Considerations of a biometric refuser

On Monday 2 April (11.00), three individual court hearings against the new Passport Act will take place simultaneously at the Council of State. One of these court cases was brought by Mr W.P. Willems against the mayor of the municipality of Nuth (South Limburg). Below are Mr Willems' thoughts on not giving fingerprints for a new passport or identity card:

As a "biometric refuser", I have been deprived of a passport or ID card for almost two years now. A strange situation: all your life you are a Dutch citizen by birth and suddenly it turns out that this is no longer a matter of course. I cannot make official transactions, the hospital is being difficult, I cannot fly and even travelling in Europe is no longer without danger. The police can lock me up in foreigner detention "just like that". And yet, more and more Dutch people choose not to apply for a passport or identity card; they no longer trust our government.

The French Revolution in 1789 put an end to the totalitarian state model, to the arbitrariness of divine law "Le Droit Divin". Many powers, which were previously in the hands of kings and regents, were transferred to an elected government but thus also to the private domain of the citizen. In 1848, this separation, between public and private, was formalised and legalised in our country. This was the foundation on which Thorbecke, the founder of Dutch parliamentary democracy, based our Constitution.

Articles 10 and 11 of the 1983 constitutional amendment, in particular, reflect this:

Art. 10: "The law shall lay down rules for the protection of privacy in relation to the recording and provision of personal data."

art. 11: "Everyone has the right to the inviolability of his body, subject to such limitations as may be prescribed by or under the law."

So the Constitution allows the government to record personal data, but also obliges it to protect it. Not for nothing does it say "rules to protect", while the last three former interior ministers and a majority in the political establishment only interpret that as "rules"; the "to protect" is just forgotten.

With these rights enshrined not only in the Constitution but also in the Universal Human Rights, it hardly needs to be said that an infringement of these fundamental rights really should not be able to take place, but if there really is no other way, then this infringement should be provided with very stringent safeguards.

And that is precisely what the new biometric passport lacks. As a liberal, I will oppose unwanted state interference as much as possible. True, apparently time is against me, given social developments and the statements of successive politicians who have interfered with the passport.

It appears that totalitarian state interference is getting closer and closer and is even formulated as a goal by some. Time and again, the State shows that it wants to know as much as possible about us citizens in order to be able to monitor, adjust and control us in this way. All this, of course, under the guise of an illusory desire for greater security. However, the historical and legal context is completely ignored by the proponents of biometric identification. Historical awareness is apparently lacking. People do not find it all that objectionable, why be so difficult, it serves a worthwhile purpose, right? Security! Security for all of us.

They forget that respect for the private domain is the precondition for functioning together in a healthy society. People seek freedom first and foremost; security is secondary to this. The moment this is no longer recognised and considered important, we automatically descend into a totalitarian State. A State in which regents and officials call the shots; they know perfectly well what is good for themselves, but unfortunately also what is "good" for you. Historically, but also today, examples abound to see where that can lead.

They forget that loss of freedom is never followed by more security for the individual. At most, the danger then comes from other quarters as well. A State with sufficient historical awareness should not even want to get its hands on this power c.q. information about its citizens; if only because, as the experience of World War II shows, if the administrative system of government is too extensive and conclusive, citizens can be put in serious danger.

A further objection I raise as a refuser is the fact that such an intrusion on my private life, if it were socially necessary at all, could not take place without a consideration of my personal interest, precisely because the intrusion on the private domain has such a dominant place in our legislation. However, my personal interest is explicitly left out of the consideration.

The government justifies this infringement on the grounds that an improvement in the passport issuing system is being achieved. A fallacy that now really can no longer be invoked. Now that the minister has indicated that the biometric data will only be stored temporarily, during the creation of the document, and that no further biometric data will be stored in a database outside the passport, no verification with these non-saved data can take place during a new or renewed application. This is all the more important as, when the document is collected, the biometric data may not be compared with the data of the applicant. Perhaps because more than 20% of fingerprints cannot be reliably traced to the rightful owner. So the new method is no better than the old one.

If one cites the European Passport Regulation itself as a reason: whatever I may think of it as a Dutchman, the regulation requires that the data be secured and the storage medium "must be sufficiently suitable to guarantee the integrity, authenticity and confidentiality of the data". It also explicitly states that unauthorised access must be prevented at all times. In accordance with the procedure referred to in Article 5(2), additional technical specifications for the passport shall be adopted for:

(a) additional security features and requirements, including higher standards to prevent counterfeiting and falsification;

(b) technical specifications regarding the medium for storing the biometric data and its security, such as preventing unauthorised access

(c) quality requirements and common standards for facial recognition and fingerprinting.

Remote access, without carrier approval, is baked into the chosen storage method, with a remotely readable chip. Gone is security. The protection provided by Article 10 of the Constitution has been subordinated to the convenience of the controlling agencies and governments. It has been more than adequately demonstrated that the security is inadequate and unnecessarily weak from a technical point of view.

I object precisely to this way of recording the biometric and other data on the chip in the passport. I object to the easy reading by third parties and its weak security. Control over my own personal data is taken away from me and forced into the hands of a State and other organisations that are regularly in the news with data breaches and security problems, some worse than others.

My objection further concerns the sharing of encryption codes with "friendly States". External access and reading is a certainty, even by untrustworthy persons and/or services. To me, this is unacceptable. Because, in practice, it means two things:

1) these so-called "friendly States" can store the very data that we have decided not to store. All the arguments against any storage by our own State still apply.
2) we cede data c.q. "powers" to other States.

Any data exchange must therefore be accompanied by the best possible quality of both our public administration, as well as the public administration of these foreign powers.

We know from history that strong States sometimes derail terribly. In the words of Professor Ankersmit: "This means that we must always have absolute certainty that public powers correspond to the obligation of public accountability. No powers without responsibilities, and no responsibilities without powers. That is the alpha and omega for all good governance."

The State of the Netherlands cannot in any way guarantee that other States, friendly or not, will not misuse this data and thus violate my fundamental rights.

In the future, electronic verification may not even require a physical passport. A virtual identity will prove sufficient, almost as it does now with your banking internet traffic. Big difference, however, is that in the latter case, you yourself own the encryption key of your banking data. In the case of passport data, "others" own the keys. The data can be cloned. Providing your biometrics weakens your identity to one that can be cloned, stolen and abused fairly easily.

The future criminals will no longer walk around with forged or stolen passports, no, they will walk around with your identity and mine, making them not only untraceable but, indeed, if you, an innocent citizen, have already been convicted by "incontrovertible biometric evidence", they will not even be searched for.

So don't.

A government should consider privacy not just a nuisance but a true constitutional right.

Freedom should never be surrendered to try to gain security with it. It is precisely security that disappears first if freedom is sacrificed.

W.P. Willems

"But it is all an illusion, because they die too; those people who impose only an extremely limited latitude on their minds and join, join to be safe. Safe from what? Life always plays out on the edge of death; narrow streets lead to the same place as wide boulevards, and a small candle also burns up, just like a blazing torch. I choose my own way to burn up."  (Sophie Scholl)