Large-scale identification programs, such as national ID cards, visas or ePassports, are enough to put most privacy advocates on the offensive. Add in the mention of biometric technology and the volume of opposition is magnified. The good news then, is that a new series of reports launched today, while fully recognizing the validity of privacy concerns, has concluded that even the use of biometrics in large-scale databases is possible without having to sacrifice personal privacy.
The reports by National Biometric Security Project (NBSP), a research and analysis organization, look at both the impact of biometrics on US and international privacy laws.
The first report – United States Federal Laws Regarding Privacy and Personal Data and Applications to Biometrics – demonstrates how, under the current US legal system and state of the law at the federal level, use of biometrics as a system to verify identity in virtually any situation is consistent with the law. The report also illustrates how, under certain circumstances, using biometrics to identify individuals through the use of databases is acceptable without sacrificing the objective of maintaining and protecting personal privacy.
The report was written for the Department of Homeland Security and the Interagency Working Group on Biometrics chaired by the White House Office of Science and Technology.
Importantly, the report highlights the distinctions between identification and verification techniques and discusses how each method relates to privacy laws and issues. Generally, the report says, biometric “identification” does a “one to many” search of extensive databanks to find a match. Because such databanks may contain or be linked to personal information, and because identification applications can be used without the subject’s knowledge or consent, such as in surveillance, the privacy concerns are intensified, the report claims.
Biometric verification systems, meanwhile, use a “one to one” match and so are generally designed to be used on a voluntary basis. They only require two pieces of information: something representing your identity (such as a user name to retrieve your biometric template or a smart card with your template embedded in it) and your biometric feature or information (such as your hand to create your hand geometry template) presented for the match.
Verification systems can be connected to databanks, but unlike identification systems a database is not a necessary component. The need for the subject’s consent and the lack of a databank requirement greatly reduce the privacy concerns.
John E. Siedlarz, Chairman and CEO of NBSP commented: “The increasing reliance on biometrics in large scale identification applications, such as watch lists, enrollment eligibility and border control applications will require a greater sensitivity to privacy issues to ensure that the rights of individuals are not unduly compromised in the name of security. There are clear steps that can be taken to make all biometric systems ‘privacy sensitive’. Those involved in the deployment and management of identification applications will need to employ those steps to maintain the right balance between individual privacy considerations and broader security concerns.”
The second study – Report on International Data Privacy Laws and Application to the Use of Biometrics in the United States – assesses privacy laws in Canada, Australia, New Zealand and Japan and looks at possible roles the USA could play in international cooperation.
According to NBSP, resistance to both US and foreign biometric privacy legislation has come from both sides of the fence. Some proponents of biometric recognition technology are concerned that any legislation will restrict the currently legal uses of biometrics. Opponents of biometric recognition technology (on the basis of its perceived threat to privacy) are concerned that legislation will condone the use of such technology on a broad or unrestricted scale.
For more information please contact: email@example.com