The biometric CURP would include data such as name, photo, place and date of birth, signature and fingerprintsand would be renewed every 15 years, however, the implementation of this document would open the exclusion of the population to social programs, in addition to representing a greater cybersecurity risk, according to experts.
The R3D in defense of digital rights points out that there is ambiguity in the collection of this data, which would put the most vulnerable people at risk and would open an exclusion gap for those who do not wish to use this resource, since it would leave them outside of social programs.
Furthermore, one of the biggest risks seen is that such a large biometric database can be a target for cyberattacks, which creates a major problem because unlike an access code, a biometric cannot be changed.
“75% of users in Latin America consider biometric tools to be secure, trusting them as the only tool necessary to authenticate, which shows a high acceptance of this technology in the region. However, it is noted that scams and breaches through deepfakes and techniques such as “false face” are on the rise, with significant losses for financial institutions,” said Isabel Manjarrez, security researcher at Kaspersky.
While biometrics are widely adopted and recognized as an effective solution for authentication, there is no 100% guarantee that it will completely eliminate cases of fraud. For this reason, Májarrez urges organizations not to rely on a single type of filter or verification and to add some other methods.
What risks does CURP Biometrics have?
In addition to the exclusion and attraction of cybercriminals that it entails, this regulation could generate other risk situations for citizens.
Data vulnerability: By centralizing all biometric information under the Ministry of the Interior, a single point of attack is created that could be compromised by cybercriminals, with serious consequences given that biometric data cannot be modified or replaced once exposed.
Risk of social exclusion: Mandatory registration implies the delivery of data without consent, and can lead to the exclusion of public services for those who do not obtain the CURP with a photo, especially affecting vulnerable sectors.
Mass Biometric Surveillance: The centralization of data and the possibility of sharing it without adequate controls increases state surveillance capabilities, potentially allowing the monitoring of personal activities and restrictions on freedoms of movement and association.
Expansion of government surveillance: The creation of the CURP with photo is part of a larger effort, linked to the National Registration and Identity System, approved in 2023, which allows the transfer of data to any public, private or financial entity without supervision.
Impact on minors: Although registration is mandatory only for adults, the law allows the Ministry of the Interior to register biometrics of minors without clear safeguards, exposing them to privacy risks.
This proposal presents similarities with biometric identification systems in other countries, such as the case of Aadhaar in India, which has shown the possible negative consequences for people in vulnerable situations.
The Supreme Court of Mexico has also warned about the risk of massive collection of biometric data, considering it a serious intrusion into privacy. In a context of risk of abuse by state and criminal actors, it is considered that the project should be reevaluated to protect the security and human rights of the Mexican population.
Add Comment