By Dr Risco Mutelo
The use of biometric technology is directly associated with privacy concerns, such that it is impossible to discuss biometrics without addressing the negative perceptions surrounding its usage.
As with most new technologies, many concerns are well-grounded, some are based on fundamental misconceptions of the technology’s operation and others are unrelated to the technology. It is important that all privacy-related concerns are addressed fully in any situation where biometrics might be deployed. Privacy concerns regarding biometric technology can be divided into Personal Privacy and Informational Privacy.
Personal privacy: this is the inherent discomfort concerns with biometrics. To a segment of the population the use of biometric technology is inherently offensive, distasteful, invasive or embarrassing. For example, some people may find infrared illumination used in iris recognition or retina recognition distasteful and invasive. This may be attributable to a variety of cultural, religious or personal beliefs. The percentage of the population whom find biometrics inherently problematic is unknown. This percentage of the population is likely to be non-compliant with biometric systems. In either case, fears and concerns relating to privacy of the person are difficult to address through legislation, system design requirements and may be partially addressed by public awareness campaigns.
Informational privacy: This is viewed as more significant to many users. Unlike personal privacy, fears and concerns are centred on the potentially ominous impact of the collection, use, retention and disclosure of biometric data. Example includes the followings:
– Unauthorised Biometric Collection. Certain technologies are capable of collecting biometric information without the subject’s knowledge. The increased deployment of certain types of biometric technologies does bring with it the concept of biometric information being gathered, and biometric identification functions being performed, without consent. This would facilitate, if not be an instantiation of, unauthorised use of biometric technology.
– Unnecessary Biometric Data Collection: The aim of biometric technology is to address specific identity verification problem. For examples, controlling physical access to specific locations, controlling logical access to specific data or ensuring that an individual does not enrol multiple times in a single-identity system. A potential fear is that they will be deployed in situations where there is little or no benefit for strong user authentication or identification. Unnecessary collection could also facilitate unauthorised use of biometric technology.
– Forensic Usage: Generally fingerprints are used as means of forensic identification, it is natural that the requirement to provide one’s fingerprints should be looked at with hesitation. The fear is that information provided for public or private sector usage will facilitate police searches, both automated and through use of latent images. That is, every database with a biometric could be used as a database of criminal records, representing a significant increase in the potentially intrusive investigative powers of the state.
– Biometrics Unique Identifier. Biometrics could be used to monitor, link and track a person’s daily activities. Biometric technologies are based on physiological or behavioural characteristics. For example, your mobile phone is constantly generating signals and a combination of the signal and your gait recognition can be used to track you, eliminating the need for your image. Almost everyone has a mobile phone.
Dr Risco Mutelo is a Namibian who currently works for the Bank of America stationed in London where he studied Biometrics Engineering at New Castle University in the United Kingdom.