Sep 03

Privacy Concerns Surrounding Biometric Systems

Biometrics and privacy

Biometrics is a powerful technology and has immense potential to enhance the security and safety of citizens by protecting and maintaining their identity and privacy. Biometrics as a technology can impact peoples’ lives directly at the individual level and also from a larger social perspective. Hence it becomes quite imperative to understand the legal, ethical and social issues associated with biometric technologies and also the appropriate collection, use and storage of biometric information. There should be transparency, increased trust and honest engagement while dealing with the public in relation to biometric technologies and applications.

How important is privacy?

Individuals view privacy as a fundamental right and hence it is considered to be one of the most important human rights of the modern age. Cultures throughout the world recognise and respect privacy and protect it through a multitude of treaties and conventions. Privacy is so important to individuals because of its perceived value – the close connection between the individual’s ability to control who can access his information, and his ability to create and maintain social relationships with different people.

Biometrics and Privacy

Public concerns about using biometrics

The majority of concerns in regard to the development and implementation of biometric technologies relate to privacy. Peoples’ notion that biometrics will invade their privacy is in fact one of the greatest impediments to the wider acceptance of these technologies.

Individuals view the storing of data and records as an infringement of privacy and personal rights. Biometric factors which are unique to an individual could be used to covertly track or monitor the individual’s movements. People also fear that biometric data can be wrongly accessed and misused.

How to alleviate public concern about the use of biometrics?

These privacy concerns can be alleviated by implementing basic management measures which controls the access and use of a given biometric database where the biometric templates are stored.

Such management measures can involve establishing a hierarchical access to the database, whereby administrators can only access levels of biometric and personal information corresponding to their position and that is necessary to conduct their particular job. Additionally, employees using the database can be trained to appropriately use the information.

Moreover, limitations can also be placed on the downloading and copying of information from the database, unless absolutely necessary. This greatly reduces the risk of such information being shared inappropriately or being lost or stolen.

Protocols should be established when information has to be legitimately shared with third parties allowing them access only to the specific information that they require to complete their particular task.

How biometric technology eases privacy concerns and security issues?

Biometric authentication is based on something which is inherent to an individual and hence it is considered to be more secure than other authentication methods such as PIN or passwords and smart card technology which are used for physical or logical access control. Many a times, an uncovered password has led to a compromised system while the use of cards has led to information vulnerability when lost or stolen. In such a case, biometric technology will be preferred since biometric traits are unique and permanent and quite difficult to reproduce owing to the advances in technology, data communication security and biometric extraction devices.

Biometric systems also provide high levels of accuracy. According to biometrics.gov, which is the central repository of biometrics-related activities of the U.S federal government, “most biometric systems have a high accuracy (over 95 percent and many approach 100 percent) when matching biometrics against a large database of biometrics and when matching a biometric against the originally enrolled biometric.”

Biometric technology is easier to implement in authentication situations and also offers improved reliability and strengthened information delivery capabilities. Despite having many advantages, there is some scepticism that surrounds biometric technology and most of it is privacy-related. These privacy concerns are related to the storage, transmission and utilization of data that are treated as extremely personal. User privacy concerns mainly fall into two categories: personal privacy where the user fears about the safety of his unique biometric identifiers and informational privacy, where the user fears about the misuse of his biometric information and “function creep”. It means that the information collection for a particular purpose is subsequently used for something else.

People might also be apprehensive of using biometric technology as they might not be fully aware of how this technology works. They might be fearful that their personal information could be accessed and misused by unscrupulous third parties. For biometrics to be successful, the users will have to be sensitised and educated on how the biometric system works and the robust protection mechanisms that are in place to secure the captured biometric data. Organizations implementing and using biometric technology need to ensure that the users have adequate information on how biometrics data is captured, extracted, stored and used. Furthermore, those implementing it would need to have impeccable standards of ethics and transparency.

To minimize the ethical concerns raised by biometric technologies, organisations wanting to implement this identity management system will have to be transparent and conduct the operation and management of the biometric systems according to appropriate regulations and with respect for fundamental ethical principles and civil liberties.

Some key principles if followed when capturing and using user biometrics data will dispel any myths and concerns regarding the vulnerability of biometrics data. These principles regarding biometrics data collection and usage are listed below:

  • It should be collected fairly and lawfully
  • It should be used only for the purpose specified during collection
  • It should be accurate, up-to-date and stored securely
  • It should be accessible so that individuals can verify and correct their data
  • It should be disposed of once the specified purpose has been achieved

Conclusion

Undoubtedly, biometric technologies provide a highly accurate and rapid method of identification, thereby enhancing privacy and security. In this digital-driven era, more and more users will start relying on biometrics as the answer to problems concerning systems security and authentication. Biometrics is hard to forge or spoof, and are now more commonly used in business locations and work places as they seem sustainable in the long term for controlling access to high-security areas and also to prevent identity theft.

About The Author

Danny Thakkar is Senior Product Manager at Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.