Immigration, Refugees, and Citizenship Canada (IRCC) is tentatively beginning its search for a new biometric identification system, and the organization’s approach speaks to Canada’s more measured approach to biometric technology. The organization’s current Canadian Immigration Biometric Identification System (CIBIDS) was first put in place back in May of 2013, outfitting the agency with face and fingerprint capture capabilities.
The IRCC is hoping that its new CIBIDS will have the same basic front and back-end features, but has indicated that it is very open to advice from more knowledgeable industry experts. The organization has issued an extremely broad Request for Information (RFI) that invites those interested in supplying the CIBIDS to submit bids to consult with the government. The IRCC will then engage with those stakeholders to find out more about the biometric identification landscape, before calling for more detailed contract proposals.
The goal, according to the RFI, is to conduct a search that adheres to Smart Procurement principles, and the ethical approach is in keeping with other biometric initiatives in Canada. In June, the Canadian Border Services Agency (CBSA) invited 15 companies to submit proposals for a new Office of Biometrics and Identity Management, explicitly stating that privacy would be one of its primary considerations when considering any biometric identification system.
The latest RFI does not contain any such direct references to privacy, but the more open-ended language suggests that the Canadian government is not necessarily looking for solutions that will do a specific job, but rather for solutions that will do a specific job while still protecting the civil liberties of Canadian civilians.
In this case, the IRCC plans to participate in workshops, conferences, and other industry initiatives, in addition to holding one-on-one consultations with potential suppliers. Those conversations are supposed to be the start a dialogue between the IRCC and biometric industry stakeholders, which will in turn inform the IRCC’s decision-making process when it does come time to pick a supplier. The four-month RFI period will give the IRCC the chance to learn as much as it can about biometric options and best practices, and set its parameters accordingly.
That approach stands in contrast to those observed in the United States, where federal agencies will often ask companies to submit a solution to a technology problem without giving much thought to the potential moral and legal implications. For example, the Department of Homeland Security recently solicited proposals for a facial recognition system that would be used to monitor children, and did not share any details about how it would be protecting the rights of those children while doing so. The agency also tried to force through a controversial policy proposal that would have granted unprecedented biometric data collection privileges, though it was eventually abandoned following an administration change and considerable pushback from civil rights organizations.
The IRCC and the CBSA could be paying lip service to privacy. In that regard, the Canadian Privacy Commissioner has criticized the CBSA for issuing its notice of procurement without first consulting with the Commissioner’s Office. However, even that basic lip service is more than is typically seen in the United States, and there is some evidence to suggest that the Canadian government intends to follow through on its promises. The CBSA has stated that it will consult with the Privacy Commissioner during development, and before any biometric system goes live.
In the meantime, the Commissioner has condemned companies like Clearview AI and government agencies like the RCMP for violating the country’s privacy law with invasive facial recognition systems. The Commissioner did not have the authority to enforce severe penalties, but Clearview has ceased its operations in Canada and the Commissioner has been actively pushing for stricter facial recognition regulations that serve the interests of Canadian citizens.
The Task at Hand
Of course, the IRCC’s planned CIBIDS would be used to capture the biometric data of those visiting and moving to the country, rather than native-born Canadians. Canada currently collects the face and fingerprint biometrics of visitors from all over the world, thanks to a policy update that rolled out over the course of 2018 and early 2019.
According to the Privacy Commissioner’s office, any biometric solutions should be both effective and proportionate to the task at hand. The problem, historically speaking, is that governments have tended to prioritize the former rather than the latter, insofar as they are often eager to collect biometric data, but have little regard for the people they take it from.
The takeaway from the recent IRCC and CBSA solicitations is that it is at least theoretically possible to achieve a better balance between the two. Biometric technology can help make many services more efficient, but that should not come at the expense of anyone’s civil liberties, and Canada seems to be taking steps to deliver on both fronts.
July 13, 2021 – by Eric Weiss