In July 2021, the Government of Spain presented a pioneering initiative in Europe based on the intention that all the fundamental rights and freedoms recognized in our Constitution, in the Universal Declaration of Human Rights and in the Charter of Fundamental Rights of the European Union are also guaranteed in the digital space. This is how the Charter of Digital Rights was born.
Recognition of real identity as an essential requirement for the exercise of individual rights
In order to guarantee the exercise of a person’s individual rights, whether in physical or digital space, it is necessary to recognize his or her identity. Without identity, without being recognizable and recognized by others, human beings are deprived of an essential element for their dignity and fulfillment. It is essential for citizens to have a real, secure and accessible digital identity.
Currently, the accreditation of identity in the digital world is deficient and has become a nightmare for many people. The use of keys, certificates and passwords is based on the presumption, not always true, that those who use them are their real owners. They are vulnerable methods, unable to establish a real and traceable link with the person behind the screen. These identification systems make citizens’ secure access to the digital world very complex and, what is worse, they encourage fraud and identity theft, which is one of the major security and crime problems on the Internet. Not only is remembering and using passwords and keys cumbersome and complex, but it is also insecure and does not guarantee that the person acting on the network is who he or she claims to be.
Biometric technology as an ally for the right to accurate identification
Biometric recognition technologies have advanced exponentially in recent years and have solutions that give people back control of their identity so that, with their consent, their identity can be securely verified. With the use of neural networks and advanced artificial intelligence, facial biometrics has become the benchmark biometric recognition technology, while its accuracy and security have improved exponentially in recent years.
The November 2018 report issued by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) states that facial recognition has undergone a process of industrial revolution, with notable improvements in accuracy and precision derived from the incorporation of neural networks. The progress has been of such magnitude that a 2021 biometric engine has an error rate 27 times lower than a 2014 engine. Out of every hundred times we try to be recognized by a facial system, only once will it tell us that it has not been able to do so and ask us to repeat the attempt, and if other people try to impersonate us, they will only succeed once for every million attempts they make.
Biometrics as an inherent factor
Biometrics makes it possible to recognize human beings by elements inherent to their person, unique and unrepeatable. The PSD2 Directive and the European regulation on digital identity establish the possibility for people to prove their identity by means of (i) something they have (an identity document, a cell phone, a credit card…), (ii) something they know (a password, a pattern…), or (iii) something people are (their biometric traits). With the combination of any two of these three factors, strong authentication can be performed.
It is necessary that the primary factor around which the proof of a person’s identity revolves be that of their inherent attributes, rather than that of devices or credentials. The control of identity should not essentially lie with the device, but with the individual as the sole owner and manager of his or her identity.
Of the three factors mentioned, only biometrics can unequivocally prove our real identity. In this sense, the right to identity in the digital environment must contain the right of the individual to use, if he or she wishes, his or her biometric identity, the only one that we can categorize with certainty as the real identity of a human being.
Citizens have the right to be provided by the public authorities with access to a reliable biometric identity for the exercise of their rights. As recognized by the Digital Bill of Rights, the State must guarantee the possibility of proving legal identity in the digital environment. The most advanced and pioneering public administrations provide their citizens with secure and accessible digital identities, based on advanced biometric recognition technologies, which can be used both for the provision of public and private services in the digital environment.
Regulation as an essential framework for a secure, private and user-controlled environment
The right to digital identity based on biometrics must be accompanied by measures to prohibit its abusive uses. In this regard, legislation plays a key role in clarifying and distinguishing between these cases. It is vital that European data protection regulations are rigorously applied and that technologies that do not meet the required standards of privacy assurance or use cases that represent a certain risk are limited or prevented.
For data protection, technological advances in the field of privacy are also remarkable thanks to the use of models based on Artificial Intelligence, because when a biometric engine observes a facial image, it converts it into a biometric vector. This vector has no information of geometric measurements of the face, nor is it reversible since the facial image cannot be obtained from it. It is an abstract mathematical representation of a totally private face, valid only for the biometric engine that generated it. This vector is encrypted with a different key for each service that uses the biometric engine. Current facial recognition engines do not need to store data of the faces they recognize, neither to operate, nor to continue their training, since, according to data protection regulations, this is done exclusively with public bases and/or built with consent or sufficient legitimacy for this purpose.
In short, facial biometric engines based on neural networks have achieved through the use of vectors, the introduction of liveness detection and anti-spoofing systems, that fears about the use of biometric features as an element of proof of identity are unfounded. The massive application of these systems will lead to an increase in attempts to attack them and, in parallel, protection solutions will be deployed against such attacks, as is the case in many other aspects of the digital world.