may be within their territory and to all persons subject to their jurisdiction.” The International Court ofJustice also reached the same conclusion in Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territory (Advisory Opinion), [2004] ICJ Rep 136 at paras 108-11. For a comprehensive discussion of the matter, see Dominic McGoldrick, “The Extraterritorial Application of the International Covenant on Civil and Political Rights” in Coomans, Fons and Kamminga, Menno T eds, Extraterritorial Application of Human Rights Treaties (Antwerp: Intersentia, 2004) 41.Google Scholar

115 This raises the difficult question of whether soldiers are subject to the domestic law of the state in which they are conducting military operations. When soldiers are conducting operations with the consent of the host state, they will usually be operating under a status of forces agreement that determines the applicability of local law.

116 Constitution of Afghanistan, 2004, Chapter 1, Article 6, online: Government of Afghanistan ˂http://www.afghan-web.com/politics/current_constitution.html˃.

117 Ibid, Article 7. Universal Declaration ofHuman Rights, UN Doc A/810 (1948).

118 Nordland, supra note 66. This is not meant to suggest that the Government of Afghanistan never violates the human rights of the citizens of Afghanistan or always acts in accordance with Afghan law.

119 McLachlin J (as she then was) noted in R v Terry, [1996] 2 SCR 207 at para 16, that the Supreme Court of Canada “has repeatedly affirmed the territorial limitations imposed on Canadian law by the principles of state sovereignty and international comity.” See also R v Hape, 2007 SCC 26 at paras 47–52, [2007] 2 SCR 292; Singh v Minister of Employment and Immigration, [1985] 1 SCR 177; Libman v The Queen, [1985] 2 SCR 178 at 183.

120 See Privacy Act, supra note 103; Personal Information Protection and Electronic Documents Act, SC 2000, c 5 [PIPEDA].

121 Privacy Act, supra note 102 at s 2.

122 PIPEDA, supra note 120 at s 3.

123 Ibid at s 7(1)(b) [emphasis added].

124 Ibid at s 7(1)(e)(ii).

125 See Citizenship and Immigration Canada, The Use of Biometrics (2 November 2011), online: CIC ˂http://www.cic.gc.ca/english/department/biometrics -use.asp˃.

126 Citizenship and Immigration Canada, Ensuring Privacy (19 October 2012), online: CIC ˂http://www.cic.gc.ca/english/department/biometrics-privacy.asp˃.

127 United States, National Science and Technology Council (NSTC), Subcommittee on Biometrics, Biometrics: Frequently Asked Questions (7 September 2006), online: ˂ttp://biometrics.gov/Documents/FAQ.pdf˃. The NSTC is a Cabinet-level council.

128 Ibid at 14.

129 Laban, supra note 46.

130 Thom v New York Stock Exchange, 306 F Supp 1002 (SDNY 1969) [Thom].

131 “Fingerprints provide a simple means of identification; no more.” Ibid at 1010. This point may distinguish existing US case law on fingerprinting from the battlefield biometrics context. US soldiers do notjust take prints, eye scans, and photographs; they also record the names, and sometimes the addresses, of persons being enrolled. Names and addresses in countries such as Afghanistan and Iraq can reveal ethnicity and religious affiliation — something that may put individuals at grave risk if the data were misused.

132 Ibid at 1011.

133 Iacobucci v City of Newport, 785 F (2d) 1354 (6th Circ 1986), online: ˂http://law. justiaxom/cases/federal/appellate-courts/F2/785/1354/276392/˃.

134 Ibid at para 7.

135 Ibid at para 13.

136 New Jersey v TLO, 469 US 325 (1985).

137 For more on how the “special needs” exception might apply to biometrics programs within the United States, see Grayson Colt Holmes, “The New Employment Verification Act: The Functionality and Constitutionality of Biometrics in the Hiring Process” (2010) 43 Conn L Rev 674 at 702.

138 This obligation is said to flow from the Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, 10 December 1984, 1465 UNTS 85, a treaty to which the United States is party. For discussion, see Human Rights Watch, “Still at Risk: Diplomatic Assurances No Safeguard against Torture” (15 April 2005), online: Human Rights Watch ˂http://www.hrw.org/reports/ goo5/o4/l4/still-risk-o˃.

139 See the Rome Statute of the International Criminal Court (17 July 1998), 2187 UNTS 90, Articles 7, 25 [Rome Statute], which together criminalize the aiding and abetting of crimes against humanity. The United States is not a party to the Rome Statute, but the crimes included in the Rome Statute were intended generally to reflect customary international law.

140 See DHS, Office of US-VISIT, online: Department of Homeland Security, online: ˂http://www.dhs.gov/files/programs/usv.shtm˃.

141 Ibid. Interestingly, including these policies in the section of the website dealing with privacy protection tends to indicate the US government’s view that privacy concerns associated with biometric data collection are not raised by collection of such data but, rather, by potential misuses of the data once collected.

142 Quoted in Magnuson, supra note 22.

143 ICRC and Swiss Federal Department of Foreign Affairs, Montreux Document: On Pertinent International Legal Obligations and Good Practices for States Related to Operations of Private Military and Security Companies during Armed Conflict (September 2008), online: ˂http://www.icrc.org/eng/assets/files/other/icrc_oo2_0996.pdf˃ [Montreux Document]. Danish Foreign Ministry Legal Department, Copenhagen Process on the Handling of Detainees in International Military Operations, Press Release (December 2007), online: Government of Denmark ˂http://um.dk/en/politics-and-diplomacy/copenhagen-process-on-the-handling-of-detainees-in-international-military-operations/˃ [Copenhagen Process].

144 Montreux Document, supra note 143.

145 See ICRC, Governments Acknowledge Duty to Control Private Military and Security Companies, Press Release (19 September 2008), online: ICRC ˂http://www.icrc. org/eng/resources/documents/feature/2008/montreux-document-feature -1709o8.htm˃.

146 Copenhagen Process, supra note 143.

147 Copenhagen Process: Principles and Guidelines, online: Ministry of Foreign Affairs of Denmark ˂http://um.dk/en/~/media/UM/English-site/Documents/ Politics-and-diplomacy/Copenhangen%2oProcess%2oPrinciples%2oand Guidelines.pdf˃.

148 Magnuson, supra note 22.

149 Hathaway, Oona ADo Human Rights Treaties Make a Difference?” (2002) 111 Yale LJ 1935 at 1935.CrossRefGoogle Scholar

150 Copenhagen Process, supra note 143.

151 Matching algorithms are extremely important when it comes to avoiding false positives. If a HIDE scanner, for instance, determines a near-certain match with respect to one of the three biometric indicators but no match with respect to the other two, does the device nevertheless indicate a match? This may have been what led to the false positive in relation to the New York Times reporter described in the text accompanying notes 65 and 66 earlier in this article.