Who Are You?

Posted 2026-05-19

In 1879, a young police clerk in Paris named Alphonse Bertillon proposed a solution to a problem that had plagued law enforcement for decades: how do you know if the person in front of you is who they say they are? Before photographs were cheap to reproduce and before fingerprint databases existed, professional criminals could simply give a false name and walk free. Bertillon’s answer was anthropometry: measure the skull, the length of the forearm, and other bodily dimensions that, taken together, were statistically unlikely to be identical in any two people. The system spread across Europe, the United States, and colonies in Asia and Africa, and was the first large-scale attempt to use the body as a database.

Anthropometry had a fundamental weakness: measurements had to be taken correctly by trained operators. By 1900 fingerprinting was replacing it almost everywhere because fingerprints were more reliable and required less skill to record. But the desire of states and institutions to pin individuals permanently to a record did not die with the calipers.

The history of identity management is partly the history of states trying to solve what the political scientist James C. Scott calls the legibility problem. A state cannot tax, draft, or police people it cannot identify. Medieval English peasants might know themselves as “John the Miller’s son from the village by the ford”, but that description doesn’t survive a move to a city or a change of occupation. Surnames became standardized in Europe partly because governments needed them. The same logic produced house numbers in Paris and Vienna, censuses across the colonial world, and passports that began as occasional travel documents issued by monarchs and became, by the twentieth century, a requirement for crossing most international borders.

The problem is that the state’s desire for legibility doesn’t have a built-in limit. The state that registers births so it can provide schooling can use that register to conscript soldiers. The government that issues identity documents to allow people to vote can use those documents to deport people. Once a population register exists, every subsequent administration can use it for whatever purpose it finds useful.

Colonial governments exploited it systematically. The British introduced population registers, caste certificates, and tribal designations across India, Africa, and Southeast Asia that served double purposes: administration, taxation, and census on one hand, and on identifying potential troublemakers and restricting movement on the other. South Africa’s pass laws, introduced gradually from the eighteenth century and formalized under apartheid after 1948, required Black South Africans to carry a reference book at all times. The book recorded their employer, their designated “homeland,” and their permission to be in urban areas. Police could stop anyone and demand the book; failure to produce it meant arrest. The pass system was one of the most sophisticated identity management infrastructure projects in history, and it was designed entirely to restrict freedom of movement and force labor into mines and factories at wages set by the government.

Keith Breckenridge’s history of South African biometrics traces a direct line from the pass system to the world’s first large-scale biometric population register, introduced in South Africa in 1986. Fingerprints were added to the passbook because fingerprints are harder to falsify than signatures and do not require literacy. A system designed to prevent forgery of internal passports became, almost automatically, one of the most comprehensive biometric databases in the world at the time.

Simone Browne’s analysis of the surveillance of Black people in the United States and elsewhere argues that modern surveillance practices such as facial recognition predictive policing, and airport pat-downs are not new inventions applied to race as an afterthought. They grew directly out of earlier practices designed to control enslaved and colonized people. The identification and tracking of freed people after the Civil War and the systematic photography of colonized people both influenced later uses of photography in criminology. The tools of identity management and the tools of racial control were never separate projects.

This creates a dilemma that does not have a clean solution. Democratic participation depends on being able to identify voters. Electoral systems need to verify that voters are eligible residents and prevent people from voting twice. This requires some form of voter registration, and voter registration requires identity documentation. In the United States, the history of voter registration is entangled with the history of voter suppression: poll taxes, literacy tests, grandfather clauses, and, since the 1990s, photo ID requirements that are nominally neutral but fall disproportionately on communities less likely to hold a driver’s license: the poor, the elderly, and people of color. The registration systems needed to enable political participation have been weaponized to prevent it.

But the dilemma goes deeper than that. Communities that have historically been targeted by state identity systems have rational reasons to distrust those systems. If the government has used population registers to intern Japanese-Americans to deport undocumented immigrants in mass raids, people are right to be suspicious of any new identity system. Even if today’s government only intends to use it for good, it cannot constrain promise the behavior of future governments.

This dilemma is now one of the biggest challenges facing democracy. The communities most harmed by identity management in the past have the best reasons to distrust registration systems, but that distrust keeps them from participating in the political processes that would let them constrain those systems. Fear of being rounded up is itself a tool of disenfranchisement.

India’s Aadhaar system, launched in 2009, has enrolled over 1.3 billion people in a biometric identity database based on fingerprints and iris scans linked to a twelve-digit number. Its designers argued that a universal, biometric identifier would eliminate fraud and exclusion in government benefit programs by making identity verification objective. The argument was partly correct: Aadhaar has reduced certain kinds of fraud and brought some previously excluded people into the formal economy. It has also created new forms of exclusion. People who cannot authenticate are cut off from food rations and pension payments, and the database itself represents a concentration of sensitive biometric information that, if breached, cannot be reset: you can change your password, but you cannot get new fingerprints.

The European Union’s General Data Protection Regulation (GDPR), which came into force in 2018, treats biometric data as a special category requiring explicit consent and restricts its collection and processing. The regulation is imperfect and inconsistently enforced, but it exists because privacy advocates organized across member states over roughly two decades to demand it. It is the most significant constraint on commercial biometric data collection in the world. The tech industry’s response has been intrusive pop-ups designed to make users blame governments for safeguarding their privacy rater than companies for trying to collect information for resale.

What abusive identity management has been constrained, those constraints have been the result of organized political activity. South Africa’s pass system was not abolished because its administrators became enlightened; it was abolished because the resistance movement grew strong enough to make it unsustainable. The constraints on Aadhaar came from litigants and activists who brought cases, and the Voting Rights Act of 1965 in the United States came from marchers, organizers, and a political coalition that made the status quo more costly than change. The center always wants more information. The question is always whether the people most likely to be harmed by that information have enough power to say no.

see the whole series · email me

Breckenridge2016: Keith Breckenridge: Biometric State: The Global Politics of Identification and Surveillance in South Africa, 1850 to the Present. Cambridge University Press, 2016, 9781107434899.
Browne2015: Simone Browne: Dark Matters: On the Surveillance of Blackness. Duke University Press, 2015, 9780822359388.
Cole2002: Simon A. Cole: Suspect Identities: A History of Fingerprinting and Criminal Identification. Harvard University Press, 2002, 9780674010024.
Scott1998: James C. Scott: Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed. Yale University Press, 1998, 9780300078152.
Torpey2000: John Torpey: The Invention of the Passport: Surveillance, Citizenship and the State. Cambridge University Press, 2000, 9780521634939.