Testing the limits of biometrics
- By Dibya Sarkar
- Nov 05, 2002
The American Civil Liberties Union
Biometric technologies have expanded greatly in the past decade and especially following the attacks of Sept. 11. With recently enacted federal statutes and many more bills promoting their use, the market could reach $2 billion in revenues in four years.
But there are few judicial developments regarding collection of biometric identifiers, even as public policy debates have swelled over their use and their potential to invade people's privacy.
SEARCH, the National Consortium for Justice Information and Statistics, held a two-day conference on legal and policy implications of biometric use in New York City Nov. 5-6, featuring law enforcement, government, industry and privacy and civil liberties experts.
At the conference, the nonprofit group released a survey on public perception of biometric use ["Biometrics awareness still low"], and it also previewed a soon-to-be-released report updating one on biometrics the group released 12 years ago.
Biometrics has been around for a long time most notably fingerprinting. However, newer technologies, such as facial recognition, and iris and retinal scanning, are being considered more and more by many public- and private-sector organizations for verification of identification, authentication, perimeter security, border control, identity theft, program fraud prevention, and access to secure systems.
"What we see today are a lot of pilots, a lot of tests, a lot of demonstrations, and not a lot of deployments," said Robert Belair, SEARCH general counsel.
The events of Sept. 11 have spurred support for such technologies, evidenced by a flood of proposed bills and a handful of federal laws, said Rebecca Dornbusch, deputy director of the International Biometrics Industry Association. However, the federal government's inability to pass this fiscal year's budget is hampering further deployments.
But not all biometric technologies are the same, said officials, and use should be considered carefully. Concerns include invasion of privacy, misuse of databases, surveillance and tracking of people, and the linking of databases to create, in essence, a national identification database, Belair said.
Another concern is emerging technologies, such as chips implanted under the skin, strip search scanners and "noninvasive neuro-electric sensors" that NASA wants to embed at airport gates to capture tiny electrical signals emitted from people's brains, he said.
Barry Steinhardt, associate director of the American Civil Liberties Union, said his group supports use of reliable biometrics to authenticate access to secure locations, DNA analysis of crime-scene evidence and X-rays of air cargo and baggage.
When it comes to facial recognition where video cameras scan and capture a person's face and then software tries to match it against a database presumably composed of known criminals and/or terrorists the technology doesn't work, he said, citing uses in Tampa and other places. Such "surreptitious surveillance" is a waste of law resources and will be misused, he said.
Wayne Crews, technology policy director at the Cato Institute, a libertarian, market-oriented think tank, said he's worries less about facial recognition as long as incidental data that's collected is thrown away or not collected in the first place.
But he did worry about the mixing of public and private databases, which could mean government regulation of private databases. He said the "twin engines" of consumer acceptance and rejection would govern private-sector use of biometrics in that marketplace.
Chris Hoofnagle, legislative council for the Electronic Privacy Information Center, said that industry, the public and the government sector have to address questions of storage of data, how vulnerable the data is to theft or abuse, its accuracy, authenticity, and limiting its use to a certain purpose.
Paul Collier, executive director of the Biometric Foundation, a nonprofit group that focuses on research, education and standards, said successful implementation will occur when those installing the technology work proactively with concerned groups to address questions, explain the business cases and benefits, answer the public's questions and concerns, and implement it with low impact on current systems.