''eyePhones': A Fourth Amendment Inquiry into Mobile Iris Scanning' by Christopher Rutledge Jones in 63(925)
South Carolina Law Review (2012)
considers:
mobile retina scanning
MORIS, or Mobile Offender Recognition and Information System, is a small device that attaches to a standard iPhone and allows the user to perform mobile iris scanning, fingerprinting, and facial recognition. Developed by BI2 Technologies, this device was recently made available to law enforcement agencies in America.
This article discusses the Fourth Amendment implications arising from the use of such a device, and asks whether a reasonable expectation of privacy exists in one's irises while in public spaces. The article explores past Supreme Court Fourth Amendment jurisprudence regarding the use of technology to enhance senses, abandonment, and the plain view doctrine in an attempt to determine when mobile iris scans would and would not be allowed by the Fourth Amendment.
The article also undertakes a state-specific analysis, asking whether the South Carolina Constitution offers any additional protection against the use of mobile iris scanners. Finally, the article raises a number of concerns regarding mobile iris scanners (and MORIS in particular), and offers suggestions for addressing the concerns.
Jones comments
Imagine for a moment that an American police officer is on duty, patrolling
a neighborhood as he has done many times before. As he rounds a corner, he
takes notice of someone casually walking down the street, not engaging in any
illegal or suspicious behavior. Although seemingly innocuous, however, the
pedestrian does match the description of a suspect in a recent armed robbery that
took place nearby. The officer, believing he may have spotted this suspect, pulls
over and stops the pedestrian. After speaking with him for a few minutes, the
officer reaches for his belt and retrieves a smartphone. He asks the pedestrian if
he would consent to having his picture taken, in a sense. The pedestrian, either
knowing he has nothing to hide or not wanting to arouse suspicion, agrees, and
the officer captures the image - except the image he has captured is not an
ordinary photograph. It is a high-resolution image of the pedestrian’s eye. The
smartphone, in a matter of seconds, analyzes and processes the image, compares
the pedestrian’s identity to an online database of previously captured images, and
returns the results to the officer.
Now, depending upon your point of view - and perhaps also on the result of
the hypothetical encounter (whether the pedestrian is in fact the robbery suspect
the officer is seeking) - this interaction between the police officer and the
pedestrian involves either a fantastic new tool for law enforcement, which will
help to keep our streets safer from criminals by denying them the ability to
present false identification and escape capture, or an unnerving, Orwellian
device that facilitates intrusion into one’s constitutionally protected right to
privacy, only an incremental step removed from the “big brother” state imagined
in fiction. However, the interaction described above is not a chapter from
George Orwell’s 1984 or a scene from Minority Report. And, despite any
discomfort or misgivings one may have about the hypothetical scenario, the
device the officer used to confirm or refute the pedestrian’s involvement in the
recent robbery is currently on the market, and is being increasingly utilized by
police departments across the country, along with a number of other users.
Personal beliefs aside, however, the legal legitimacy of this technology
ultimately depends on whether the officer’s conduct infringed on the pedestrian’s
Fourth Amendment rights against illegal search and seizure.
Jones notes that
Iris scanning, while still a relatively new form of identification when compared to other methods such as fingerprinting, is beginning to gain traction via a number of different uses throughout society. For example, in 2005, the John F. Kennedy Airport in New York implemented a pilot program that utilized iris scanners in order to allow preregistered passengers to circumvent the
standard customs procedures and to quickly proceed through the airport. In
2011, the TSA announced plans to implement a nearly identical program to
expedite security checks, although the scope of the TSA effort is not yet clear.
The New York Police Department already scans the irises of all arrestees to track
them through the court system and prevent their escape. Additionally, the
Justice Department is partnering with the National Sherriff’s Association to
implement similar programs in jails across the country in an effort to prevent
escapes. In 2010, the Department of Homeland Security began testing the
effectiveness of using iris scanners at a border patrol station to track illegal
immigrants, and the United States military has used iris scanners in Iraq and
Afghanistan to build a database of almost four million residents. Despite its
relatively limited use at present, iris scanning technology is gaining acceptance
in an increasing number of settings, and is poised to spread considerably over the
next few years.
MORIS, or Mobile Offender Recognition and Identification System, is the
technology at the focus of this Note. MORIS is manufactured by BI2Technologies. The device is a 12-ounce attachment to the now ubiquitous iPhone, and allows an officer in the field to perform not only an iris scan, as described in the hypothetical, but also facial recognition and fingerprint comparisons, all remotely with no additional equipment required.
BI2Technologies’ marketing brochure for MORIS claims that the device is “ideal
for identifying” sex offenders, illegal immigrants, gang members, individuals
with outstanding warrants, parolees, and probationers. It is available only to
government agencies and officials, and as of mid-2011, roughly forty law
enforcement agencies had ordered approximately one thousand units.
Currently, BI2 has official endorsements for its line of products from the
National Association of Triads (NATI) and the National Sheriff’s Association. ...
Having made the case that the use of MORIS would not likely be considered
by the Supreme Court to be a violation of the Fourth Amendment, this Part of the
Note will address potential concerns that systems such as MORIS raise in a realworld
environment.
One major concern regarding the widespread use of an iris scanning system
is that it could be used to capture people’s iris data without their knowledge or
consent. MORIS, according to BI2 President and CEO Sean Mullin, apparently
requires the cooperation of its subject in order to capture a useable image.
However, while MORIS currently requires the device to be relatively close to the
subject in order to obtain a useable image, even newer cameras allow for an
image to be taken up to six feet away, and as technology progresses, so too
will the range of the iris scanners.
A related concern that privacy advocates may have with MORIS is the
potential of capturing iris information from citizens who ultimately have no
criminal record and are of no real interest to police. The makers of MORIS
claim that a user’s iris information is deleted immediately if no match is found in
the database; however, without oversight by an independent organization,
there is no way to confirm this assertion. Additionally, there are no laws
currently in place to ensure that this policy is not changed sometime in the
future, resulting in the accumulation of private information to which the police
have no valid interest.
Another particularly relevant concern that can be raised concerning iris
scanning technology, along with any system of suspect identification, is the
accuracy of the technology used, and the potential error rate involved with use of
the system. According to John Daugman, who pioneered the iris mapping
algorithms embedded in MORIS’s software, the theoretical false match rate
under real-world conditions is around 1 in 4 million. In addition, BI2Technologies has claimed the system has a “virtual zero error rate,” and that “3.12 billion cross-matches [have been performed] without one false match.” In addition to the low theoretical error rate of the matching algorithms, the MORIS system, upon finding a match to a subject’s iris, will
return a picture of the purported match, allowing the officer to confirm or deny
the system’s match to an even greater degree of certainty. If the above claims
of accuracy are true and translate to actual error rates in the field, then MORIS
could prove to provide a relatively low risk of false matches.
Perhaps a more salient concern about the MORIS system lies not in its
matching capabilities, but in the method of data transmission that the system
employs. As MORIS is an attachment to a consumer smartphone, the system
uses existing cellular networks to transmit to, and receive data from, the central
database that it searches for a match. As such, the data is vulnerable to
interception by hackers and identity thieves. In addition to intercepting the
signal to and from the phone, criminals could take advantage of the iPhone’s
operating system to hack into the phone itself and retrieve data. Another
potential vulnerability is the fact that the database to which the MORIS system
connects is accessible on the internet, which leaves it open to attack from
traditional hackers who target computer systems as opposed to cell phones.
The final major concern with MORIS, as with any system or procedure
adopted by police, is the potential for abuse through selective use, or profiling.
Although this concern exists apart from MORIS in particular, the potential
invasion of privacy facilitated by this system calls for a heightened awareness of,
and active prevention against, such abuse.