
Background information
EU police want access to encrypted communication – a detailed look
by Florian Bodoky
The EU’s AI Act regulates, among other things, facial recognition – a bone of contention between the EU Parliament and member states. If the current draft is adopted, the latter will have many more surveillance options at their disposal.
Biometric surveillance is once again being discussed. It was only in December last year that the EU agreed on rules and guidelines for the use of artificial intelligence (AI) in the AI Act. One contentious point in the negotiations was biometric surveillance. Member states wanted looser rules on the use of facial recognition than the EU Parliament had envisaged. The chances of this happening are now high.
Members of the European Parliament wanted to ban «real-time biometric remote surveillance». From their point of view, the technology is dangerous. Comparing captured images with stored material is effectively mass surveillance of public spaces. Meanwhile, EU member states argued for the technology to be approved «in exceptional cases». For example, in the event of a «foreseeable risk of a terrorist attack». This was granted.
Furthermore, member states were also able to assert themselves with regard to «retrospective biometric remote monitoring». For example, law enforcement would be allowed to use them «in the targeted search of a person convicted or suspected of having committed a serious crime». However, the Council of Ministers later made no mention of this special regulation in its communiqué.
A draft law has now been presented by the Council Presidency this week. It significantly weakens restrictions for use with subsequent biometric identification. The list of criminal offences justifying the use of biometric identification has been completely removed from the draft. This has given way to a vague formulation of conditions. Law enforcement may not use AI without connection to a criminal offence. This is regulated in Article 29a of the corresponding regulation.
The period for judicial authorisation has also become significantly longer. This can now take place up to 48 hours after the start of data matching for remote identification. In addition, the draft law contains many equally vague exceptions. An authority can sometimes even carry out data comparison without judicial permission. For example, if the system is used for «the initial identification of a potential suspect» and this suspicion is based on «objective and verifiable facts directly linked to the offence». In concrete terms, it can be used at the discretion of the investigators.
The draft law has met with massive criticism. Take MEP Svenja Hahn for example, who spoke to Netzpolitik.org. For one, she criticised the lack of traceability as to when an evaluation of this data is considered «retrospective». This can be as little as a few minutes – hardly distinguishable from prohibited real time monitoring.
The removal of the list of criminal offences is also a problem – even minor administrative offences can be prosecuted by facial recognition, according to her. Or country-specific criminal offences, such as abortions in Poland, as Ella Jakubowska from the civil rights organisation EDRi adds. In addition, authorities can justify biometric surveillance of demonstrations, for example, if crimes have been committed there or are even only foreseeable.
The various parties involved are currently discussing the draft. However, it’s due to be finalised at the end of January and voted on in February – little time for fundamental changes.
Header image: ShutterstockI've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.