Biometric Cyberintelligence and the Posse Comitatus Act

• Jurisdiction: United States,Federal
• Publication year: 2017
• Citation: Vol. 66 No. 3

Biometric Cyberintelligence and the Posse Comitatus Act

Margaret Hu

BIOMETRIC CYBERINTELLIGENCE AND THE POSSE COMITATUS ACT

Margaret Hu^*

Abstract

This Article addresses the rapid growth of what the military and the intelligence community refer to as "biometric-enabled intelligence. " This newly emerging intelligence tool is reliant upon biometric databases—for example, digitalized storage of scanned fingerprints and irises, digital photographs for facial recognition technology, and DNA. This Article introduces the term "biometric cyberintelligence" to more accurately describe the manner in which this new tool is dependent upon cybersurveillance and big data's massintegrative systems.

This Article argues that the Posse Comitatus Act of 1878, designed to limit the deployment of federal military resources in the service of domestic policies, will be difficult to enforce to protect against militarized cyberpolicing and cybersurveillance harms that may generate from the domestic use of military grade cybersurveillance tools. Maintaining strict separation of data between military and intelligence operations on the one hand, and civilian, homeland security, and domestic law enforcement agencies on the other hand, is increasingly difficult as cooperative data sharing increases. The Posse Comitatus Act and constitutional protections such as the Fourth Amendment's privacy jurisprudence, therefore, must be reinforced in the digital age to appropriately protect citizens from militarized cyberpolicing: the blending of

[Page 698]

military/foreign intelligence tools and operations, and homeland security/domestic law enforcement tools and operations. The Article concludes that, as of yet, neither statutory nor constitutional protections have evolved sufficiently to cover the unprecedented surveillance harms posed by the migration of biometric cyberintelligence from foreign to domestic use.

Introduction.............................................................................................699

I. Cybersurveillance, Military-Intelligence Data Gathering, and the Posse Comitatus Act......................................................708

A. "Parallel Construction ": How Surveillance Data Is Shared Between Agencies and How Such Data Sharing Can Be Concealed.................................................................... 711
B. Posse Comitatus Act and United States v. Dreyer.................... 713

II. Biometric Cyberintelligence.....................................................723

A. Identity Intelligence and Biometric-Enabled Intelligence ........ 724
B. Population Management and Identity Management: Biometrics and Contextual Information...................................................... 734
C. Identity Dominance and Big Data Cyberintelligence ............... 743
D. Interoperable Biometric Databases and the Bureaucracy of Biometric Data Management ............................................... 746

III. The Relationship Between Biometric Cybersurveillance and Biometric Cyberintelligence..............................................750

A. Biometrics in Intelligence-Driven Decisionmaking and Biometric-Based Digital Watchlisting...................................... 751
B. Biometric Cyberintelligence and NSA Cybersurveillance........ 753
C. The Posse Comitatus Act's Potential to Limit Militarized Cybersurveillance in Civilian Contexts ................. 758

Conclusion.................................................................................................762

[Page 699]

Introduction

The potential cybersurveillance consequences of mass biometric data collection are not yet fully known.¹ What is known, however, is that mass biometric data storage and analysis can lead to multiple unprecedented legal challenges² as big data tools and new forms of cybersurveillance technologies place increasing strain on existing privacy law doctrine,³ statutory data privacy protections, and constitutional protections.⁴ Experts note that this legal strain is

[Page 700]

especially acute as the programmatic and technological architecture of big data cybersurveillance can be embedded within the data collection and data analysis protocols of civilian and domestic law enforcement activities,⁵ and the everyday activities of an information society that is in the midst of a big data revolution.⁶ Therefore, maintaining strict separation of data sharing between military and foreign intelligence operations⁷ on the one hand, and civilian, homeland security, and domestic law enforcement agencies on the other hand,⁸ is increasingly difficult and may be impracticable.

To better understand the potential legal consequences of the merger of civilian and military, along with domestic and foreign mass biometric data harvesting, this Article demonstrates the potential long-term cybersurveillance consequences of the increased sharing of biometric databases between military, intelligence, and law enforcement organizations, and other public and private entities.⁹ Specifically, this Article contends that biometric cybersurveillance and biometric cyberintelligence objectives are increasingly used to justify the mass digital capture and analysis of unique physiological and behavioral traits of

[Page 701]

entire populations and subpopulations.¹⁰ Traditional bureaucratized surveillance protocols are in the process of merging with bureaucratized big data cybersurveillance systems to increasingly incentivize the development of universal biometric databases of the entire citizenry, often through biometric-based national ID systems,¹¹ and particular biometric databases of targeted classes within a specific citizenry, for example, DNA databases of arrestees.¹² Further, as nations enter into agreements to share biometric databases for military defense, foreign intelligence, and law enforcement purposes, the multinational cybersurveillance implications of biometric data collection and data analysis are likely to expand over time.¹³

Biometrics is "[t]he science of automatic identification or identity verification of individuals using physiological or behavioral characteristics."¹⁴

[Page 702]

Traditionally, these physiological traits have included digitally scanned fingerprints, digital photo analysis through facial recognition technology, iris scans, and DNA.¹⁵ Increasingly, physiological identifiers that can be digitally captured, stored, and analyzed include more experimental biometrics, including gait,¹⁶ skeletal bone scans,¹⁷ scars and tattoos,¹⁸ ear shape¹⁹ and eyebrow shape,²⁰ breathing rates,²¹ and eye pupil dilation,²² among other identifiers.

Understanding how the intelligence community and military branches may use biometric cybersurveillance tools and techniques—indeed, understanding biometric cybersurveillance itself—is crucial to the ongoing project amongst legal scholars of understanding the burgeoning "National Surveillance State."²³ This academic inquiry theorizes the necessary legal safeguards to protect civil liberties and democratic governance while allowing the surveillance necessary for national security to go forward. Military surveillance abroad is less restrained

[Page 703]

than the kinds of civilian surveillance allowed domestically; however, the efficiencies of cybersurveillance technologies being tested and implemented abroad can and likely will, in time, have application in serving domestic law enforcement objectives and homeland security intelligence purposes.

Digitalized biometric data now forms the basis for what the U. S. government terms "biometrically enabled intelligence"²⁴ or "biometric-enabled intelligence,"²⁵ apparently used interchangeably. in the intelligence and military use context, biometrically-enabled intelligence "provides an analytical baseline by resolving identities through high-confidence biometric matching and fusion with other sources of intelligence to positively identify the person in question."²⁶ Biometric-enabled intelligence, in other words, is presented as an "analytical baseline" that is defensive in nature. it is described as a method to protect U.S. national security interests by making the identities of potential criminals and terrorists more fully transparent. The creation of an "analytical baseline" comprised of multiple biometric data points and other biographic data purportedly enhances the ability of the government to identify potential enemies of the state through mass data collection and analysis.

This Article uses the term "biometric cyberintelligence" to more descriptively capture the process of converting digitalized biometric data into a product that informs tactical operations and actionable intelligence. This conversion process fuses together digitalized biometric matching tools—reliant upon vast biometric databases and sophisticated algorithmic methodologies to appropriately "match" an individual's physiological and behavioral traits with identifiable information stored in digitalized biometric and biographic databases—with other emerging dataveillance tools²⁷ and big data

[Page 704]

cybersurveillance systems.²⁸ Whereas "biometric-enabled intelligence" appears to be a term that focuses more on the physiological or other forensic-based identification of potential criminal and terrorist suspects, this Article introduces the term "biometric cyberintelligence" to foreground the cybersurveillance consequences and intelligence-driven objectives of a data fusion process. More than just enabling a new kind of intelligence, biometric cyberintelligence is enabling a new kind of transformative policymaking protocol and governance philosophy, and needs to be grappled with constitutionally in that context.

Understanding this transformation necessitates contrasting how biometric data operated in a small data world versus how biometric data now operates in a big data world. in a small data world, traditionally, the linking of a potential criminal suspect or terrorist suspect to forensic evidence...