Tag: biometrics

Are Newborns Next in Line for Britain’s Digital ID Push?

Congratulations! It’s a boy. Or a girl. Or maybe it’s a biometric data point waiting to happen, ready for tagging and cataloging before it’s even burped.

That’s right, folks: the UK Government is now toying with the idea of slapping digital IDs on babies at birth. Not metaphorically. Literally.

This is the UK, where your child’s first toy might be a state-linked QR code.

Ministers, we are told, have been whispering about extending Keir Starmer’s beloved digital identity scheme to include every single British infant.

But yes, this is real. Cabinet Office minister Josh Simons, who seems to be suffering from a severe case of “government by Black Mirror,” has been conducting private meetings on the topic.

The sort of meetings where you’re told to leave your phone at the door and pretend nothing happened. According to people present, jaws were dropping. Probably because the conversation had leapt from employment verification to baby barcoding faster than you can say “authoritarian drift.”

But don’t worry, Starmer says this is all about simplifying bureaucracy.

Let’s not forget how this all started: the Government insisted, hand on heart, pinky swear, that the digital ID scheme was only about immigration. Stop illegal working. Crack down on dodgy landlords. Check the papers. You know the script.

But now, somehow, without so much as a public debate or even a badly photoshopped leaflet, we’ve leapt from immigration controls to putting every British citizen on a digital leash from cradle to grave.

One source said: “You could see jaws dropping around the room,” The Times reported.

Former Conservative minister Sir David Davis was less diplomatic, describing the scheme as “creeping state surveillance,” and the ministers behind it as “stupid” and dazzled by their own gadgets.

Keep reading

As Mexico’s Biometric ID Draws Closer, Implementation Remains Uncertain

Looking toward 2026, Mexicans and foreigners residing in Mexico are preparing to navigate an uncertain future regarding new laws that require biometric identification for certain services.

In July 2025, several new laws took effect in Mexico that greatly increase opportunities for government surveillance and coerce the population into registering for a biometric program required to access many services, including banking, health programs, social welfare, education, cellphone service, and internet access.

While the laws are set to be phased into practice beginning in February and continuing throughout the spring of 2026, it remains unclear how the policies will be enforced in a country known for its weak federal government and rampant corruption. It is also uncertain how the infrastructure for such programs will be implemented in Mexico’s vast rural areas, where as much as one fifth of the population resides.

The biometric requirement relates to Mexico’s personal identity code for citizens and residents, known as the Clave Única de Registro de Población (Unique Population Registry Code), or CURP. The CURP typically consists of 18 characters derived from a person’s family names, date and place of birth, and gender. It functions similarly to the US Social Security number.

The new laws will require the CURP to include the holder’s photograph and a QR code embedding biometric data, including scans of both fingerprints and irises. The legislation mandates the creation of a “Unified Identity Platform,” managed by the Ministry of the Interior and the Digital Transformation Agency. This platform will integrate the biometric CURP with the healthcare system as well.

The biometric CURP would also be required for purchasing internet and cellular services. This would force businesses selling these services to check a customer’s CURP before purchase. Individuals who do not comply with the CURP requirement could see their internet or phone service interrupted.

Mexico’s civilian intelligence service, the Centro Nacional de Inteligencia (CNI), and the National Guard will have access to the biometric data.

The Mexican government says these new laws are aimed at fighting organized crime and drug trafficking, as well as helping with the search for missing people. The government has also argued that controversial changes to the nation’s telecommunications laws are designed to bridge the so-called “digital divide,” referring to the limited access to internet and cellular service in rural areas compared to urban environments.

Keep reading

Russia expands biometric ID system (again)

The commercial enterprise that controls Russians’ biometric data has introduced new ways to use your face as a form of ID, resulting in unprecedented levels of safety and convenience in the Russian Federation.

Russians young and old are already reaping the benefits of their country’s “digital transformation”—including very, very young Russians.

The Russian government is working on amending federal legislation to allow schools across the country to monitor and identify students using biometrics, Kommersant reported on December 3. Plans for a standardized “biometric turnstile system” for Russian schools are already being tested in Tatarstan.

Authorities have stressed that schools will be able to choose whether or not to switch to biometric identification, adding that parents must first consent before their childrens’ faces are scanned and entered into Russia’s Unified Biometric System (UBS).

Keep reading

Alaska Plots AI-Driven Digital Identity, Payments, and Biometric Data System

Alaska is advancing plans for a far-reaching redesign of its myAlaska digital identity system, one that would weave “Agentic Artificial Intelligence” and digital payment functions into a unified platform capable of acting on behalf of residents.

A Request for Information issued by the Department of Administration’s Office of Information Technology describes a system where AI software could automatically handle government transactions, submit applications, and manage personal data, provided the user has granted consent.

We obtained a copy of the Request For Information here.

What once functioned as a simple login for applying to the Permanent Fund Dividend or signing state forms could soon evolve into a centralized mechanism managing identity, services, and money flows under one digital roof.

The plan imagines AI modules that can read documents, fill out forms, verify eligibility, and even initiate tokenized payments.

That would mean large portions of personal interaction with government agencies could occur through a machine acting as a proxy for the citizen.

While the proposal emphasizes efficiency, it also suggests a major change in how the state and its contractors might handle sensitive data.

The RFI describes an ambitious technical vision but provides a limited public explanation of how deeply such agentic AI systems could access, process, or store personal information once integrated with legacy databases. Even with explicit consent requirements, the architecture could concentrate extraordinary amounts of behavioral and biometric data within a single government-managed platform.

Security standards are invoked throughout the RFI, including compliance with NIST controls, detailed audit trails, adversarial testing, explainability tools, and human override features.

Yet those guardrails depend heavily on policy enforcement and oversight mechanisms that remain undefined.

The inclusion of biometric authentication, such as facial and fingerprint verification, introduces another layer of sensitive data collection, one that historically has proven difficult to keep insulated from breaches and misuse.

A later phase of the program extends the system into digital payments and verifiable credentials, including mobile driver’s licenses, professional certificates, hunting and fishing permits, and tokenized prepaid balances.

Those functions would be based on W3C Verifiable Credentials and ISO 18013-5, the same standards shaping national mobile ID programs.

This alignment suggests Alaska’s move is not isolated but part of a broader US trend toward interoperable digital identity frameworks. Observers concerned with privacy warn that such systems could evolve into a permanent, cross-agency tracking infrastructure.

The state’s document also calls for voice navigation, multi-language interfaces, and a new user experience designed to cover as many as 300 separate government services in one app.

Framed as modernization, the initiative nonetheless highlights an unresolved question: who truly controls a citizen’s digital identity once government and AI systems mediate nearly every transaction?

Once deployed, an AI that can act “on behalf” of a person also becomes capable of learning their patterns, predicting their needs, and operating continuously within government databases.

Once Alaska’s system moves forward, it will join a growing roster of governments weaving digital ID into the core of civic and online life.

Across Europe, Canada, and Australia, digital identity frameworks are increasingly framed as gateways to public and private services, while emerging proposals in the United States hint at a future where identity verification might become routine for accessing even basic online platforms.

These projects often promise efficiency, but their cumulative effect is to normalize constant identification, replacing the open, pseudonymous nature of the early internet with a model where every interaction begins with proving who you are.

Keep reading

British Transport Police Launch Facial Recognition Trials in London Stations

Some people, when they want to improve public transport safety, hire more staff, fix the lighting, or maybe even try being on time.

The British Transport Police, however, have gone full Black Mirror, deciding the best way to protect you from crime on your morning commute is by pointing cameras at your face and feeding your biometric soul into a machine.

Yes, for many Britons, facial recognition is coming to a railway station near them. Smile. Or don’t. It makes no difference. The algorithm will be watching anyway.

In the coming weeks, British Transport Police (BTP) will be trialling Live Facial Recognition (LFR) tech in London stations. It’s being sold as a six-month pilot program, which in government-speak usually means it will last somewhere between forever and the heat death of the universe.

The idea is to deploy these cameras in “key transport hubs,” which is bureaucratic code for: “places you’re likely to be standing around long enough for a camera to decide whether or not you look criminal.”

BTP assures us that the system is “intelligence-led,” which doesn’t mean they’ll be targeting shady characters with crowbars, but rather that the cameras will be feeding your face into a watchlist generated from police data systems.

They’re looking for criminals and missing people, they say. But here’s how it works: if your face doesn’t match anyone on the list, it gets deleted immediately. Allegedly. If it does match, an officer gets a ping, stares at a screen, and decides whether you’re a knife-wielding fugitive or just a man who looks like one.

And you have to love the quaint touch of QR codes, and signs stuck up around the station letting you know that, yes, your biometric identity is being scanned in real time.

Chief Superintendent Chris Casey would like you to know that “we’re absolutely committed to using LFR ethically and in line with privacy safeguards.”

The deployments, we’re told, will come with “internal governance” and even “external engagement with ethics and independent advisory groups.”

Keep reading

Thailand orders suspension of iris scans and deletion of data collected from 1.2 million users

Thailand’s Personal Data Protection Committee has ordered TIDC Worldverse to suspend its iris-scanning services and delete biometric data collected from 1.2 million users, citing non-compliance with Thailand’s Personal Data Protection Act.

TIDC Worldverse is part of Sam Altman’s World ID project, which has faced scrutiny over potential links to cryptocurrency scams and unauthorised data use, including cases where people were allegedly hired to scan irises for others.

The National Health Security Office in Thailand has ordered the suspension of iris biometric data collection by TIDC Worldverse and has demanded the deletion of biometric data already collected from approximately 1.2 million Thai citizens.

TIDC Worldverse is the Thai representative of Sam Altman’s Tools for Humanity, which operates the World ID project (formerly Worldcoin) in Thailand. The initiative uses iris-scanning “Orb” devices to provide a digital “proof-of-human” credential.  Participants receive Worldcoin (“WLD”) tokens as an incentive for biometric verification.

Explaining in simple terms what the “Orb” is, Business Insider said, “The Orb is a polished, volleyball-sized metal sphere that scans irises to generate a ‘World ID’ – a kind of digital passport meant to distinguish humans from machines online.”

Keep reading

German States Expand Police Powers to Train AI Surveillance Systems with Personal Data

Several German states are preparing to widen police powers by allowing personal data to be used in the training of surveillance technologies.

North Rhine-Westphalia and Baden-Württemberg are introducing legislative changes that would let police feed identifiable information such as names and facial images into commercial AI systems.

Both drafts permit this even when anonymization or pseudonymization is bypassed because the police consider it “impossible” or achievable only with “disproportionate effort.”

Hamburg adopted similar rules earlier this year, and its example appears to have encouraged other regions to follow. These developments together mark a clear move toward normalizing the use of personal information as fuel for surveillance algorithms.

The chain reaction began in Bavaria, where police in early 2024 tested Palantir’s surveillance software with real personal data.

The experiment drew objections from the state’s data protection authority, but still served as a model for others.

Hamburg used the same idea in January 2025 to amend its laws, granting permission to train “learning IT systems” on data from bystanders. Now Baden-Württemberg and North Rhine-Westphalia plan to adopt nearly identical language.

In North Rhine-Westphalia, police would be allowed to upload clear identifiers such as names or faces into commercial systems like Palantir’s and to refine behavioral or facial recognition programs with real, unaltered data.

Bettina Gayk, the state’s data protection officer, warned that “the proposed regulation addresses significant constitutional concerns.”

She argued that using data from people listed as victims or complainants was excessive and added that “products from commercial providers are improved with the help of state-collected and stored data,” which she found unacceptable.

The state government has embedded this expansion of surveillance powers into a broader revision of the Police Act, a change initially required by the Federal Constitutional Court.

The court had previously ruled that long-term video monitoring under the existing law violated the Basic Law.

Instead of narrowing these powers, the new draft introduces a clause allowing police to “develop, review, change or train IT products” with personal data.

This wording effectively enables continued use of Palantir’s data analysis platform while avoiding the constitutional limits the court demanded.

Across North Rhine-Westphalia, Baden-Württemberg, and Hamburg, the outcome will be similar: personal data can be used for training as soon as anonymization is judged to be disproportionately difficult, with the assessment left to police discretion.

Gayk has urged that the use of non-anonymized data be prohibited entirely, warning that the exceptions are written so broadly that “they will ultimately not lead to any restrictions in practice.”

Baden-Württemberg’s green-black coalition plans to pass its bill this week.

Keep reading

Russia Moves to Mandate State Biometric ID for Online Age Verification

Russian lawmakers are moving forward with a proposal that would make the country’s biometric and e-government systems the mandatory gatekeepers for online age verification.

If implemented, the measure would tie access to adult or “potentially harmful” content directly to a person’s verified state identity, dissolving any remaining expectation of online anonymity.

The plan, discussed on October 28, is being marketed as a child protection initiative. Officials insist it is designed to keep minors away from dangerous material, yet the scope of what qualifies is remarkably broad.

According to TechRadar, one official included pornography, violent or profane videos, and even “propaganda of antisocial behavior” in the list of restricted content.

The main part of the proposal is the use of the “Gosuslugi” digital services portal, which already functions as Russia’s main interface for state verification.

This system connects directly to the Unified System of Identification and Authentication (ESIA) and the national Unified Biometrics System (UBS), both of which are controlled by the government.

State Duma deputy Anton Nemkin, a former FSB officer, suggested that these networks “could be used to verify age without directly transmitting passport data to third-party platforms.”

In effect, the state would become the universal intermediary between citizens and the internet.

Legal experts specializing in digital rights argue that this initiative continues a long-established trajectory.

Since 2012, when Russia began constructing its online censorship framework under the pretext of protecting minors, each new regulation has chipped away at personal privacy while expanding government visibility into everyday digital life.

The current proposal also fits neatly within Moscow’s broader strategy of “digital sovereignty.”

Deputy Chairman of the State Duma Committee on Information Policy Andrei Svintsov recently claimed that every Russian internet user will lose their anonymity within “three years, five at most,” TechRadar reported.

This vision aligns with another state project approved in June, the development of a national “super app” integrating digital ID, government services, and payment systems, which would even let users “confirm one’s age to a supermarket cashier.”

Keep reading

DHS Expands Nationwide Airport Biometric Tracking

The Department of Homeland Security has introduced a new rule that will greatly expand biometric tracking at US borders, establishing a system to photograph and identify every non-citizen who enters or leaves the country.

Although the regulation applies to non-citizens, the cameras do not distinguish citizens from non-citizens in real time.

CBP says US citizens may opt out by presenting their passports manually, and that photos of citizens are deleted within twelve hours once nationality is confirmed. However, that’s after the fact.

Starting December 26, Customs and Border Protection will have authority to take photographs of “all aliens” not only at airports and land crossings but at “any other point of departure” the agency designates.

We obtained a copy of the rule for you here.

DHS describes the change as “operational modernization.”

Keep reading

Are Your Identification Photos in a Face Recognition Database?

A majority of Americans are in face recognition databases in use by the U.S. government. Are you one of them? The Electronic Frontier Foundation (EFF) has launched a new quiz called “Who Has Your Face” to help you find out.

“Your driver’s license picture and other ID photos are often shared with law enforcement and other agencies like Immigration and Customs Enforcement (ICE),” said EFF Digital Strategist Jason Kelley. “Those agencies use facial recognition technology to compare your face with those in mugshots and with other photos of people suspected of committing crimes—putting you at risk of being misidentified. So we created this quiz to help show people what we know about who has their face.”

To create the Who Has Your Face quiz, EFF and the Center on Privacy & Technology at Georgetown Law reviewed thousands of pages of public records to determine as much as possible which government photos of U.S. citizens, residents, and travelers are shared with which agencies for facial recognition purposes.

We learned that government agencies—including ICE, the Department of Homeland Security, and the FBI—could all have some access to these photos. However, despite hundreds of hours of research it’s nearly impossible to know precisely which agencies are sharing which photos, and with whom. For example, each state DMV shares access to their photos differently, depending on agreements with local police, other states, and federal agencies.  Our Who Has Your Face quiz asks you questions like what kind of ID you have and which state you live in to help you narrow down which agencies might have copies of your photos.

“These public records have shown us that biometric database sharing is widespread and completely unregulated—and this is still just a partial picture,” said Clare Garvie, senior associate with the Center on Privacy & Technology. “Americans deserve to know how their biometric information is being used, especially when it may put them at risk of being misidentified as a criminal suspect.”

“Here’s the truth: it should be easy to learn the full list of which entities have personal data that you’ve been required to hand over in exchange for a driver’s license or for re-entry into the country after visiting family abroad—especially when that’s a photo of your face,” said EFF Surveillance Litigation Director Jennifer Lynch. “Most people realize that their photos are scanned into a database, but they don’t realize this effectively makes them part of a perpetual police line-up. That’s what’s happening to millions of people, without their knowledge, and it’s practically impossible to opt out.”

Despite the proliferation of federal, state, and local face databases, we can fight back. Laws that ban government use of face recognition are increasingly passing around the country. Several states already don’t allow or don’t have face recognition at DMVs. Cities like San Francisco, Berkeley, and Oakland, California, as well as Somerville, Massachusetts have also passed bans on its use.  To help ban government use of face recognition in your city, visit our About Face campaign.

Keep reading