21 October 2012

Mobile Retina Scanning

''eyePhones': A Fourth Amendment Inquiry into Mobile Iris Scanning' by Christopher Rutledge Jones in 63(925) South Carolina Law Review (2012) considers: mobile retina scanning
MORIS, or Mobile Offender Recognition and Information System, is a small device that attaches to a standard iPhone and allows the user to perform mobile iris scanning, fingerprinting, and facial recognition. Developed by BI2 Technologies, this device was recently made available to law enforcement agencies in America. This article discusses the Fourth Amendment implications arising from the use of such a device, and asks whether a reasonable expectation of privacy exists in one's irises while in public spaces. The article explores past Supreme Court Fourth Amendment jurisprudence regarding the use of technology to enhance senses, abandonment, and the plain view doctrine in an attempt to determine when mobile iris scans would and would not be allowed by the Fourth Amendment. The article also undertakes a state-specific analysis, asking whether the South Carolina Constitution offers any additional protection against the use of mobile iris scanners. Finally, the article raises a number of concerns regarding mobile iris scanners (and MORIS in particular), and offers suggestions for addressing the concerns.
Jones comments
Imagine for a moment that an American police officer is on duty, patrolling a neighborhood as he has done many times before. As he rounds a corner, he takes notice of someone casually walking down the street, not engaging in any illegal or suspicious behavior. Although seemingly innocuous, however, the pedestrian does match the description of a suspect in a recent armed robbery that took place nearby. The officer, believing he may have spotted this suspect, pulls over and stops the pedestrian. After speaking with him for a few minutes, the officer reaches for his belt and retrieves a smartphone. He asks the pedestrian if he would consent to having his picture taken, in a sense. The pedestrian, either knowing he has nothing to hide or not wanting to arouse suspicion, agrees, and the officer captures the image - except the image he has captured is not an ordinary photograph. It is a high-resolution image of the pedestrian’s eye. The smartphone, in a matter of seconds, analyzes and processes the image, compares the pedestrian’s identity to an online database of previously captured images, and returns the results to the officer.
Now, depending upon your point of view - and perhaps also on the result of the hypothetical encounter (whether the pedestrian is in fact the robbery suspect the officer is seeking) - this interaction between the police officer and the pedestrian involves either a fantastic new tool for law enforcement, which will help to keep our streets safer from criminals by denying them the ability to present false identification and escape capture, or an unnerving, Orwellian device that facilitates intrusion into one’s constitutionally protected right to privacy, only an incremental step removed from the “big brother” state imagined in fiction. However, the interaction described above is not a chapter from George Orwell’s 1984 or a scene from Minority Report. And, despite any discomfort or misgivings one may have about the hypothetical scenario, the device the officer used to confirm or refute the pedestrian’s involvement in the recent robbery is currently on the market, and is being increasingly utilized by police departments across the country, along with a number of other users. Personal beliefs aside, however, the legal legitimacy of this technology ultimately depends on whether the officer’s conduct infringed on the pedestrian’s Fourth Amendment rights against illegal search and seizure.
Jones notes that
Iris scanning, while still a relatively new form of identification when compared to other methods such as fingerprinting, is beginning to gain traction via a number of different uses throughout society. For example, in 2005, the John F. Kennedy Airport in New York implemented a pilot program that utilized iris scanners in order to allow preregistered passengers to circumvent the standard customs procedures and to quickly proceed through the airport. In 2011, the TSA announced plans to implement a nearly identical program to expedite security checks, although the scope of the TSA effort is not yet clear. The New York Police Department already scans the irises of all arrestees to track them through the court system and prevent their escape. Additionally, the Justice Department is partnering with the National Sherriff’s Association to implement similar programs in jails across the country in an effort to prevent escapes. In 2010, the Department of Homeland Security began testing the effectiveness of using iris scanners at a border patrol station to track illegal immigrants, and the United States military has used iris scanners in Iraq and Afghanistan to build a database of almost four million residents. Despite its relatively limited use at present, iris scanning technology is gaining acceptance in an increasing number of settings, and is poised to spread considerably over the next few years.
MORIS, or Mobile Offender Recognition and Identification System, is the technology at the focus of this Note. MORIS is manufactured by BI2Technologies. The device is a 12-ounce attachment to the now ubiquitous iPhone, and allows an officer in the field to perform not only an iris scan, as described in the hypothetical, but also facial recognition and fingerprint comparisons, all remotely with no additional equipment required. BI2Technologies’ marketing brochure for MORIS claims that the device is “ideal for identifying” sex offenders, illegal immigrants, gang members, individuals with outstanding warrants, parolees, and probationers. It is available only to government agencies and officials, and as of mid-2011, roughly forty law enforcement agencies had ordered approximately one thousand units. Currently, BI2 has official endorsements for its line of products from the National Association of Triads (NATI) and the National Sheriff’s Association. ...
Having made the case that the use of MORIS would not likely be considered by the Supreme Court to be a violation of the Fourth Amendment, this Part of the Note will address potential concerns that systems such as MORIS raise in a realworld environment.
One major concern regarding the widespread use of an iris scanning system is that it could be used to capture people’s iris data without their knowledge or consent. MORIS, according to BI2 President and CEO Sean Mullin, apparently requires the cooperation of its subject in order to capture a useable image.  However, while MORIS currently requires the device to be relatively close to the subject in order to obtain a useable image, even newer cameras allow for an image to be taken up to six feet away, and as technology progresses, so too will the range of the iris scanners.
A related concern that privacy advocates may have with MORIS is the potential of capturing iris information from citizens who ultimately have no criminal record and are of no real interest to police. The makers of MORIS claim that a user’s iris information is deleted immediately if no match is found in the database; however, without oversight by an independent organization, there is no way to confirm this assertion. Additionally, there are no laws currently in place to ensure that this policy is not changed sometime in the future, resulting in the accumulation of private information to which the police have no valid interest.
Another particularly relevant concern that can be raised concerning iris scanning technology, along with any system of suspect identification, is the accuracy of the technology used, and the potential error rate involved with use of the system. According to John Daugman, who pioneered the iris mapping algorithms embedded in MORIS’s software, the theoretical false match rate under real-world conditions is around 1 in 4 million. In addition, BI2Technologies has claimed the system has a “virtual zero error rate,” and that “3.12 billion cross-matches [have been performed] without one false match.” In addition to the low theoretical error rate of the matching algorithms, the MORIS system, upon finding a match to a subject’s iris, will return a picture of the purported match, allowing the officer to confirm or deny the system’s match to an even greater degree of certainty. If the above claims of accuracy are true and translate to actual error rates in the field, then MORIS could prove to provide a relatively low risk of false matches.
Perhaps a more salient concern about the MORIS system lies not in its matching capabilities, but in the method of data transmission that the system employs. As MORIS is an attachment to a consumer smartphone, the system uses existing cellular networks to transmit to, and receive data from, the central database that it searches for a match. As such, the data is vulnerable to interception by hackers and identity thieves. In addition to intercepting the signal to and from the phone, criminals could take advantage of the iPhone’s operating system to hack into the phone itself and retrieve data. Another potential vulnerability is the fact that the database to which the MORIS system connects is accessible on the internet, which leaves it open to attack from traditional hackers who target computer systems as opposed to cell phones.
The final major concern with MORIS, as with any system or procedure adopted by police, is the potential for abuse through selective use, or profiling. Although this concern exists apart from MORIS in particular, the potential invasion of privacy facilitated by this system calls for a heightened awareness of, and active prevention against, such abuse.