Regarding the Server in the Sky Project

(Jan 19 - Updates added at bottom of article)

Yesterday’s edition of The Guardian included an article entitled "FBI wants instant access to British identity data", by Owen Bowcott. The article outlines a US-initiated program called "Server in the Sky", whose objective is the development of a massive international database - which would include biometric data - for use in major crime and terrorism investigations. Bowcott reports that the program has been the subject of an international working group, including the US, the UK, Australia, Canada, and New Zealand. This working group is called the International Information Consortium.

The project involves the linking of existing databases, and the facilitation of transnational flows of data. The Server in the Sky program is an FBI initiative, "designed to foster the advanced search an exchange of biometric information on a global scale". The system is not active yet, but a pilot project is expected to be up and running by the middle of 2008.

Server in the Sky is the most recent example of the increasingly-interconnected nature of contemporary policing, and from what little information is available, it appears that the project will streamline and expand upon already-existing data-sharing arrangements. Projects of this nature raise many important questions regarding privacy, the integrity of databases, and the ownership of personal data. Server in the Sky will act as a searchable international archive of biometric data. Times Online reports that the system will "establish three categories of suspects on the system: internationally recognised terrorists and felons; major felons and suspected terrorists; and those who are the subject of terrorist investigations or criminals with international links".

For it to be useful (and this is 'educated conjecture' on my part), it will have to be able interface with existing biometric databases, cross-checking data from crime scenes or police archives with other sources of biometric information in the hopes of finding a match. I suspect that a fully-operational Server in the Sky program would allow an FBI agent in New York to input a selection of fingerprints or DNA sample, and search for matches in a variety of foreign police databases - and probably immigration and refugee databases - and quite possibly medical databases. As more and more states move towards identity documentation systems that include biometric markers, and as more services require that users give up biometric data, the pool of possible suspects for programs like Server in the Sky increases. And we should be clear on this point - integrated surveillant assemblages that utilize biometric data-matching operate by treating all 'data doubles' (human traces translated into data - a term introduced by Haggerty and Ericson, 2000) as potentially suspicious. 

I will be following this program as it develops, and posting updates and commentary. For now, here are a few predictions. Once things have solidified, we'll see if I'm right.

Prediction 1: Regardless of who the lead agency on Server in the Sky turns out to be (and it looks to be the FBI at this point), the program itself will be developed by a private contractor. This will likely be Northrop Grumman, the company that built the UK IDENT1 database.

Prediction 2: The program will link policing databases with other sources of biometric data. If this is not a feature of the initial pilot project, it will be phased in over the next few years. Immigration and border services databases will likely be the first to link up. Britain is currently implementing a national identity card system (initially for foreign nationals, but expect it to be a population-wide requirement within the next few years), and I would be shocked if the Home Office didn't take steps to integrate this rich pool of data with the new Server in the Sky program.

Prediction 3: The program mandate will gradually creep, moving from the planned database covering the 'worst of the worst' to a general policing and security focus. This could happen through an expansion of Server in the Sky, but it is more likely that the success of this program will lead to the development of similar projects. Which will, of course, be integrated with the existing system.

All for now,

- Mike

Update (Jan 15): Today's Guardian Comment is Free section includes an article by Nick Clegg, the British Liberal Democrats' home affairs spokesman, entitled "Let's not spy for the FBI". Clegg raises concerns about the privacy implications of giant international biometric databases, and he briefly touches on the problems associated with the safeguarding of data. 

Update (Jan 19): A few additional articles on the Server in the Sky program.

• Today's Globe and Mail offers a Canadian perspective, including some comments from Privacy Commissioner Stoddart (who first learned about the program from a media report from London, presumably the Guardian article discussed above). Stoddart expresses concern about the haste with which biometric security projects are moving forward. Also included in the Globe article is a reference to a statement from the RCMP, confirming their involvement in talks with the FBI, but denying that commitments have already been made.
• The Jan 20 Sydney Morning Herald includes an article entitled 'Space race for world's most wanted', which covers the story from an Australian perspective. As with the Globe and Mail article, the Herald sought a comment from authorities, and received a confirmation of talks but a denial of firm commitment. The article also mentions that Australia is close to completing a national DNA database. 
• A January 19 Comment is Free article at The Guardian, by Simon Ings, is entitled 'The soul stealers: Our beautiful, unique irises are to be relegated to the dystopian realm of state security'. 
• The Guardian also published an excellent article by Cory Doctorow on Jan 15, entitled 'Personal data is as hot as nuclear waste'. The article uses the nuclear waste metaphor to highlight the potential harm associated with vast databases of personal information, as well as the comparable longevity of the data. I am particularly fond of this passage: "Every gram - sorry, byte - of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop's CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month's worth of travelcard data, there will be no containing it."
• The 'computing market intelligence' website Vunet.com published a brief synopsis article on Jan 15, largely based on the initial Guardian report. The Vunet.com article does make the important additional observation that the five countries involved in the International Information Consortium (and through it, Server in the Sky) - the UK, US, Canada, Australia, and New Zealand - are all involved in the Echelon global eavesdropping program.
• The British website The Register posted a detailed Jan 17 article entitled 'UK.gov says no plans for FBI DNA database hookup'. The Register contacted the National Policing Improvement Agency (NPIA) for comment on the Server in the Sky program, and was informed that there are currently no plans to integrate the existing databases into an international system. Currently. The article also includes this description of the Server in the Sky program: "The idea of "Server in the Sky" is that the traditional intelligence/security axis run by the Anglophone nations of the former British empire - the US, UK, Canada, Australia and New Zealand - would be extended into regular law enforcement. Most significantly perhaps, the cooperation might go as far as the interlinking of national biometrics databases. An FBI agent on a case might be able to check DNA from a crime scene and get a hit from the UK database, for instance. Or a British plod might likewise get one from the States, though America holds much less data." The Rgister article also gives a more specific account of the members of the International Information Consortium - rather than citing the nations involved, it lists the member agencies: FBI, RCMP, NPIA (UK), CRIMTRAC (Aus) and NZ Policing.