Biometric surveillance infrastructure is expanding without oversight
Two HN threads landed on the same day covering different facets of the same expanding surveillance apparatus. ICE awarded a $25 million no-bid iris scanning contract to Bi2 Technologies, a company operating out of what appears to be a small office in Plymouth, Massachusetts, without requiring FedRAMP security certification for systems handling sensitive biometric data. Separately, the FBI is seeking near real-time access to license plate reader networks across the US.
The HN thread on WiFi-based human identification adds a third dimension: researchers have demonstrated near-perfect human identification using ordinary WiFi routers, a capability that requires no new hardware deployment since the infrastructure is already everywhere. Taken together, these three stories describe a surveillance capability stack being assembled across biometric, location, and presence data simultaneously.
The Oura ring story from the same news cycle, in which Oura disclosed it receives government demands for user health data, extends this into wearables. The comment that 'Apple is the only company worth trusting with health data' reflects the community's instinct that platform and legal structure matter enormously when your product sits close to sensitive personal data.
So what?
If you are building any product that touches biometric data, location data, health data, or presence data, the regulatory and legal environment around government access is moving fast and in one direction. Build your data architecture and terms of service with that trajectory in mind now. Founders who handle sensitive user data without a clear data minimization and government-access policy are carrying a liability that is growing, not shrinking.
Read these
ICE Awards $25M Iris-Scanning Contract to Bi2 Technologies
The FBI Wants 'Near Real-Time' Access to US License Plate Readers
Ordinary WiFi can now identify people with near perfect accuracy
Oura says it gets government demands for user data