The Center for Democracy and Technology Europe, the Brussels-based branch of the D.C. non-profit organization that advocates for digital rights, has laid out its recommendations to EU lawmakers negotiating the upcoming EU AI Act. The organization has lost its enthusiasm for the act given the large number of exemptions to the prohibition of remote biometric surveillance in publicly-accessible spaces and the lack of a rights-based approach.
CDT Europe follows digital rights group EDRi in challenging the definition of remote biometric identification.
The briefing follows reporting from Euractiv which suggests the negotiations on the Act may be nearing an end, with proposed amendments which could loosen further parts of the Act.
Public vs private, real-time vs ex-post, targeted vs untargeted
“The distinction between real-time and ex post use of the technology is arbitrary,” states the CDT briefing, in its unpicking of the AI Act’s draft proposals for multiple exemptions to the ban on live remote biometric identification (RBI) by law enforcement and the allowance of retrospective checks.
“Law enforcement could simply stock-pile images of faces obtained through untargeted scanning and seek to identify any individuals in their databases after the images have been recorded. Such use would undermine human rights just as much as real-time scanning.”
CDT also finds the distinctions between permissions for surveillance in publicly-accessible and private spaces as ambiguous. Although the draft allows law enforcement to use real-time RBI in private places.
“Conducting a targeted facial recognition scan in real-time is not technically possible because it involves a human making the decision to identify a select person, and inputting their image into a facial recognition system,” notes the briefing.
“However, it is possible to conduct targeted facial recognition in a near real-time manner: this is the case when a law enforcement officer in the field takes a photo of a suspected person, and shares it, which allows them to conduct a facial recognition scan almost concurrently.”
Because of this, the targeted scanning of crowds by AI should be blocked as it would carry an “unacceptably high risk to human rights.” The draft is not clear whether the prohibition of real-time RBI in publicly-available spaces differentiates between targeted and untargeted.
CDT believes law enforcement use of untargeted facial recognition should be categorized as “unacceptable risks.” The issue becomes even more complex as member states agreed in their 6 December compromise on draft negotiations to extend untargeted use of biometric identification AI systems by law enforcement with new exceptions.
Recommendations: clearer definition, ban real-time untargeted, member-level talks
The briefing concludes with four areas of recommendations to the negotiating parties on the AI Act. The term “remote” needs clarity. The Act should clarify that the “prohibition on remote biometric identification applies to AI systems that conduct generalised scanning such as untargeted facial recognition systems.”
They urge members of the European Parliament, one of the organs in the negotiations, to push back hard on the proposal to extend the list of prohibition exemptions for law enforcement use of real-time RBI such as untargeted facial recognition scanning.
“Without this push back, law enforcement uses of facial recognition AI systems will effectively become the rule and not the exception in the EU,” state the authors. “MEPs should also strongly advocate for a ban on untargeted uses of real-time remote biometric identification in publicly accessible spaces.”
Finally, CDT calls on MEPs to negotiate with member states on protecting human rights, particularly of the most vulnerable groups such as migrant seekers and refugees, by rejecting all exemptions in the Act that would impact these groups, such as border surveillance technologies and databases.
A recent report by the Oxford Refugee Studies Centre at the University of Oxford mapped technologies, such as biometrics and surveillance, in use or under trial across Europe for tackling migration. The Center for Democracy and Technology Europe, the Brussels-based branch of the D.C. non-profit organization that advocates for digital rights, has laid out its recommendations to EU lawmakers negotiating the upcoming EU AI Act. The organization has lost its enthusiasm for the act given the large number of exemptions to the prohibition of remote biometric surveillance in publicly-accessible spaces and the lack of a rights-based approach.
CDT Europe follows digital rights group EDRi in challenging the definition of remote biometric identification.
The briefing follows reporting from Euractiv which suggests the negotiations on the Act may be nearing an end, with proposed amendments which could loosen further parts of the Act.
Public vs private, real-time vs ex-post, targeted vs untargeted
“The distinction between real-time and ex post use of the technology is arbitrary,” states the CDT briefing, in its unpicking of the AI Act’s draft proposals for multiple exemptions to the ban on live remote biometric identification (RBI) by law enforcement and the allowance of retrospective checks.
“Law enforcement could simply stock-pile images of faces obtained through untargeted scanning and seek to identify any individuals in their databases after the images have been recorded. Such use would undermine human rights just as much as real-time scanning.”
CDT also finds the distinctions between permissions for surveillance in publicly-accessible and private spaces as ambiguous. Although the draft allows law enforcement to use real-time RBI in private places.
“Conducting a targeted facial recognition scan in real-time is not technically possible because it involves a human making the decision to identify a select person, and inputting their image into a facial recognition system,” notes the briefing.
“However, it is possible to conduct targeted facial recognition in a near real-time manner: this is the case when a law enforcement officer in the field takes a photo of a suspected person, and shares it, which allows them to conduct a facial recognition scan almost concurrently.”
Because of this, the targeted scanning of crowds by AI should be blocked as it would carry an “unacceptably high risk to human rights.” The draft is not clear whether the prohibition of real-time RBI in publicly-available spaces differentiates between targeted and untargeted.
CDT believes law enforcement use of untargeted facial recognition should be categorized as “unacceptable risks.” The issue becomes even more complex as member states agreed in their 6 December compromise on draft negotiations to extend untargeted use of biometric identification AI systems by law enforcement with new exceptions.
Recommendations: clearer definition, ban real-time untargeted, member-level talks
The briefing concludes with four areas of recommendations to the negotiating parties on the AI Act. The term “remote” needs clarity. The Act should clarify that the “prohibition on remote biometric identification applies to AI systems that conduct generalised scanning such as untargeted facial recognition systems.”
They urge members of the European Parliament, one of the organs in the negotiations, to push back hard on the proposal to extend the list of prohibition exemptions for law enforcement use of real-time RBI such as untargeted facial recognition scanning.
“Without this push back, law enforcement uses of facial recognition AI systems will effectively become the rule and not the exception in the EU,” state the authors. “MEPs should also strongly advocate for a ban on untargeted uses of real-time remote biometric identification in publicly accessible spaces.”
Finally, CDT calls on MEPs to negotiate with member states on protecting human rights, particularly of the most vulnerable groups such as migrant seekers and refugees, by rejecting all exemptions in the Act that would impact these groups, such as border surveillance technologies and databases.
A recent report by the Oxford Refugee Studies Centre at the University of Oxford mapped technologies, such as biometrics and surveillance, in use or under trial across Europe for tackling migration. Read More
