Uncle Sam wants to scan your iris and collect your DNA, citizen or not
(theregister.com)278 points by SanjayMehta 11 hours ago
278 points by SanjayMehta 11 hours ago
This WorldCoin image will forever live rent free in my head:
https://www.crikey.com.au/wp-content/uploads/sites/3/2023/08...
https://en.wikipedia.org/wiki/World_(blockchain)
A Sam Altman project which seemingly popped up out of nowhere, and offered people free money in exchange for biometric registration on the network, in a lot of countries all over the world. It seemed to be an attempt to set up some sort of global electronic ID system and currency all in one.
That silver sphere is an iris scanner, IIRC.
Got shut down pretty hard in a bunch of places as a potentially illegal invasion of privacy.
One thing that i would prefer in biometrics would be that the iris/fingerprints get treated as what they are publicly available and easily obtainable data.
At worst using it a a secret key is similar to using your name as a hidden variable for authorisation, whent it sshould strictly be a identification token.And once leaked you cant revoke it .
Back on topic , a Gattaca type system is unbelievably bleak and when(not if) it is finallly shoved through.It wont take long to foist it on the rest of the planet (see the recent visa requirements viz social media and insane bond requirements demanded of some countries like Mali citizens being asked for $15K per visa application).
DNA too. Until 2018 it was used here as waterproof evidence until the police managed to lock up an innocent person based on DNA and blurry surveillance camera photos only. He was only exonerated because the real perpetrator was caught by chance and confessed a week later.
The transmission chain that was later identified on CCTV was hand to escalator rail to hand, a 2+ km walk, and finally hand to latex glove.
Biometrics are identification means (including DNA).
They can be used to uniquely identify you, but they're not secret. You literally leave fingerprints and DNA everywhere you go, and obtaining your biometrics is not as hard as guessing your password.
Biometrics should be used for identification, for authentication along with other means (passwords, PIN, device keys, etc), and never for authorization.
It'll be treated just as stupidly as Social Security numbers, and soon we'll have biometric data breaches. >sigh<
Aside: Social Security numbers should be public now, too. That ship sailed a long time ago and it should be recognized.
What if people just publicized their own social security number, and then whenever they had to deal with "identity theft", they just pointed out that their SSN is public information and so it was negligent for the company to believe it was them just because of a SSN.
Just for the record, I think it’s a crazy idea to make things like DNA or fingerprints public. But a social security number is different. It’s wild how in the US, if someone gets hold of your number, they can do so many things with it. I’m from Sweden, and here we have a similar number called a personal identification number. The last digits are not secret but still sensitive. You can actually Google and find out almost anyone’s number if you want to, and it’s used for similar purposes. But it wouldn’t be enough to cause serious harm just by knowing someone’s number. Identity theft happens here too, but for a company it’s not much different from someone just having your name. It’s still a pain, but it’s nothing like in the US where your life can basically fall apart if someone gets your social security number.
poor netsec aside, at least I don't leave my social security number lying around every time I touch a door knob.
Hey now, at least I'm able to change my social security number and passwords.
Good luck changing eyes.
Changing your social security number is only slightly easier. Okay, maybe that's hyperbole. But having your SSN exposed isn't a good enough to be able to change it. You have to show it is actively being abused, and you can't address the problems another way.
Biometrics can be a secure secret key, as long as there's a trusted guard manning the reader, ensuring that you're showing your real fingerprint / face and not a fake.
You don't leave iris prints everywhere you go. Even most fingerprints you leave are unusable for identification. Contrary to what CSI may have taught most Americans, even usable DNA samples aren't a given.
Biometrics aren't "publicly available" let alone "easily obtainable". They're easy to extract from you but this is why extraction and retention of this kind of data should be considered extremely invasive and sensitive. That wallet in your pocket may be "publicly available and easily obtainable" but that doesn't mean we should treat it as such - rather we should make sure it's actually illegal to do so without your consent: that's why theft is a crime.
Many SSNs have been compromised already. The jig is up. It was never supposed to be an identity system but organisations keep insisting on using it as one. Even if they aren’t literally publicly available and easily obtainable, they should be treated as such.
https://constella.ai/verifying-the-national-public-data-brea...
That’s not what the poster meant.
What treating this biometric info as public means is that it won’t be accepted as valid proof of identity. Just because you posted a video on TikTok shouldn’t mean that a scammer can take out a loan in your name.
Don't most people in the US get fingerprinted at some point?
Let's see. I've been fingerprinted, all 10 fingers, for, at least, 1) the US Army, 2) security clearance for a DoD job, multiple times, 3) a permit to ride a horse on SF Water Department property, and 4) Customs and Border Protection Global Entry, which also took an iris scan.
California DMV takes a thumbprint, but not all 10 fingers. They've been recording me at every transaction for decades.
So I'm on file.
I think of being IDd as a normal part of life, for any position of trust. Is this unusual?
What may be information regarding a check for position of trust today, may well be information regarding a check if you should be locked up because of other reasons, tomorrow.
The issue is not the information itself, but how the information will be used. The chance of abusing information is not zero. But having rigorous rules and processes regarding that information, for instance mandatory destruction of said information, will greatly reduce the chance of abuse in the uncertain future.
Depend what the "position of trust" is taken. Security clearance for departement of defense is certainly not something the median citizen can be expected to go through.
Surely there's a difference between collecting a thumbprint for a driver's license or even collecting full fingerprints for a specific job type, and collecting your DNA and an iris scan just for being a citizen?
I'm German. My government literally issues ID cards and requires fingerprints for those nowadays as well (because terrorism or the children or whatever works as the excuse at the moment) but the idea of a government agency collecting my DNA seems far more invasive given the kind of things you can do with that information and the kind of things governments (especially in my country but in the US and Canada too) have historically done to groups of people under them.
If you think there's nothing concerning about the government wanting to collect extensive biometric data including DNA from not only people applying for immigration but also people associated with them or their application, maybe it would sound more concerning to you if I said that in German.
> Surely there's a difference between collecting a thumbprint for a driver's license or even collecting full fingerprints for a specific job type, and collecting your DNA and an iris scan just for being a citizen?
Not really; every citizen is expected to have a driver's license, and this takes place before anyone has really thought about the issue even if they're likely to object later. It's sort of like the difference between baptizing infants and baptizing adults.
You're right that there's more information in the DNA, but what difference do you see in the iris scan?
The problem with these types of technologies is that you will be at the mercy of whoever uses them. It's like chat control, censorship, gun laws, etc. You can't control how they will be leveraged.
I lived in California for some time a few years ago, and it was a mess, so I understand people being okay with this type of stuff if it will make them more secure, but it's a very risky slippery slope.
The other thing is that with all the data Google has, they can probably uncover everything they need just by paying for Google Ads data :/
> gun laws
... arent as vital as other freedoms like travel, anonymity, speech and contract. I dont like this conflation because i see it as a nasty and harmful bias.
You can submit a public comment on the proposal to DHS at the link below:
https://www.regulations.gov/document/USCIS-2025-0205-0002/co...
I suspect this government isn’t receptive to commentary from anyone other than only one person. While I’d never discourage anyone from advocating their beliefs this feels like at best a waste of energy. They are going to do it because they decided to do it - the solicitation of comments is performative and required. The only way to stop it is via the courts and by voting next November.
There's even precedent for the current president's agencies compiling some pretty sketchy "comments" in the past due to not doing basic sanity checks on pretty obvious fake comments that happened to support their agenda, like when supposedly seeking input from the public about repealing net neutrality[1]. There were so many duplicates that only thirty 30 unique comments made up 57% of the overall total, and the second most common "name" among the authors was literally "The Internet".
No one in the current administration cares about what random members of the public think about their policies, and that's by design. Even the government positions that are intended to be permanent across administrations aren't a safe bet at this point with was things have been going
[1]: https://www.pewresearch.org/internet/2017/11/29/public-comme...
You are 'this government's best friend, advocating for their opponents to give up and quit. In a remarkable pattern that I never thought I'd see in the rugged individualistic, idealistic, freedom-loving USA, a large group is literally self-defeating: They defeat themselves before even getting out of bed.
That's why your opponents are unstoppable - because you don't stop them. The performative nonsense is their aggression display.
They still want to win the election. Political and policy outcomes aren't all or nothing; the more they see, the more it will nudge them in whatever direction you want. Others will see it and it will nudge them too. If one person didn't embrace being a quitter, others would do the same.
The government isn't one person, and I think both bureaucrats and judges are actually quite receptive to lots of people - only it's nebulous to who and why. Trying to please, and hoping to get rewarded, but neither you or they themselves are 100% certain of by who. Opaque power structures, everyone's paranoid, including the powerful.
Did you know that the State of California has a DNA sample from every person born in the state since 1983? It's required by law for the hospital to collect it and give it to the state.
This is a particularly incendiary way of putting this information out there.
What is collected and stored is a small blood-spot sample from a heel prick on a newborn. This is used to test for various kinds of conditions that affect newborns.
This isn't a full DNA genome sequence or even any data at all, just the blood-spot specimen.
Law enforcement does not have automatic access to this sample, but individual samples have been given to law enforcement through court orders or warrants. There isn't a clear SOP for how law enforcement typically gets this information or how often it's given to law enforcement, but there's been proposed legislation to make this more transparent.
The blood sample isn’t a DNA sample right up until the point they decide to sequence it. This is the same legal doctrine allowing the government to systematically collect all of your personal data without violating your privacy as long they don’t look at what they collect without a warrant.
The government has granted themselves an option on your personal data that can’t be revoked.
I agree with you in principle. And I agree that the government has been steadily eroding our privacy. And I agree that California probably shouldn't be retaining these samples forever.
However, the likelihood of being able to "sequence" the biomatter on a blood spot is quite low, and the probability of getting good signal out of it continues to go down over time. It'll still remain useful for various kinds of spot testing and genetic disease testing, but it's not going to produce a fully validated genomic sequence or even be that useful for forensic purposes.
This isn't some sort of sealed blood vial, it's literally just blood on paper.
> but individual samples have been given to law enforcement through court orders or warrants.
Then I can easily guarantee you that individual samples have been given to law enforcement _without_ orders or warrants.
> There isn't a clear SOP for how law enforcement typically gets this information
Which means there is zero oversight, logging, or auditing.
No, they are correct, and it's disingenuous to claim otherwise. They have a DNA sample of everyone. Those samples haven't been sequenced. As you've pointed out, they are sequenced when the state needs them to be.
It would be like scanning your drivers license and putting it in a sealed envelope and claiming "I don't have your home address!", when I'm known to get the home address from other peoples envelopes when asked for it.
At least they can't trawl them for random matches when they're like that, the cost of sequencing is a barrier. Probably even more in that a 20 year old blood spot on a piece of paper isn't an ideal DNA sample.
Because the US has laughably weak privacy laws and most Americans snicker at the EU GDPR because of "cookie banners" (which btw isn't a thing - most consent dialogs are non-compliant as they shouldn't serve to just inform you but to actually obtain voluntary, revokable and specific informed consent) instead of thinking about what it means to actually have a fundamental human right to privacy and ownership of your own data or not.
They keep the samples for the same reason US tech startups keep deleted data and track seemingly useless behavior. Because they might find a use for it someday and there's literally no law preventing them from doing it.
> This is a particularly incendiary way of putting this information out there.
Was it inaccurate?
It's about as accurate a Buzzfeed headline, but I guess that's par for the course on the internet these days.
It's not a "DNA sample" in the way that most people would consider it these days, no more than a used cup would also be called a "DNA sample". But to your point, it can still be used for surveillance and tracking.
Also, your phrasing is designed to make it seem like a huge overreach, when this act has likely saved millions of lives through early diagnosis of preventable diseases and early intervention on disabilities. I have personally experienced this.
So yes, I do think your framing here is inaccurate through omission of key facts.
the implication was misleading, yes. the implication being that California has database of its citizens' genetic data. when the reality is that CA has a _physical sample_ of blood.
It is as accurate as any of the incendiary Pravda propaganda pieces[1] about how the capitalist swine lived. Other posters have helpfully pointed out the specifics of why your particular spin on it is not entirely honest.
---
[1] Often mostly factually accurate, but I doubt you'd find much common ground with the particular spin they'd put on describing your daily life.
Do you have a source? I know there is an index[0] of the information on California birth certificates from 1905 to 1995 and technically, despite the privacy implications, birth records in California are considered "public record".
I just got back from the Millennium Seed Bank in the UK and was marveling at the size of a small footprint facility that stores samples of more than 10% of all known living plants.
Reading this thread, I was curious about what the size of California's sample collection looks like. I made an estimate using a little 1ul vial and an estimated 40 million people born in California since 1930. 100 samples in each box means 400,000 boxes. It's something like a 60 foot by 60 foot room with shelving.
If you extended it to a bank of 100 billion (about all humans ever born), that gets you to a pretty low tech solution that stores samples in the footprint of five Costcos.
The trick is that you don't elect someone like Donald Trump. I just read on the BBC that the president of America threatened New Yorkers not to vote for Mamdani.
People in the Netherlands trust their government because noone in the 500 years of history has ever gotten close to getting dictatorial power unless you count Napoleon and Hitler.
Why does Belgium exist? Is it because the Flemish revolted against Dutch rule?
Despite the downvotes you are right that democracies mostly deliver what voters want. And if voters want silly things, they get silly things.
It's easy to fret at how dysfunctional and insane politics are. But after you talk to some actual voters (and look at opinion polls), instead you marvel at how comparatively sane policies manage to be---despite voters.
Be careful - this may be a case where they say they're going to do one thing (collect data from US citizens), but walk that part of it back after people protest - while those very same people overlook the fact that they're still going to be getting every immigrant to submit to the scans.
It's weird how many people's perception of this type of behavior is shaped by the person sitting in the White House.
EDIT: It's also weird how my comment is being perceived exclusively as criticizing the critics of this administration rather than criticizing the supporters of this overreach. My comment was intentional phrased very generally, if you think it is specifically about you, that reveals something about you.
Wouldn't it be weird if that didn't shape their perception? It's not surprising that people are less trusting when an authoritarian is in power.
But the assumptions should always be that one day someone like that could take power and gain access to that data.
I mean I think, while that possibly always _should_ have been the assumption, 20 years ago the assumption would have been very much that someone like that could _not_ take power, and that the worst the US had to fear was the likes of Dick Cheney (admittedly still pretty bad). The idea that the US might just transform into a weird batshit autocracy is really _pretty new_; it wasn't taken all _that_ seriously even in Trump's first term, because, well, the courts will just slap him down, right?
The way to prevent authoritarians from abusing power is to not elect them, and to throw them in jail when they violate the law. They're not hard to spot; people warned about the current guy for a decade before he took over.
What's happening right now is not because the government had a database lying around and an unspecified authoritarian picked it up.
What's happening is that after a specific authoritarian staged a coup against the government, he was nevertheless allowed to continue his anti-democratic efforts. Trump should have a 27 year sentence like his Brazilian compatriot Bolsonaro, who in monkey-see-monkey-do fashion, similarly affected a coup against his government. Had we actually prosecuted those crimes the way Brazil did, we could still be talking about how to prevent theoretical authoritarian governments from abusing their power. But now we have a specific instance, and in this case, all the anti-authoritarian measures in the world mean jack if the government just allows actual insurrectionists to run for president, which is barred by the Constitution for a good reason. In that case they're just asking for it.
At this point, at least a third of the country always thinks an authoritarian is in power.
FWIW, I've believed we've had an authoritarian in power for quite a while now. Obama, Trump, Biden, and Bush have all tried and succeeded in expanding executive power. They've all engaged in extrajudicial killings overseas.
Nothing sets me off like seeing people think this behavior from Trump doesn't have shared roots across both parties.
Biden kept kids in cages. Obama bombed weddings. Yes, the current admin is accelerating hard but like, prior admins were accelerating.
People should really try to stop thinking about politics like it's a two party game where you have to pick a side. Figure out your principles, and start finding candidates who match those principles.
>Wouldn't it be weird if that didn't shape their perception?
No. I flat out reject the excuse you make on their behalf and consider you lesser than you would be had you not made it.
We're presumably discussing adults, not ten year olds or monkeys. They ought to f-ing act like it.
These people are almost all likely capable of the emotional restraint and logical thinking and sufficient abstract thought to think these things through and decide whether policy or action is good or bad regardless of if it's their guy doing it or their interest being served by it. The fact that they decline to do so is a failing of them. To excuse it only serves to reinforce or validate it and should be ridiculed.
They should bear in mind that someone they consider an authoritarian will inevitably be elected.
> It's not surprising that people are less trusting when an authoritarian is in power.
The majority of Americans don't feel that way, but did about the last administration, and enough to do something about it. What's surprising is, given that revelation, a few people still actually think that.
I see it as a blessing: privacy advocates have previously argued that yes these invasive tools might currently help an honest government do its job to stop bad guys, but the tools could eventually fall into the hands of a not so honest government. Now, you don't really need much of an imagination to see what happens when the tools fall into the wrong hands, and hopefully more of the citizenry can get behind the idea of privacy as a fundamental right, and not just something for those who have something to hide.
Do you have any evidence that public concern over privacy changes depending on who is in the white house?
A quick search suggests a solid majority has been consistently upset about this issue for decades. The phrasing of the question seems to have more impact than the year, but I cannot find any hard data on consumer privacy concern trends over years.
Such trend data would be useful.
I don't think it is.
I think it's selective attention plus recency bias.
This drift has started 24 years ago with 9/11 and no president has stopped or slowed it.
People who dislike who's in charge say the same things as always, people who dislike such measures same the same things as always regardless of who's in the white house, etc.
Fwiw, I would be unhappy with the Biden and Obama administrations trying to do this as well. For me this has nothing to do with who's in the White House, it's an overreach plain and simple.
100%. Let’s not let partisanship distract us from the omni-presence of the military industrial complex and the authoritarian bent of everyone who’s been in power in the US over the last several decades. Dems will tinker around the edges to make it more palatable, but there’s still: black sites, torture, drone strikes, unjustified wars, installing of puppet governments in sovereign nations, abuse of the commons for private profit and an absolute hunger for every scrape of your data to monitor and manipulate you no matter who is in the White House.
If I have to choose between voting for pro-corporate neoliberalism or fascism 2.0, I’ll vote the former, but that’s basically just asking which speed you’d like quality of life to erode for the average person. I’d really like a couple more options on the ballot please.
Nit: Quality of life for average Germans went up, not down, once they brought back slavery and started pillaging other countries. If that's the metric we're using to decide what form of government we want, then all bets are off; ethics and morality play no part.
It's also weird how people gatekeep resistance on the basis of their perception that it's motivated by the person sitting in the White House.
If people are ready to resist now, let's welcome them, rather than questioning whether their motives are related to some tangentially related disagreement.
>It's also weird how people gatekeep resistance on the basis of their perception that it's motivated by the person sitting in the White House.
Because let's be real here, whether such discussion is allowed to stand or is shut down in a politically fairly homogenous community is typically a direct reflection of that fact. You see the same thing on the opposite side of the isle.
>If people are ready to resist now, let's welcome them, rather than questioning whether their motives are related to some tangentially related disagreement.
You have to draw a line somewhere. This sort of shortsighted expediency based politics is how we got the current political parties.
I think it's an interesting visual to compare the Stasi's rows of scent jars to data centers filled with banks of flash memory storing biometric data.
I used to think this kind of thing didn’t concern me. But once family members get pulled in and citizens get scanned by association, it’s hard to stay untouched.
Is this really about safety, or are we quietly building something we won’t be able to roll back?
It’s somewhat important to point out that this is the same thing that was done during the Iraq war to potential “insurgents” so the biometrics tech was “trained” and used experimentally there before it has been brought home. Wouldn’t be surprised if the people that used it in Iraq (as technicians) are now going to be the people operating the tech now in the US.
You've been asleep or something? Current policy of every Five Eyes country:
"You could be refused entry to [...] if you:
[...]
- refuse to let an immigration officer take your photo, fingerprints or an iris scan"
FFFFFFFFFFFFFUUUUUUUUUUUUUCKKKKKKKKKKKKKKKK NNNNNNNNNNNNOOOOOOOOOOO
This shows how complex the balance is between security and privacy, every new technology seems to push that line a bit further.
Unsurprising.
India, which given its colonial-era ruling-elites who are maniacally obsessed with the Anglosphere, is today considered a "laboratory" for doing social experiments that'd be considered a outrage against human dignity in their own countries. This country was the first in line not only the biometric identification projects (Aadhar), and for demonetization (of 2016 with UPI). All of these were funded and pushed by USAID.
Both of these were implemented by running roughshod over constitution and regulation, by "roping-in" key regulatory people by giving them what they desire the most - access to the ruling elites in the US. Eg. Infosys' Nandan Nilekani was thrust to the top with his USAID funded projects.
Now the results of this "human corralling" experiments (note: a lot of what Orwell described came out of his experience in British-colonial India), is now coming to the West.
EU's recently rejected chat control looks like child's play compared to this. These are some Stasi methods that are going to destroy the US if implemented. Europe already went through creating dossier on citizens in the past, the next immediate step is always fascism. Nothing good comes out of fascism, as the history showed.
Isn’t that a quote from The Mandalorian?
> It is a shame that your people suffered so. Just as in this situation, it was all avoidable. Why did Mandalore resist our expansion? The Empire improves every system it touches. Judge by any metric. Safety, prosperity, trade, opportunity, peace. Compare Imperial rule to what is happening now. Look outside. Is the world more peaceful since the revolution? I see nothing but death and chaos.
Yes, in a rundown communist state. What could have followed , would be a Kim leader steering the country in the North Korean direction — which I’d call fascist.
Luckily there was Gorbachev and in the people enough decency and civilisation left, so the system just folded
How is this news, the usgov has been taking my biometrics for the past 5 years
Every time I fly from SFO, there’s a face-tracking camera that takes your photo after you stand up close to it. There’s definitely some sort of data harvesting there and there’s no opt out that I know about.
I also have Clear, which was voluntary but certainly collected my biometric data years ago.
I also have Global Entry, which has a similar scanning tech to point 1.
Yeah, I think the crappy side of it at this point is that the biometric data they collect is never leveraged to help you as a citizen.
If I lose my passport while abroad, given that the government has my fingerprints etc, why can't I use those biometrics to reenter the country (and have a replacement passport reissued immediately)?
Officially, you are supposed to be able to opt out of the face recognition cameras at security but I think whether staff actually respect that is not consistent.
The first kind you can just opt out: https://www.dispatch.com/story/news/2025/05/19/why-how-opt-o...
As a US citizen, you likely have your photo in a state or federal database somewhere from getting your ID or driver's license.
Depending on your job, background check history, or interactions with the police, your fingerprints might be in a database somewhere.
If you fly, your facial image/photograph/video is held by TSA and also as part of the REAL ID program.
So there are some biometrics that the government has of us, but clearly the article is describing a huge increase in not just the kind of biometric data collected, but also the kinds of people who would be required to give it up.
I guess I wasn't counting my photo ID as biometrics since there's no 3D map of my face to accompany it. I haven't been through an airport in over ten years either so hopefully my biometrics remain out of government databases for now.
I've gotten scanned at the airport on entry and for my greencard h1b/greencard applications, I had to go get scanned at a biometrics center.
https://www.uscis.gov/forms/filing-guidance/preparing-for-yo...
> They haven't taken mine
If you let have a passport, State has your face.
I don't have one, but even if I did that's only a 2D photo right? I guess when I think biometrics I think of the full on 3D depth maps, vocal signatures, iris recognition, etc. that a phone is doing to tell who's trying to unlock it. Not that I want them to have a plain photo of me either, but that ship has sailed unfortunately.
The TSA uses facial recognition right now at most US airports. While they claim to not store the pictures, they've "accidentally" stored data many other times they promised not to so consider me skeptical.
I haven't been through an airport in over 10 years, but it was my understanding that you could opt out of the facial scanning stuff? I've asked my wife to do it each time she flies to California, just to see what happens, but she doesn't want to be a nuisance. :\
Hilariously, this is the second Sam that wants to collect everyones iris's for nefarious purposes