This article is devoted to the issues and problems of legal regulation and practical functioning of the Unified Biometric System of Russia in the context of comparison with similar systems existing in other countries of the world. The authors consider the purposes of using the biometric system, analyze its functioning for compliance with the legislation of the Russian Federation, address the issue of the relationship between the Unified Biometric System and the Unified Identification and Authentication System, and also compare the domestic experience of using the system with the experience of using the system in foreign countries. At the same time, the article highlights some controversial aspects of implementing these systems, such as the relationship with the unified identification and authentication systems and compliance with the current legislation on personal data. In conclusion, the authors state that the Unified information register about Russia's population and other digital innovations proposed by the state are met by the citizens with a substantial degree of skepticism, complicating the legal regulation and implementation of these systems. A well-thought-out and balanced legal policy can overcome distrust on the part of citizens, showing the transparency of the authorities' intentions and revealing the positive aspects of the biometric system.
We can understand the concept of biometrics in a broad and narrow sense. So, in a general sense, biometrics is understood as the measurement and collection of unique physical data of a person (application of biological data statistical analysis) (Belova & Ryskina, 2020). When using this approach, the problem field of the study may not include the question of determining personality by physical data.
Along with the broad meaning of the concept, scholars use its narrow interpretation as a technology and system for automatic identification of a person and (or) confirmation of his identity, based on the analysis of biometric parameters, is also widespread (Lukashov, 2009). A specific interpretation of the concept is necessarily associated with the owner's identification of personal data. It is a practical application of statistical data analysis on the individual's physiological or anatomical features. In this sense, scientific and technical progress is developing at a very high pace.
Criminology was the first area to implement the biometric identification system. The French lawyer and criminologist Alphonse Bertillon was the ancestor of science. He created an anthropometric database to determine criminals. Such data included height, length, and volume of the head, length of fingers, and feet (Nabiev & Goryaev, 2019), but was not limited to them (Bera et al., 2014).
In the modern world, biometric identity recognition is actively used not only by criminologists. A significant impetus that marked the beginning of the intensive development period of biometric technologies was September 11, 2001, events in the United States. Over the past decades, the scope of application of biometric systems has increased; the most common areas are mobile communications, passport systems, credit cards, and the banking sector (Oleinik et al., 2005).
Biometric identification of Russia's citizens has become one of the most discussed topics either among scientists or in wide circles of society. The main reason for the issue to be relevant is the understanding of the formation and use of a Unified biometric system on the territory of the Russian Federation.
The beginning of the formation of a unified biometric system was laid down by Federal Law No. 482-FZ of December 31, 2017, "On Amendments to Certain Legislative Acts of the Russian Federation" (Federalnyj zakon, 2017). In particular, this law introduces an addition to Federal Law No. 149-FZ of July 27, 2006, "Information, Information Technologies, and Information Protection" - Article 14.1 "Application of information technologies for identification of citizens of the Russian Federation" (Federalnyj zakon, 2021) which introduces regulations on the unified biometric system.
The Unified Biometric System is a digital platform that allows a citizen to undergo a remote identification using biometric samples to obtain, first of all, financial services (Unified biometric system, 2021). Federal Law No. 479-FZ of December 29, 2020, by January 1, 2022 (Federalnyj zakon.., 2020b) specifies this thesis and obliges all banks with a universal license to implement the possibility of providing services to new customers remotely (including opening accounts, deposits or obtaining a loan), using the Unified identification and authentication system and the Unified Biometric System.
The usage of the unified biometric system is not limited to the financial sector. Thus, the Unified biometric system is actively implemented for the passage and admission to premises (with the operator's submission; the system has been used since 2020 to enter the building of the Moscow government complex according to the "face" parameter (V moskovskom metro.., 2021), holding remote examinations at universities (Postanovlenie.., 2021), and at the Multifunctional center for public services provision (Zakon razreshil..., 2021). This list is not complete and is constantly updated.
The Order of the Ministry of Communications of the Russian Federation "On approval of the procedure for processing parameters of personal biometric data" (Prikaz.., 2019) defines the processing of only two possible types of personal biometric data of a citizen of the Russian Federation. These are facial image and voice data. The totality of these data forms a biometric control template stored in a unified personal data information system. These templates are used later in the process of identifying a citizen.
The data is stored in the form of a template for no more than 50 years from the moment they are placed in the system, but you can use the data for identification purposes for no more than three years from the moment. This condition is most likely caused by the technical complexity to collect, process, and store personal biometric data, together with such objective circumstances as appearance variability and health status.
This article focuses on the study of the following issues of the Unified biometric system functioning:
1. The purpose of using the biometric system;
2. The compliance with Russian legislation, in particular, the Law on Personal Data;
2. The ratio of the use of the Unified biometric system and the Unified identification and authentication system;
3. The comparison of the experiences of its use in Russia and the countries of the world.
Purpose of the Studу
The purpose of the research is to study the experience of the Unified Biometric system as compared to the experience of other countries of the world.
The authors used a complex of methods and techniques of information processing. The main research methods are formal legal analysis, forecasting, modeling, and expert evaluation. In addition, the authors used such techniques as analysis, synthesis, induction, and comparative legal analysis.
Following the requirements of the Federal Law "On Personal Data" (Federalnyj zakon.., 2020a), the client personally visits the credit institution and signs consent to the processing of personal biometric data and transmits it to an authorized employee. Next, the bank employee links the received sample with a previously created customer account in the Unified identification and authentication system (UIAS) and sends the information to the Unified biometric system. Now the bank's client gets the opportunity to be identified remotely. Personality identification consists of several stages: entering the UIAS and passing through biometric identification. Biometric identification includes face identification using a camera and voice identification using a microphone.
The introduction of a single biometric database is associated with several controversial issues, provoking disputes between supporters and opponents of the biometric system.
Firstly, there is a controversial point of legal nature.
Thus, paragraph 6 of Article 8 of the provision of Federal Law No. 482 (Federalnyj zakon, 2017) grants the Central Bank the right to receive information from the Ministry of Internal Affairs, the Pension Fund, and the Compulsory Health Insurance Fund to create an interdepartmental database that will contain biometric data of all citizens.
This norm contradicts the principle enshrined in clause 3 of Article 5 of the Federal Law on Personal Data. Thus, the rule prohibits the association of databases containing personal data, the processing of which is carried out for purposes incompatible with each other. The aims of processing personal data in the Ministry of Internal Affairs, the Pension Fund, and the Compulsory Health Insurance Fund are different. As Savelyev (2015) rightly notes, this rule is an obstacle to the interdepartmental federal databases creation.
Secondly, there are firm fears in society that the state, in the presence of a convenient and accurate system of citizens' identification, will abuse control and supervisory functions, nullifying anonymity and privacy.
At the moment, the Ministry of Internal Affairs of the Russian Federation and the Federal Security Service of the Russian Federation may request information contained in the Unified biometric system exercising their powers to ensure the country's defense, state security, law enforcement, and counter-terrorism (Postanovlenie..., 2018).
The specified norm does not carry anything dangerous for a good citizen since it aims at protecting public order. However, the legal policy regarding what an illegal act means causes fears.
Subparagraph 4 of paragraph 16 of Article 14.1 of Federal Law No. 149 gives the right to executive authorities authorized in the field of security, state protection, state security, foreign intelligence to send a request to the operator of the unified biometric system to depersonalize, block, delete, and destroy personal biometric data of individuals (Federalnyj zakon, 2021). This paragraph serves as the basis for imposing sanctions in the form of a ban or suspension of the use of services available through biometric identification. Since the norm is in the form of a blank, its application may not be limited to restricting only the blocking of people's data suspected of financing terrorism. If desired, this norm can be seen as a future element of the control system when a person is prohibited from using financial, educational, medical services, and the like, depending on the state's policy regarding public order.
Thirdly, the excessive creation of various universal systems for recording citizens' data does not add faith in the Russian government. In addition to the unified biometric system, Russia has created:
•Individual (personalized) accounting on the territory of the Russian Federation - assigns an individual personal account with a permanent insurance number (PIN);
•Federal Register of Population Data of the Russian Federation - contains basic information about Russians.
Individual (personalized) accounting on the territory of the Russian Federation can be called the basic accounting system for citizens.
Thus, the PIN assigned by the system (the number of an individual personal account) is used to work in the net and serves as an identifier and authenticator of information about an individual when providing state and municipal services and performing state and municipal functions. Without the PIN provision, a citizen will not access state portals fully.
The PIN must also be provided when applying to state bodies for getting benefits, facilities, payments, official employment, study, state, and municipal services. It is considered a refusal basis of the requested service if a person fails to provide the PIN.
The Federal Register of Population Information is an innovation in electronic accounting. Following Federal Law No. 168-FZ of June 8, 2020 (Federalnyj zakon.., 2020c), the federal register of information is an information collection about the population of the Russian Federation created on information about citizens of the Russian Federation. Information about foreign citizens and stateless persons is also included in the register. The Law will fully come into force gradually during January 1, 2022, and until 2026.
The mentioned databases contain all the essential information about a person, including biometric data, marital status, and information about a person's relatives, education, and occupation. Only personal preferences remain invisible to the system, for example, religion, political views, and the like. However, the list of information contained in databases (in particular, in the federal register of population information) can be expanded by bodies authorized to solve tasks in the field of ensuring the security of the Russian Federation within the framework of their powers. Thus, we can say that the list of information contained in these databases is not exhaustive.
Of course, the existence of unified federal databases of information about the population has evident benefits for the state since it simplifies the administration process; increases the efficiency of control-supervisory and law enforcement activities. But simplification of administration is not always compatible with the citizens' interests since there is a high risk of power abuse. However, instead of reducing the social tension associated with the citizens' fears, the legislature purposefully does not provide for the refusal to include personal data in federal databases. This thesis will only aggravate distrust of the state activity.
Fourth, technologies for identifying a person using biometric data, being not perfect, face the risk of data leakage.
The flagship of the unified biometric system use, the Central Bank of the Russian Federation has developed "Methodological recommendations for the neutralization security threats by banks relevant to the processing, collecting, and storing personal biometric data" (Metodicheskie rekomendacii.., 2019). Methodological recommendations highlighted specific recommendations on the credit institutions information security, for example, preventing the data storage on automated desktops designed for their collection and processing, or the mandatory presence of a person authorized to register, collect, and process data with an enhanced qualified electronic signature capable of identifying him in case of violations and vulnerabilities.
Thus, banks were obliged to monitor the security of their applications (mainly for mobile devices) for vulnerabilities in the field of "undeclared opportunities for unauthorized access using personal biometric data." The Central Bank of the Russian Federation itself has developed memos for users describing the features of the biometric identification software and described possible actions of the client in case of compromise of this data.
Chapter 4 of the same document implies a recommendation to register and send information about violations of the requirements for ensuring information protection during processing in the Central Bank of the Russian Federation. The purposes of this collection are not specified, but we can assume that the information is collected to improve the security system.
It is common knowledge that Russia is a country of contrasts: in some regions, they test self-driving cars on the roads, and in other parts, students have to climb a tree to catch a signal and join a remote lesson.
Digitalization in Russia is implemented actively from the top; the authorities do not take any care of the fears and needs of citizens.
Unlike conventionally advanced countries, Russian society is unprepared for such large-scale transformations. Domestic problems include poor infrastructure development,
uneven access distribution to technical devices and an enormous difference in the transformational processes financing between Moscow and the regions. And aggressive digitalization only increases distrust of authorities' actions (Gaivoronskaya et al., 2020).
However, a reserved attitude to digital innovations is not observed only in Russia. Governments of many foreign countries are forced to respond to citizens' protests against digital innovations because society is concerned about privacy. At the same time, personal privacy is understood as various manifestations of a person's life (Woodward, 1997). The principal citizens' concern is that the state, using the transparency of human data, will exceed its powers and create significant threats to the democratic foundations of the state and society, as well as form an unconstitutional regime for the use of the individual's data. And what measures the state is taking to reduce the citizens' fears says a lot about the political order.
Thus, countries with developed democratic traditions (Lyubashits et al., 2019) do not seek to categorically impose digital analogs of identification documents and envisage a return to the traditional system if the digital-analog is not convenient for the user.
In the UK, under the influence of the public, on January 21, 2011, the Law on Identity Documents of 2010 was adopted. Section 1 of the new Law required the destruction of all data in the National Identity Register that included biometric data (Identity Documents Act, 2010).
The difference in the introduction of digital innovations in authoritarian political regimes is palpable since such countries are heading for forced digitalization and do not allow people to reject it. Such countries include Malaysia and, unfortunately, Russia (Liubashits et al., 2019).
The Unified biometric data system, together with the unified register of information about the population of Russia and other digital innovations of the Government, are met with distrust. A well-thought-out and balanced legal policy can overcome skepticism on the part of citizens, showing the transparency of the authorities' intentions and revealing the positive sides of the system. Otherwise, as studies show (Dalberto & Banégas, 2021), the imposition of digital technologies will cause social tension in society.
This work was financed by the Grant of the President of the Russian Federation No. NSh-2668-2020.6 "National-cultural and digital trends in the socio-economic and political-legal development of the Russian Federation in the XXI century.
Belova, M. A., & Ryskina, V. I. (2020). Biometricheskaya kreditnaya karta [Biometric credit card]. Police Bulletin, 7(1), 3-9.
Bera, A., Bhattacharjee, D., N., & Nasipuri, M. (2014). Computational intelligence in digital forensics: forensic investigation and applications (2014). Studies in Computational Intelligence, 555, 145-163. https://doi.org.
Dalberto, S. A., & Banégas, R. B. (2021). Identification and Citizenship in Africa: Biometrics, the Documentary State and Bureaucratic Writings of the Self. Routledge. https://doi.org.
Federalnyj zakon ot 08.06.2020 № 168-FZ “O yedinom federal'nom informatsionnom registre, soderzhashchem svedeniya o naselenii Rossiyskoy Federatsii” [Federal Law of June 8, 2020 No. 168-FZ “On the unified federal information register containing information about the population of the Russian Federation”] (2020c). https://www.garant.ru/products/ipo/prime/doc/74132857/
Federalnyj zakon ot 27.07.2006 N 149-FZ (red. ot 09.03.2021) "Ob informacii, informacionnyh tekhnologiyah i o zashchite informacii" (s izm. i dop., vstup. v silu s 20.03.2021) [Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection"]. (2021). http://www.consultant.ru/document/cons_doc_LAW_61798/
Federalnyj zakon ot 27.07.2006 N 152-FZ (red. ot 30.12.2020) "O personal'nyh dannyh" [Federal Law from 27.07.2006 N 152-FZ "On Personal Data]. (2020a). http://www.consultant.ru/document/Cons_doc_LAW_61801/
Federalnyj zakon ot 29.12.2020 N 479-FZ "O vnesenii izmenenij v otdel'nye zakonodatel'nye akty Rossijskoj Federacii [Federal Law from 29.12.2020 N 479-FZ "On Amendments to certain legislative acts of the Russian Federation]. (2020b). http://www.consultant.ru/document/cons_doc_LAW_372645/
Federalnyj zakon ot 31.12.2017 N 482-FZ "O vnesenii izmenenij v otdel'nye zakonodatel'nye akty Rossijskoj Federacii" [Federal law from 31.12.2017 N 482-FZ “On Amendments to certain legislative acts of the Russian Federation]. (2017). http://www.consultant.ru/document/cons_doc_LAW_286744/
Gaivoronskaya, Y, Mamychev, A., Petrova, D., & Rusanova, I. (2020). Typology of risks and threats caused by digitalization. Turismo-estudos e praticas, 5. https://www.webofscience.com/wos/woscc/full-record/WOS:000593128600030
Identity Documents Act. (2010). The official home of UK legislation. https://www.legislation.gov.uk/ukpga/2010/40/contents/enacted
Liubashits, V., Razuvaev, N., Mamychev, A., Kuzina, S., & Novozhilov, V. (2019). Political power and socio-cultural organization of society: problems of theory and history. Dilemas contemporaneos-educacion politica y valores. https://www.webofscience.com/wos/woscc/full-record/WOS:000484516400029
Lukashov, I. V. (2009). Sostoyanie i perspektivy biometrii [State and prospects of biometrics]. The world of dimensions, (3), 27-32.
Lyubashits, V., Mamychev, A., Shestopal, S, Perevalova, L., & Slinko, T. (2019). The State and State Power: Theoretical and Methodological Dimensions of Conceptual Evolution. Journal of politics and law, 5, 103-110. https://doi.org.
Metodicheskie rekomendacii po nejtralizacii bankami ugroz bezopasnosti, aktual'nyh pri obrabotke, vklyuchaya sbor i hranenie, biometricheskih personal'nyh dannyh, ih proverke i peredache informacii o stepeni ih sootvetstviya predostavlennym biometricheskim personal'nym dannym grazhdanina Rossijskoj Federacii" [Methodological recommendations on the neutralization by banks of security threats relevant to the processing, including collection and storage, of biometric personal data, their verification and transmission of information on the degree of their compliance with the provided biometric personal data of a citizen of the Russian Federation" (approved by the Bank of Russia on 14.02.2019 N 4-MR)]. (2019). https://www.garant.ru/products/ipo/prime/doc/72075160/
Nabiev, R. F., & Goryaev, E. E. (2019). Bertil'onazh: slavnoe proshloe i vozmozhnye perspektivy [Bertillonage: the glorious past and possible prospects]. Scientific notes of the Kazan Law Institute of the Ministry of Internal Affairs of Russia, 4(2(8)), 77-82.
Oleinik, Yu. I., Malygina, E. A., & Malygin, A. Yu. (2005). Biometriya: problemy testirovaniya [Biometrics: testing problems]. Proceedings of the International symposium “Reliability and quality”, 1, 493-497.
Postanovlenie Pravitel'stva RF ot 28.12.2018 N 1703 "Ob utverzhdenii Pravil predostavleniya operatorom edinoj informacionnoj sistemy personal'nyh dannyh, obespechivayushchej obrabotku, vklyuchaya sbor i hranenie biometricheskih personal'nyh dannyh, ih proverku i peredachu informacii o stepeni ih sootvetstviya predostavlennym biometricheskim personal'nym dannym grazhdanina Rossijskoj Federacii, v Ministerstvo vnutrennih del Rossijskoj Federacii i Federal'nuyu sluzhbu bezopasnosti Rossijskoj Federacii svedenij, soderzhashchihsya v ukazannoj sisteme [Resolution of the Government of the Russian Federation of 28.12.2018 N 1703 "On approval of the Rules for the provision by the operator of the unified information system of personal data that ensures the processing, including the collection and storage of biometric personal data, their verification and transmission of information on the degree of their compliance with the provided biometric personal data of a citizen of the Russian Federation, to the Ministry of Internal Affairs of the Russian Federation and the Federal Security Service of the Russian Federation of information contained in the specified system]. (2018). https://www.garant.ru/products/ipo/prime/doc/72041570/
Postanovlenie Pravitel'stva Rossijskoj Federacii ot 02.03.2021 № 301 "Ob utverzhdenii Polozheniya ob osobennostyah provedeniya promezhutochnoj attestacii v 2021/2022 uchebnom godu po obrazovatel'nym programmam vysshego obrazovaniya - programmam bakalavriata, programmam specialiteta, programmam magistratury, predusmatrivayushchih ispol'zovanie distancionnyh obrazovatel'nyh tekhnologij, obespechivayushchih identifikaciyu lichnosti posredstvom edinoj informacionnoj sistemy personal'nyh dannyh, obespechivayushchej obrabotku, vklyuchaya sbor i hranenie biometricheskih personal'nyh dannyh, ih proverku i peredachu informacii o stepeni ih sootvetstviya predostavlennym biometricheskim personal'nym dannym fizicheskogo lica" [Resolution of the Government of the Russian Federation of 02.03.2021 No. 301 " On Approval of the Regulations on the Specifics of Conducting Intermediate Certification in the 2021/2022 Academic Year for Educational Programs of Higher Education - bachelor's degree programs, specialty programs, master's programs, providing for the use of distance educational technologies that provide personal identification through a unified information system of personal data that provides for the processing, including the collection and storage of biometric personal data, their verification and transmission of information about the degree of their compliance with the provided biometric personal data of an individual"]. (2021). Official Internet portal of legal information. http://publication.pravo.gov.ru/Document/View/0001202103090006?index=2&rangeSize=1
Prikaz Minkomsvyazi Rossii ot 25.06.2018 N 321 (red. ot 04.07.2019) "Ob utverzhdenii poryadka obrabotki, vklyuchaya sbor i hranenie, parametrov biometricheskih personal'nyh dannyh v celyah identifikacii, poryadka razmeshcheniya i obnovleniya biometricheskih personal'nyh dannyh v edinoj biometricheskoj sisteme, a takzhe trebovanij k informacionnym tekhnologiyam i tekhnicheskim sredstvam, prednaznachennym dlya obrabotki biometricheskih personal'nyh dannyh v celyah provedeniya identifikacii" (Zaregistrirovano v Minyuste Rossii 04.07.2018 N 51532 [Order of the Ministry of Communications of the Russian Federation of 25.06.2018 N 321 "On approval of the procedure for processing, including collection and storage, parameters of biometric personal data for identification purposes, the procedure for placing and updating biometric personal data in the unified biometric system, as well as requirements for information technologies and technical means intended for processing biometric personal data for identification purposes]. (2019). Retrieved from https://base.garant.ru/71985302/
Savelyev, A. I. (2015). Nauchno-prakticheskij postatejnyj kommentarij k Federal'nomu zakonu «O personal'nyh dannyh» [Scientific and practical article-by-article commentary to the Federal Law "On Personal Data]. (2021). https://vk.com/doc2978621_461130375?hash=622d08647e26e37cc8&dl=2a34b7d30205831a5b
Unified biometric system. (2021). Official website of the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation. https://digital.gov.ru/ru/activity/directions/802
V moskovskom metro testiruetsya oplata «po licu» [In the Moscow metro, payment is tested on the face] (2021). Online edition D-russia.ru. https://d-russia.ru/v-moskovskom-metro-testiruetsja-oplata-po-licu.html
Woodward, J. D. (1997). Biometric scanning, law & policy: Identifying the concerns - Drafting the biometric blueprint University of Pittsburgh law review, 59, 97-155. https://doi.org.
Zakon razreshil bankam ispol'zovat' biometriyu dlya udalyonnoj identifikacii klientov, a MFC – dlya okazaniya gosuslug [The law allowed banks to use biometrics for remote identification of customers, and MFC-for the provision of public services]. (2021). Online edition D-russia.ru. Retrieved from https://d-russia.ru/zakon-razreshil-bankam-ispolzovat-biometriju-dlja-udaljonnoj-identifikacii-klientov-a-mfc-dlja-okazanija-gosuslug.html
About this article
03 June 2022
Print ISBN (optional)
Cite this article as:
Petrova, D. A., & Yurtaev, V. A. (2022). Unified Biometric System: Legal Regulation And Functions Problems. In & N. G. Bogachenko (Ed.), AmurCon 2021: International Scientific Conference, vol 126. European Proceedings of Social and Behavioural Sciences (pp. 762-770). European Publisher. https://doi.org/10.15405/epsbs.2022.06.84