A STUDY OF THE USE OF BIOMETRICS AS IT RELATES TO PERSONAL PRIVACY CONCERNSUniversity of Maryland - European DivisionbyGina M. Oliver
Bowie State University
Graduate Program in Management Information Systems
INSS 690 - Term V
Submitted: July 31, 1999
Biometric devices are being implemented in many areas of U.S. society
despite concerns over how data collected with these devices will
be used. Proponents say these technological tools increase security,
increase the integrity of social programs such as Welfare, and ease the
burden on individuals who carry multiple forms of identification.
Opponents of biometrics cite concerns of violations of the Fourth Amendment,
unreasonable search and seizure, the "Big Brother is Watching" fear,
as well as worries their personal data will be used for something other
than its advertised purpose. Despite the formation of a few advocacy
groups, mainly sponsored by biometric device manufacturers, there is still
no enforceable guidance concerning the use of biometric devices and data.
Introduction
Purpose
The purpose of this study is to investigate the use of biometrics to see if the benefits associated with their use outweigh concerns individuals have over personal privacy issues. Biometric devices are being implemented in many areas of U.S. society despite concerns over how data collected with these devices will be used. Proponents say these technological tools increase security, increase the integrity of social programs such as Welfare, and ease the burden on individuals who carry multiple forms of identification. Opponents of biometrics cite concerns of violations against the Fourth Amendment, unreasonable search and seizure, the "Big Brother is Watching" fear, as well as worries their personal data will be used for something other than its advertised purpose.
Research Questions
This study will look at such questions as what is biometrics? How do the devices work? What types of biometric devices are currently being used in U.S. society? Where/how are they being utilized? What are the advantages to implementing biometric devices? This study will also target questions concerning the privacy aspect of biometrics; How is the data stored? Who has access to the data? What, if any, forms of data protection are available? Are there any rules governing biometric data use? Are there any measures in place to guard against misuse? What, if any, organizations are advocating for privacy concerns?
Preliminary Hypothesis
The benefits of biometric use for society as a whole do not outweigh personal privacy issues.
Boundaries of the Research
The boundaries of the research will be limited to issues from a United States perspective. It will not look at the international scope of biometrics and privacy. It will focus on aspects of recognition and authentication and how the information that is collected interfaces with concerns of individual privacy. The primary biometric devices will be briefly introduced and described. The research will not include cost-benefit analysis of current implementations.
Background
Where do the bounds of individual privacy end and the technological benefits to society as a whole begin, and are the two compatible? Many feel privacy is a personal right. Most individuals desire the ability to maintain some control over their own personal space and be free of interference from other individuals and organizations. An individual's personal space comes in many forms, including the physical body, personal behavior traits, communication patterns, and personal information. In today's information age, it is not difficult to collect data about an individual and use that information to exercise control over the individual. Individuals generally do not want others to have personal information about them unless they decide to reveal it, and individuals are even more leery of third parties who may acquire information without consent of the rightful owner.
Privacy must be balanced with many competing interests, including other individuals and society as a whole. With the rapid development of technology, it is more and more difficult to maintain the levels of privacy citizens knew in the past. Everywhere we turn, data is being collected, and with advances in databases, datamining, and telecommunications, it is almost effortless to circulate personal information to any interested party (Clarke, 1999).
The recent expanded use of biometrics brings this issue to light like never before. Biometrics is the automated capture of a person's unique biological data that distinguishes him or her from another individual. Biometrics can be measured in many forms, including fingerprints, voice patterns, iris patterns, hand geometry and facial features. The main reason biometrics work for identification is that an individual can not control these unique aspects of their biology; for example, a person can not change their fingerprint or the identifying features of their iris.
In the past, biometrics were used primarily in conjunction with crime
issues, with the most familiar being the fingerprint. Most citizens
did not feel their privacy was violated because fingerprints were only
required of criminals. In addition, there was never a need to reveal
personal biological information to obtain an advantage in convenience
of service or access to social programs such as obtaining a drivers license
or enrolling in welfare programs. With rapid advances in technology,
that paradigm is quickly changing. While the concept is not currently
near full implementation, biometric data collection and use is growing
rapidly and eventually all citizens may be required to reveal biological
identifiers to conduct daily business such as producing identification
cards and carrying out financial transactions.
Advocates of widespread biometric implementation believe biometrics will increase security and reduce privacy issues by decreasing the ability to duplicate an individual's identity. They also feel it will decrease the need to maintain multiple forms of identification, credit cards, and passwords, and increase the integrity of social programs by significantly reducing fraud.
Those opposed to widespread biometric implementation are concerned with the virtual elimination of personal privacy. They foresee violations of the Fourth Amendment concerning personal search and seizure, and the Fifth Amendment, regarding individuals being witnesses against themselves in potentially criminal situations (Nuger, date unknown), as well as the security of the data, who has access to it, and whether or not it will be used only for its intended or advertised purpose. They do not feel confident in the security of personal identity cited by proponents and feel strongly about the lack of a regulatory framework to govern the use of biometric data.
This paper briefly presents how biometric devices work, the biometric devices available today, and how they are being implemented in the United States, as well as addresses biometric data regulatory issues. It then focuses primarily on the advantages to biometric implementation versus citizens' privacy concerns with biometrics, looks at governing bodies/organizations, and concludes with a discussion of the direction we, as a society, should go in an attempt to balance widespread biometric implementation and privacy concerns.
Basic Concept of How Biometric Devices Work
In a basic sense, there are two phases involved in implementing biometrics. The first phase involves having an individual's physiological characteristic recorded. This can be done by having a fingerprint, iris, hand or face scanned. The data from the scan is converted to a unique template, encrypted, and stored as numerical data. The second phase requires the individual to present his or her unique features (fingerprint, iris, hand, face, etc.) for comparison with the data previously recorded. The system then returns a "yes" or "no" after comparing the presented data with the data already on file (Anthes, 1998).
Biometrics can be used in two ways -- verification and identification. Verification is the act of authenticating an individual's identity by comparing the presented biometric data to the data previously on file (Alyea, et al, 1997). This is considered a "one-to-one" search because it is comparing the information an individual is presenting to that already on file for the particular individual. In this case, there is not a search of an entire database for the unique biometric feature, but rather a verification that authenticates the individual is who he or she claims to be.
The way this works with fingerprints is as follows. When and individual
presents his or her fingerprint, the "live" fingerprint is transformed
to a digital template which is a shrunk and compressed version of the original
fingerprint and still retains the most salient features that will identify
the individual. The template can be placed on any digital medium,
such as a smart card. When the individual presents the "live" fingerprint
it is compared to the template to verify the individual is who he or she
claims to be. In effect, it replaces the password or PIN concept.
(Tomko, 1998). This is the concept used in many security
systems (A Five Step Guide to Selecting a Biometric System).
Identification is similar in concept to verification, except the presented biometric data is compared to the entire population enrolled in the system via a search of the entire database (Alyea, et al, 1997). This is sometimes referred to as a "one-to-many" search technique because the an entire database is searched to match the presented biometric data with that already in the database (Tomko, 1998).
Biometric verification and identification lead to one of three out comes: a positive match, a false rejection, or a false acceptance. A positive match indicates the person is who he/she says he/she is. A false rejection occurs when an authorized user is rejected and a false acceptance occurs when an imposter is accepted as an authorized user (Alyea, et al, 1997).
Biometric Devices Available Today
There are a variety of biometric technologies available today. Some are more popular and further developed than others, with the fingerprint being the most common (Anonymous, Sep 98, Solving Password Proliferation). Figure 1 displays one type of fingerprint device available today. Other technologies include the iris scan, hand geometry, facial recognition and facial thermography, and voice recognition.
Figure 1: UltraScan Fingerprint Device (http://www.dobi.com)
Iris Scanning Devices
The iris scan operates by using a photograph of an individual's iris. If the iris data matches what is on file the individual is granted access to the desired event. The iris scanner can read through contact lenses, glasses, and most sunglasses. Researchers say the iris is the most unique feature of the human body, with 266 measurable characteristics (as opposed to approximately 35 in fingerprints) and does not change over time. They also claim iris scanning is more accurate than DNA testing (Bank United News).
Figure 2: IriScan Iris Scanning Device (http://www.dobi.com)
Hand Geometry Devices
Hand geometry is based on the shape of the hand. A device measures
finger length, thickness, and curvature. It is used for authentication
rather than identification and the data is easier to collect because there
isn't a need for good skin contact like is required to obtain a good fingerprint,
or the need for special lighting required for retina and iris scans.
One of its strengths lay in its ability to be used with other forms of
data collection, primarily fingerprints (Hand Geometry).
Figure 3: RSI ID 3D Handkey Hand Geometry Device (http://www.dobi.com)
Facial Recognition
Facial recognition is based on capturing facial images by measuring the curves of the face from various angles (Banisar, no date available) and measuring the distance between the features. The image is stored as a mathematical algorithm and can be referenced at a later time to verify someone's identity (Facial Recognition). Facial thermography is implemented by measuring the heat pattern in a person's face. Manufactures of facial thermography systems claim the systems can identify individuals despite surgery or facial hair. One major draw back of this technology is that alcohol consumption has a drastic effect on the accuracy of thermography (Banisar, no date available).
Figure 4: MirosData Facial Recognition Device (http://www.dobi.com)
Voice Recognition
Voice recognition operates by translating voice tones into a unique
corresponding mathematical pattern. Only a microphone, sound card,
and software are required for implementation (Anonymous, 1998, Solving
Password Proliferation).
Figure 5: T-Netix Voice Recognition Device (http://www.dobi.com)
Biometric Applications in the United States
Biometrics are used in a variety of ways in the United States. One major use of biometrics is for access to sensitive military agencies, intelligence agencies, and other federal organizations requiring very high levels of security. They are also used for physical access control and in entitlement programs. In addition, biometrics are now being used for Automated Teller Machines (ATMs) (Alyea, et al, 1997).
Verification via hand geometry is in place at the Pentagon to gain access to classified video-teleconferences and retina/iris scans are required for many intelligence facilities in the Washington, D.C. area (S.W. Oliver, July 11, 1999). In addition, iris scans are now in use at a few Automated Teller Machines in Texas (Bank United News).
The Federal Bureau of Prisons uses hand geometry to monitor the movement of prisoners, staff, and visitors at specified Federal prisons. At a Federal prison in Jesup, Georgia, visitors are required to "enroll" when they arrive. They are then given a magnetic stripe card which points to their individual information that is stored in the central database. Visitors must carry this card with them for the duration of their visit. Prisoners and staff must also enroll in this program. Prisoners must enroll so their movement and access control to certain facilities such as the cafeteria and recreation lounges can be monitored. Staff members must enroll to ensure they are not misidentified as a prisoner and for positive identification in case of an uprising (Alyea, et al, 1997).
The Immigration and Naturalization Service (INS) is using hand geometry to speed up travel for those who frequently travel to the United States, allowing them to bypass the standard interview and inspection process of entry. The INS' Passenger Accelerated Service System (INSPASS) is installed at New York's Kennedy Airport and New Jersey's Newark International Airport. It is offered to citizens of 23 countries in the United States visa waiver program. This program is available to citizens of qualifying countries who visit the U.S. more than three times a year.
Walt Disney World in Florida is enrolling visitors who purchase annual passes in its finger geometry system. Finger readers are installed at all turnstiles in the park. Individuals insert their finger into the reader for verification that they are an annual pass holder. This is replacing the photo identification annual pass holders used to receive in the past (Cavoukian, 1998).
PASSPORT is another INS initiative which is in place at the US-Canadian border. It is similar in concept to INSPASS but utilizes voice recognition to allow individuals to travel between the two countries (Alyea, et al, 1997).
Fingerprints are another biometric feature being widely implemented to reduce the number of fraudulent claims. The Defense Manpower Data Center instituted a pilot program with military retirees living overseas to confirm benefits weren't being collected for deceased members. New York State's Department of Social Services now requires fingerprints for entitlement programs (Clayton, 1998).
The United States Army is using fingerprints in a test program at Fort Sill, Oklahoma, to provide new recruits a smart card with a designated amount of money on them (Anonymous, 1998, Solving Password Proliferation) and the Air Force now requires a fingerprint of the middle finger when issuing identification cards (S.W. Oliver, June 11, 1999). In addition, in 1997 the Purdue Employees Federal Credit Union placed a fingerprint-based kiosk at Purdue University's North Campus in West Lafayette, Indiana, to allow students to withdraw money, open an account and perform other banking transactions. Since then, the credit union placed two other kiosks on the campus (Boosting Biometrics).
Advantages of Biometric Use
For those advocating the widespread use of biometrics, there appears to be numerous advantages to doing so. Biometric supporters say biometrics increases privacy rather than invades it. According to Etzioni in his 1999 book titled, The Limits of Privacy, biometrics will reduce identity fraud because thieves won't be able to steal personal data such as social security cards, drivers licenses, credit cards, and other means of identification and assume that individual's identity (p. 109). He goes on to say biometrics will enhance privacy by ensuring individuals are who they claim to be. Etzioni points out the best way to ensure personal privacy from former spouses, private detectives, nosey neighbors, etc. is to have a reliable means to identify the person requesting the information and verifying he or she is entitled to that information (p. 125).
Many see biometrics as a quality of life enhancement for society as a whole. Some feel biometrics would be a big asset when conducting background investigations to ensure the individual does not have a negative history, particularly in the areas of child abuse and sex offenders. Etzioni cites a case where a convicted child murder was a local YMCA coach for four months before his history was revealed. He also points out that fraudulent income tax filing costs the government between one and five billion dollars a year (p. 105).
State welfare programs also fall into the category where biometric proponents feel the benefits of widespread biometric implementation outweigh personal privacy concerns. In San Diego, California, one county installed fingerprint identification for all welfare recipients. Within the first 18 months of installation, the county paid out $200,000 less than it normally paid out. The department of social services believes the savings is mainly a result of those who were applying for welfare under more than one name (Anonymous, 1998, Solving Password Proliferation). In New York, the Department of Social Services requires fingerprints for all individuals applying for entitlement programs. 925,000 people were enrolled in the first 19 months of the program. 172 cases of fraud were detected, 37,000 cases were closed, and the department saved $314 million (Clayton, 1998).
Security is another area promoting the use of biometrics for identification and verification. Technology is now available to allow extra security for information systems. An individual can gain access to the system and ease the log-on process by providing a fingerprint or facial image. In this manner, when the fingerprint on the mouse or the keyboard match that already on file, the individual is allowed access to the system (Anonymous, 1998, Solving Password Proliferation). According to Alan Bender, Director of Security Development at Unisys, "'We do not see this technology as a threat to individual privacy; in fact, we believe it offers tremendous benefits...Individuals should be more concerned about existing security threats from a hacker...'" (Guyette, 1999, ID Enigma). Bender goes on to say individuals should not be concerned about fingerprint technology. "'As far as the images falling into the wrong hands, the actual fingerprint image is never stored as a whole in the scanning process. This means the fingerprint can not be reverse-engineered to be recreated.'" (Guyette, 1999, ID Enigma).
In addition to security, biometrics are becoming more popular in the financial arena, particularly at Automatic Teller Machines (ATMs) and other remote banking facilities. Banks find biometrics a good way to identify customers and employees and protect all involved from unauthorized transactions (Boosting Biometrics,1998). In the most recent biometric implementation, Bank United became the first bank in the United States to implement iris recognition at ATMs. The ATMs are located inside Kroger supermarkets in Houston, Dallas, and Fort Worth, Texas (Bank United News).
Voice recognition implementation on the U.S.-Canadian border saves routine travelers valuable time and resources. In the nationally broadcast TV show, NBC's News at Sunrise, "Montana farmer, Edger Richardson, ...thanked the Border Patrol's use of voice recognition for saving him 100 miles of travel a day as he crossed the Canadian-U.S. border through an automated gate instead of a manned crossing way down the road." (Zalud, 1998).
Privacy Concerns with Biometric Implementation
Despite his pro-biometrics stance, Etzioni admits the widespread implementation of biometrics clearly undermines privacy (1999, April). The privacy threat lies not in the foundation of what biometrics does best -- provide positive identification, but in "...the ability of third parties to access this [information] in identifiable form and link it to other information, resulting in secondary uses of that information, without the consent of the [individual]." (Cavoukian, 1998). Given this, an individual has no means over the control of his or her personal information, who uses it, or how it gets distributed. Without this inherent freedom of choice over personal information, an individual loses his or her privacy (Cavoukian, 1998).
The Bill of Rights affords all United States Citizens a certain measure of protection from unfair treatment and invasion into personal affairs. The Fourth Amendment guarantees individuals the right to be free from unreasonable search and seizure and the Fifth Amendment protects individuals from being a witness against himself or herself in a criminal case. The question regarding the Fourth Amendment is: Does a biometric reading constitute search and seizure? Most courts answer this question yes, similar to their response for fingerprints and drug testing, calling it a "suspicionless search." Until the 1990 case of Michigan vs. Sitz, suspicionless searches were only used for non-criminal circumstances; however, in this case, the Supreme Courts ruled that information from a random sobriety checkpoint could be used for incrimination in a criminal act--for the first time associating suspicionless searches with criminal searches (Nuger, date unknown). The obvious concern here regarding biometrics is what are the possible repercussions that may result from the acquisition of an individuals' biometric data?
The Fifth Amendment, which protects individuals from self-incrimination, raises another issue concerning biometrics, and that is how the information might be collected. In other words, will the biometric data be collected by force and how intrusive will the methods be? Past legal cases have been very lenient in how they have allowed data to be collected, so most expect the same will hold for acquiring biometric data. In the 1986 case of Perkey vs. Department of Motor Vehicles, the courts ruled that acquiring fingerprints didn't violate personal privacy or dignity because it did not penetrate the skin, and in the 1957 Breithraupt vs. Abram case, the courts ruled that a blood sample take from an unconscious victim was admissible because obtaining blood samples was relatively unobtrusive and accepted in American society. This approach leaves many wondering what, if any, limitations will be placed on the methods used to gather biometric data (Nuger, date unknown).
Many fear the conglomeration of a mega database that will house this
sensitive biometric data and the information will be used for other than
its intended purpose. According to Beth Givens, the director of Privacy
Rights Clearinghouse in San Diego, California, "' Our concern regarding
biometric data is that eventually there would be a centralized database
covering all citizens, and that would be used for purposes other than the
original intent.'" (Hodgson, 1988). One possible application
of this would be for an institution to buy (or steal or in other ways intercept)
a major database. If this were to happen, another organization would
have an incredible amount of information on individuals without the individual
being aware of it or giving their consent (Hodgson, 1998). There
is also a big fear the government will be able to build a dossier on an
individual that essentially tracks him or her from birth to the grave (Erbe
and Shiner, 1997). In addition, the correlation of biometric data
acquired for one purpose may be used for another.
The following is an example of this concern:
If I happen to be on welfare and innocently leave my latent fingerprints at a night club which later becomes the crime scene, any latent prints of mine picked up could be matched to the fingerprint database compiled for welfare recipients. If I'm identified, I'll get a knock on my door and a visit by a police officer. This is a clear infringement of my privacy. Now, one can say that the fingerprint database will be off limits to the police by virtue of legislation. That may be the case with the current government. But how can we ensure it will be the case with the next government? And that doesn't address the issue of unauthorized access to the database. The temptation for secondary or unauthorized uses of such a database beyond its primary purpose will be very great, especially if crime, tax fraud, and terrorism increase in our society (Tomko, 1988).
Another issue closely tied to that stated above is the concern of replicating biometric data and framing someone. Many believe with all the technology available, it would be easy to replicate a fingerprint or other biometric data and manipulate it in a variety of undesirable ways. For example, one could replicate a fingerprint on file and place it on a gun handle or in other incriminating places and falsely establish someone as a criminal or being at a crime scene (Muller, date unknown).
In addition to fears similar to those stated above, others are concerned the information will be used in other ways. For example, some states, including Georgia, California, Colorado, Hawaii, and Texas, now require fingerprints in order for an individual to receive a drivers' license. The American Civil Liberties Union (ACLU) feels there is a larger agenda at work than simply reducing fraud and protecting the public interests. According to Teresa Nelson, executive director of Georgia's ACLU, "'States are being encouraged by the federal government to issue tamper-proof ID...Since the national ID card didn't pass, there have been many attempts to get something through the back door.'" This reiterates the fears of a government tracking system (Muller, date unknown).
Those working in the private sector are also susceptible to misuse of biometrics on a daily basis. If an individual works in an organization that requires biometric information for an ID card, the organization has the potential ability to monitor the employee's every move. For example, if an employee needs a badge or smart card to access his or her work location, it is possible to track how long the individual spends at his or her desk, in the restroom, outside smoking, etc. (Nuger, date unknown).
Another reason biometrics does not enhance privacy is that it is not a 'challenge and response' system, where an individual is asked different verifiable questions at different times in order to verify he or she is who they claim to be. Some individuals feel biometric systems are easy to get around because all a person has to do is acquire the digital version of an individual's identifying features. In other words, a hacker doesn't need the individual's actual fingerprint or iris scan, all he or she needs is the digital image of the biometric and he or she can impersonate an individual with little trouble (Tomko, 1998).
In addition to all the reasons stated above about why biometrics are not privacy enhancers, perhaps the biggest reason for the lack of faith in biometrics is due to the lack of government regulations concerning biometric use. While there are organizations forming to advocate standards (see Special Interest Groups section of this paper), to date, nothing enforceable exists. "The absence of privacy laws safeguarding biometrics and other forms of personal information also opens the door to abuse, says Dierdre Mulligan, staff counsel for the Center for Democracy and Technology, a not-for-profit civil liberties group based in Washington, D.C." (Boosting Biometrics)
Special Interest Groups
International Biometrics Industry Association (IBIA)
The International Biometrics Industry Association was created in September of 1998 by four biometric technology vendors. The founding companies are: Identicator Technology of San Bruno, California, IriScan Inc, of Marlton, New Jersey, Recognition Systems Inc of Campbell, California, and Visionics Inc of Jersey City, New Jersey. Based in Washington, D.C., IBIA's executives say the group was created to educate consumers, businesses and policy makers on biometrics, provide a voice for it members, and assist in creating biometric regulations (Boosting Biometrics, 1998). Since it's initial inception, IBIA is also concerned with addressing privacy concerns associated with new technological advancements in the biometrics industry. According to IBIA's executive director Richard E. Norton, "'We want a very positive message to clear up confusion that some people may have about privacy issues or a Big Brother agenda...People hadn't been hearing that loud and clear.'" (Jacobson, 1999).
Officials estimate industry sales are over $ 40 million and as much
as $16 million invested in research and development. IBIA Chairman
and former managing director of Recognition Systems Inc., (a company that
sells hand recognition scanners), William W. Wilson, says, " 'The industry
has been relatively small until now, but it's beginning to move into the
mainstream, so a much broader group of people is using biometrics now.'
" (Jacobson, 1999).
According to IBIA officials, the organization acknowledges privacy
concerns and wants to work with privacy advocacy groups, to include an
individual's knowledge about their own biometric data, access to their
own biometric data and knowledge of the government's access to the data
as well. Norton adds the relationship between privacy advocates and
the biometric industry does not have to be hostile, " 'That's not to say
there's no clear wall between us. But by clarifying our positions,
we can, hopefully, come to a meeting of the minds.' " (Jacobson, 1999)
While IBIA does not have a congressional agenda, according to Jacobson, the organizations' biggest fear is that legislation directed at other areas, such as banks storing personal information about their clients or companies who gather and sell personal data, would impose unwanted restrictions on biometric manufacturers and clients. (Jacobson, 1999). IBIA's goal is to take an active role in inspiring "'sane decision making'" in regards to proposed rules, as well as laws and regulations likely to impact the biometrics industry (Guyette, May 1999). According to Norton, "'Congress has already introduced 38 bills that could affect the biometrics industry on the privacy side, and the last Congress introduced 150. We have to see how national legislation can clarify how biometric information should be handled. That said, there's nothing killing us yet--but we have to be vigilant.'" (Jacobson, 1999)
In James Guyette's May 1999 article, Group Announces Privacy Principles for Biometrics Use, Norton went on to say that, "'...We wanted to show that we are self-regulating.'" Establishing privacy principles is the focus of IBIA's efforts to address current privacy issues associated with biometric implementation. The organization is launching a campaign to show biometrics are, according to Norton, safe, user-friendly, improve productivity and protect privacy. In late March of this year, the organization announced their Privacy Principles to serve as direction for manufacturers, consumers and users (Guyette, May 1999).
1. Biometric data is electronic code that is separate and distinct from personal information, and provides an effective, secure barrier against unauthorized access to personal information. Beyond this inherent protection, IBIA recommends safeguards to ensure that biometric data is not misused to compromise any information, or released without personal consent or the authority of the law.
2. In the private sector, IBIA advocates the development of policies that clearly set forth how biometric data will be collected, stored, accessed, and used, and that preserve the rights of individuals to limit the distribution of the data beyond the stated purposes.
3. In the public sector, IBIA believes that clear legal standards should be developed to carefully define and limit the conditions under which agencies of national security and law enforcement may acquire, access, store, and use biometric data.
4. In both the public and private sectors, IBIA advocates the adoption of appropriate managerial and technical controls to protect the confidentiality and integrity of databases containing biometric data (Guyette, May 1999, Privacy Principles).
The reader should note that the ideas listed above are simply concepts of the IBIA and they are not backed by any laws or legislation.
IBIA goes on to state the principles listed above demonstrate a clear industry stance that data safeguards are essential and biometric devices become more common place. They say the principles are based on international data agreements on data protection and are intended to address individual privacy concerns (Guyette, May 1999, Privacy Principles).
US Government Biometric Consortium
The United States Biometric Consortium is the U.S. Government's primary source of technical information in the biometrics arena and was initiated to increase the availability of biometric authentication and identification devices for the Department of Defense and other Federal agencies. The Consortium has been meeting since 1992 and was formally chartered in December 1995, reporting to the Assistant to the President for National Security Affairs through the Security Policy Board. It is the focal point for all coordination and development of biometric processing, testing, and evaluation within the U.S. Government. Currently, the Consortium is made up of representatives from each branch of the armed forces and representatives from six executive U.S. Government departments. The Consortium's formal mission is stated below.
The Consortium will serve as a Government focal point for research,
development, test, evaluation, and application of biometric-based personal
identification/authentication technology. The Consortium will encourage
the use and acceptance of biometric technology in areas of critical need
and also concern itself with maximizing performance, minimizing cost, and
avoiding duplication of effort within the Government community. The
Consortium will coordinate technological concerns and issues of performance
and efficiency within the Government in order to serve the best interests
of the taxpayer. The consortium will meet regularly to
- Promote the science and performance of biometrics.
- Create standardized testing databases, procedures, and
protocols for the community and security policy organizations.
- Provide a forum for information exchange between Government,
private industry, and academia.
- Establish increased Government and commercial interaction.
- Facilitate symposia/workshops to include the participation
of academia and private industry.
- Establish a feedback mechanism for issues that are exposed
during the actual application of this technology.
- Address the safety, performance, legal, and ethical issues
surrounding this technology.
- Advise and assist member agencies concerning the selection
and application of biometric devices. (Alyea, et al., 1999)
In the spring of 1997, the Consortium established the National Biometric Test Center (NBTC) at San Jose State University in California to develop, document, promote and teach sound performance standards and testing protocols. The NBTC promotes professional level expertise for testing and using biometric devices. In addition, it serves as a data and technology disseminating body and facilitates the transfer of technology from the government to industry. Their goal is to act as an advocate for manufacturers and users and promote the use of biometrics (NBTC Web Page). Given their stated role, the reader can see individual privacy is not a concern of the NBTC.
Los Angeles-based Center for Law in the Public Interest
The Los Angeles-based Center for Law in the Public Interest pushed for legislation that has the potential to outline allowable uses of biometric data. The executive director of center says they, "'...wanted to make sure the same thing didn't happen with biometric identification that happened with Social Security numbers.'" (Britt, 1998). Harris went on to add that if biometric data was stolen it would be nearly impossible for the person whose identity was stolen to recover it. He likens the incident to the simile of trying to put a genie back in a bottle.
The proposed law would not allow biometric data to be transferred to third parties, would require companies to have specific safeguards in place to maintain biometric data as closely as it maintains other sensitive information, would require the individual to be notified if there was a transaction involving use of their biometric data, and insist the individual was notified if his or her voice was being recorded (Britt, 1998).
Where Do We Go From Here?
Dr. George Tomko (1998) presents a unique approach to overcoming the current biometric shortcomings and making biometrics the true increased security and privacy provider it is now only claimed to be. He suggests the use of biometric encryption, where an individual's biometric identifier would be the coding key. In his example, he uses the fingerprint for demonstration purposes. He offers using a fingerprint to code the PIN to a bank machine. In this manner, only the PIN is coded. It has no connection to the actual fingerprint and the fingerprint pattern is not stored in any type of database--this is a critical feature. In this manner, an individual could have multiple PINs, all coded by the same fingerprint pattern. In addition, since the individual is the only one that can decode the PIN, virtually absolute privacy exists. This concept also adds another benefit to privacy, and that is an individual can have multiple PINs and safety in numbers rather than having everything tied to one unique identifier. He cautions that in order to implement a system like this, one would have to ensure the PINs could only be decoded by a live fingerprint, not a replicated print.
Dr. Tomko sees application for this technology in a number of situations. He says it could "de-identify" information in databases, so the individual and their sensitive information are separated and only matched by the fingerprint. In this manner, the individual would have control over their information stored in the database. Concerning smart cards, he says that because the coded encryption key, the individual's fingerprint, is not stored on the card, they would be useless if stolen. In the welfare and social services programs, Tomko says a fingerprint would serve to activate a computer pointer that would point to an individual's personal identity, and if the police were to pick up a fingerprint, they couldn't run it against a welfare database because only the live fingerprint would work. He says it also functions to benefit society as a whole because if an individual were to try to dual-enroll in social programs the live fingerprint would cause the pointer to point to the existing information in the database.
Dr. Tomko advocates using technology to implement biometrics the right way, with all the privacy safeguards in place, rather than using off-the-shelf products that do not have high quality privacy protection characteristics. He stresses the need to implement the type of program he outlined before society and industry implement the less desirable methods currently being manufactured. "We have the technologies to unquestionably authenticate our eligibility for goods and services without divulging identity...We now have up to ten encryption keys residing at the ends of our fingers to protect our privacy and to secure information. Through this technology, security becomes a by-product of protecting an individual's privacy..." (Tomko, 1998).
While Tomko presents one idea to merge biometric technology and privacy concerns into a workable solution, his idea at this point is just that -- an idea. There is no move to put this concept into practice, nor is there an organization tenaciously advocating a move in this direction. As a result, the technological advances are being used by those who have the most to gain from them -- the manufacturers.
There are clearly a few instances where the limited implementation and use of biometrics are beneficial without a drastic compromise of personal privacy. Situations such as the Montana farmer saving valuable time and mileage crossing the U.S.-Canadian border daily and the patrons of the Purdue Credit Union enjoying the conveniences of using their fingerprint to access their accounts are examples of their limited positive applications.
These limited benefits, however, do not outweigh the large scale concerns overriding the entire issue. Potential violations of the Constitutional rights, lack of regulations and clarity about how the information is collected, stored, used, and disseminated, and the large potential for misuse leaves the average citizen at a large disadvantage. While there are a few special interest groups forming, to date there are not any groups truly advocating for the individual's right to privacy. As noted in this paper, the groups gaining ground in this arena are composed primarily of biometric equipment manufacturers and government personnel who advocate the use of biometrics, who have their own interests and gains at heart. Until a tenacious and powerful group emerges to advocate personal privacy concerns, there will remain a huge risk in controlling and accessing an individual's data. The risk of an individual actually losing his or her identity instead of safeguarding it is a real possibility given the current lack of accountability in the field, and in the absence of regulatory guidance, the risk of individuals inappropriately using an individual's biometric data for personal or financial gain is very high.
In the case of widespread biometric implementation as it relates to personal privacy issues and the benefits to society as a whole, there remain too many unanswered questions to support such a move. The benefits of biometric use for society as a whole clearly do not outweigh personal privacy issues at this point in time.
REFERENCES
Alyea, L., Campbell, J., & Dunn, J. (1997). Government Applications and Operations. [online]. Available: http://www.biometrics.org/REPORTS/CTSTG96/ (June 27, 1999).
Anonymous. (1998, September). Solving Password Proliferation. Government Executive. pp. 63-68. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Anonymous. (1998, December). Boosting Biometrics. Bank Technology News. Retrieved June 16, 1999 from Academic Universe Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Anthes, G. (1998, October 12). Quick Study: Biometrics--Promising Technology Has Yet to Gain Wide Acceptance. Computerworld. p. 30. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Banisar, D. (unknown). Big Brother Goes High-Tech. [online]. Available: http://www.networkusa.org/fingerpr...age3/fp-big-brother-high-tech.html. (June 20, 1999).
Bank United News. [online]. Available: http://dobi.com/news_boa.htm. (July 3, 1999).
Britt, P. (1998, June). Biometrics Raises Privacy Concerns. America's Community Banker. pp. 24-25. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Cavoukian, A. (1998). Privacy and Biometrics: An Oxymoron or Time to Take a Second Look? [online]. Available: http://www.iipc.on.ca/web_cite.eng/matters/sum_paper/PAPERS/cfp98.htm. (June 27, 1999).
Clarke, R. (1999, February). Internet Privacy Concerns Confirm the Case for Intervention; Industry Trend or Event. [online]. Available: http://www.web.lexis-nexis.com. (June 16, 1999).
Clayton, M. (1998, July). Biometrics Examined on Capitol Hill. America's Community Banker. pp. 6-7. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Erbe B. and Shiner, J. (1997). How Will Biometrics Affect Privacy Rights? Scripps Howard News Service. [online]. Available: http://www.jrnl.com/news/97/Aug/jrn76280897.html. (June 20, 1999).
Etzioni, A. (1999, April 1). Less Privacy is Good for Us (and You). [online]. Available: http://www.intellectualcapitol.com/issues/issue192/item3172.asp. (June 27, 1999).
Etzioni, A. (1999). Big Brother or Big Benefits? ID Cards and Biometric Identifiers. The Limits of Privacy. (pp. 103-137). New York: Basic Books.
A Five Step Guide to Selecting a Biometric System. [online]. Available: http://www.afb.org.uk/public/5steps.html. (June 27, 1999).
Guyette, J. (1999, May). ID Enigma: Are Biometrics a Threat to Privacy or the Key to Protecting It? Automatic I.D. News. p. 45-47. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Guyette, J. (1999, May) . Group Announces Privacy Principles for
Biometrics Use.
Automatic I.D. News. p. 48. Retrieved June 16, 1999 from ABI/Inform
Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html
with account and password.
Hand Geometry. [online]. Available: http://bometrics.cse.msu.edu/hand_geometry.html. (July 3, 1999).
Hodgson, K. (1998, July). Biometrics and Smart Cards: Privacy Enhancers--With Right Safeguards. Security. pp. 41-42. Retrieved June 16, 1999 from ABI/Inform Global Database (via UMUC online library). Available: http://www.umuc.edu/library/proxy.html with account and password.
Jacobson, L. (1999, March). Playing the Identity Card. The
National Journal, Inc.
p. 768. Retrieved June 16, 1999 from Academic Universe Database
(via UMUC online library). Available: http://www.umuc.edu/library/proxy.html
with account and password.
Muller, N. (unknown). True Identity Fraud. [online]. Available: http://www.networkusa.org/fingerprint/page3/fp-technology-nmuller.html. (June 20, 1999).
National Biometric Test Center. [online]. Available: http://www-engr.sjsu.edu/~graduate/biometrics. (June 27, 1999).
Nuger, K. (unknown). Biometric Applications: Legal and Societal Considerations. [online]. Available: http://www-engr.sjsu.edu/~graduate/biometrics/privatei.html. (June 20, 1999).
Tomko, G. (1998, September). Biometrics as a Privacy-Enhancing Technology: Friend or Foe of Privacy? [online]. Available: http://www.dss.state.ct.us/digital/tomko.htm. (June 27, 1999).
What is Facial Recognition? [online]. Available: http://www.vt.edu:10021/J/Jaatlize/4554/faceq1.html. (July 3, 1999).
Zulad, B. (1998, February). Privacy Issue Prompts Make-Over
for Biometrics ID. Security. p. 57. Retrieved June 16, 1999
from ABI/Inform Global Database (via UMUC online library). Available:
http://www.umuc.edu/library/proxy.html with account and password.