The use of fingerprints and retina scans has been a feature in spy and crime movies for a long time, but today is a very real part of life. Biometrics is the phenomenon of recognizing individuals by their physical or behavioral traits using biometric technology. Examples of biometric data are fingerprints, palm prints, retina scans, DNA matching, typing rhythm, gait, signatures, and facial recognition. Biometrics measures distinct and generally unalterable characteristics of individuals. With the growth of technology in the past several decades, biometric technology is now faster, more accurate, and more affordable than it has ever been.
The current uses for biometric data include: control of physical access to spaces, accounts, vehicles, and medical records; surveillance; identification; fraud prevention; distribution of benefits; time and attendance tracking for places of employment and/or schools; and air travel and border control. Because the use of biometric data has increased in recent years, the conversation about its implication on privacy has become heated.
Privacy Concerns Surrounding Facial Recognition Technology
There are several privacy concerns associated with the growing use and implementation of biometrics. Professor Dryer outlines some of the major concerns in his youtube lecture. They include: length of storage, access rights, usage of information, focus of usage, data errors, use of information to manipulate consumer behavior, potential discrimination, and the growth of “Big Brother”. One of the main concerns is around the use of facial recognition technology. According to the GAO Facial Recognition Technology Report, facial recognition differs from the other biometric technologies because it does not require the individual to directly interact with the technology. This paired with the technology’s abilities has privacy advocates fired up.
Facial recognition technology uses facial feature measurements to create a faceprint in order to verify the identity of a known person or to identify an unknown person. For more information about how the technology works watch this video that was provided through our readings. The use of facial recognition technology has received a lot of attention with the dawn of social networking apps like NameTag, promotional apps like Facedeals, as well as the patented Microsoft billboard that scans your face and then custom displays ads targeted for the identified individual. Facebook has received attention from privacy advocates because of their facial recognition algorithm that allows it to identify users in pictures and suggest people to tag. Facebook has collected one of the biggest biometric databases simply by having individuals tag themselves and friends in pictures. Not only has this allowed for a large data base, but the technology Facebook is using is highly accurate. According to a Washington Post article, Google’s facial recognition algorithm FaceNet has 99.63% accuracy, Facebook’s algorithm DeepFace has 97.25% accuracy, and the FBI has 85% accuracy. Because of concerns about Facebook’s use of facial recognition technology without consent and the privacy implications on individuals, they have become the defendant in a large lawsuit Licata v. Facebook.
Potential Benefits of Biometrics
While there are legitimate privacy concerns associated with biometrics, biometric data can also be used beneficially and can even protect our security in certain ways. Biometrics offers an efficient solution for business owners when it comes to security operations. Biometrics is by far the fastest way to accurately identify people. Biometric characteristics cannot be duplicated, guessed, lost, or forgotten, which allows for confident identification of individuals. In addition, being able to track activity and transactions creates complete employee accountability. The use of biometrics can also make it significantly harder to commit fraud, making banking more profitable and secure.
The use of biometric identification has also become a new way to fight the war on terror and control borders. The US, UK, and Canada have implemented biometric technology at borders. The Department of Homeland Security has implemented biometric border control starting with the US VISIT program and now the OBIM to accurately separate between leisure and business visitors and terrorists and illegal aliens. The US has also started using biometric passports called e-Passports as a way to more efficiently and accurately move travelers through security at borders. This is definitely a relevant interest to today with the growing threats of ISIS and the increase in terrorist action.
Current Privacy Laws and Suggestions for Protection from Biometrics
Currently there is very little in the way of privacy protection laws regarding Biometrics. Only two states, Illinois and Texas, have any formal legislation expressly giving privacy rights to individuals regarding biometrics. Illinois and Texas have statutes that regulate the use, disclosure, and destruction of biometric data by private organizations or individuals. The lawsuit against Facebook, Licata v. Facebook, was filed first in Illinois under the Illinois Biometric Information Privacy Act. Arizona, Illinois, and Louisiana do not allow schools to collect biometric data without parental consent. Maine, Missouri, and New Hampshire prohibit the use of biometric data with driver’s licenses. Other than those restrictions, there are no other legal restrictions to date on biometric data use and collection in the United States. Even though only two out of fifty states have statutes regarding biometrics, these two statutes end up giving one in eight Americans the legal right to biometric privacy.
While there is no federal law and many states do not have statutes regarding biometric privacy, several private and public organizations have put together lists of suggestions for biometric privacy. The Federal Trade Commision has put together a list that is summarized well by one of our readings. The overall consensus seems to be that the use of biometrics is okay as long as: databases are secure, there is a process for deleting data, data is not collected in places where people have a reasonable expectation of privacy, a sign is posted letting people know if there is facial recognition technology doing facial scans, there is an option to opt out, consent is gained before using data, and is not used to identify anonymous persons.
My Personal Views
It seems pretty obvious to me that the knee jerk response to the private sector version of this would be to demand that corporate entities get your consent before using your face in their systems. To a certain extent, I agree with that, but I feel that there is a much larger problem to be dealt with. What happens when you don't want your face indexed by some corporation? Well, then you simply don't use the service. Sure, current circumstances with facebook and google may be different, but the fact remains that these organizations are well within their rights to require users to allow this activity, else not use the service whatsoever. Again, right now this doesn't come across as that big of a problem. However, 20 years ago the internet was used by about 20 million Americans. Now, its use is arguably essential to modern life in America. What happens when one of these services gains such a cultural monopoly that to not use it is severely detrimental to your personal or professional life? I consider my image to be something personal, to some extent representative of my being as a whole, and the idea of someone taking that image and breaking it down to figures to be a part of a soulless system disturbs me. That's just my reasoning, but it's just one of many valid reasons someone might not want their face indexed. I don't want to live in a world where people have to sacrifice their values in order to live a normal life, so I don't think simply asking for consent is enough. Something needs to be done to prevent companies from excluding users just because those users refuse to give up their privacy.
ReplyDeleteI agree with Josh to an extent. I'm very wary of biometrics. My face, my fingerprint, and my gait, among other things, are distinctly mine. I don't want those things being used to the advantage of businesses, even if it is to bring about better services for me. In terms of security, I don't want to live in a society where I feel like I'm always being watched. I'm paranoid enough with NSA surveillance. While I understand that terrorism is a real threat we cannot go so far as to sacrifice all privacy to ensure absolute safety. While I agree that the science behind the technology is interesting I would rather not have biometric technology implemented into my every day life. I think it's too risky and has too much potential for abuse.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteOne thing that worries me about facial recognition and biometrics is the error potential. Right now it is being used so that I can see advertisements of puppies and bananas, but let's say a few years from now it is used as criminal identification, and I just happen to look like someone who stabbed someone, and I go to jail just for having an adorable face. Not cool.
ReplyDeleteI don't believe people should live their life constantly being watched, hello, we have all seen just how well that works out in sci-fi movies! The potential for misuse of these systems is rather large. Sure, it may start as personalized advertisements, but it can easily escalate into a society petrified of any wrong perception they might be encouraging while in public. People would constantly be watching themselves, for fear of retribution, and that is not a healthy, or free, environment.
I really like the points that Anne has brought up. There is a huge potential for misuse of this system and for trusting it too much. Currently, there are no regulations in the US on this biometric software, although some US senators are working to change this (http://www.pcworld.com/article/259470/regulation_of_facial_recognition_may_be_needed_us_senator_says.html). Facial recognition software is used for criminal investigations, and although humans are still used to check the work, this is often after the suspect has been brought in. We might not be that far away from fully automated software, where a match could automatically generate an arrest warrant. This draws back to this past week’s argument about mugshots – the facial recognition software, which is nowhere near perfect (for example, Facebook regularly mixes up me, my little sister, my roommate this year, and my freshman year roommate) could lead to many false arrests. People shouldn’t have to fear walking in a place with cameras for fear of wrongful arrest.
DeleteWhile I agree that an arrest on the basis of a facial match would be horrible, I don't think that it is valid to jump to the conclusion that widespread facial recognition technology will turn us into a surveillance state. We already have policies in place to require that police check a specific suspect, rather than just querying the whole database trolling for positives. This is because it is conceivable that we would get a false positive. Similar policies could be implemented and this would protect against some abuse.
DeleteI think a lot of the common biometrics we see everyday are with fingerprint sensors and voice recognition on some phones. I don't think these kinds of biometrics are too bad since they are very convenient. Some people may have not secured their phones if they didn't have a finger print sensor but with the convenience of one and the tap of a button, there phones are secured. Apple states that their Touch ID data are stored on a "Secure Enclave" on their phone and it's only as a "mathematical representation of [the] fingerprint" and the data is never sent to Apple's servers. I think this is a good implementation of finger print sensor on a commercial device. However, some companies are not as careful as Apple (hhttp://goo.gl/OU3JrK) Hackers were able to steal finger print data from HTC phones because the data is not secured securely and in an easily opened and comprehendible location.
ReplyDeleteI think Josh brings up a really good point with a future where the use of biometrics as ubiquitous as the Internet. If this is the case, the companies need to make sure that the data is secure and there are stringent security measures to make sure that data cannot be stolen.
Despite the clear potential for abuse by both the private and public sectors, wherein I must admit strong arguments are made, the potential benefits of the widespread use of biometrics seems to outweigh any negative potential. Biometrics could be used publicly to significantly deter crime, terrorism, and other lewd and licentious behavior. Privately it could be utilized to ensure accountability and integrity.
ReplyDeleteThis is not to say that I am not wary of all the potential problems caused by omniscient and omnipresent biometrics system. Indeed there must be just and applicable regulation of the use of any such technology, and I believe there would need to be a powerful system of oversight and reform to prevent the evolution of abuse. The way I see the issue of biometrics is similar to the tracking we experience on our smartphones. Ten years ago many reasonable persons would have scoffed at the idea of having their location accurately tracked by any entity at all times. Today, it seems to be an necessary, if unpleasant, reality. For me, biometric technology is the same. I think that all the positive potential of biometrics have made its widespread use all but inevitable, so the best we can do is work to ensure that it is used as properly and abuse-free as possible.
I think that the additional levels of security, connivence, and automation provided by biometrics outweigh the costs. It makes sense as a passive screening tool. All employees could swipe a badge to gain access to a restricted section of a building and have a camera double checking that it wasn’t someone else was using their card. That said I think that biometrics are most valuable as a secondary authentication tool. They shouldn't be used as the main way to identify a person (the new biometric passports are an example of this being used well). I feel that being presented targeted ads is a real privacy concern if they are not presented in a private manner, so, for example while I think that it is okay for companies to email someone a discount because they detected that they spent a lot of time in the organic aisle in the of the grocery store, I don't think its okay for them to display a range of dildos on a public pedestrian billboard every time you walk past (even if this accurately reflects your purchase history). I definitely feel that it would be better if companies for forced to keep only a derived value of your image (something they could use to identify if another image was you) instead of an actual copy of your image, and give you the ability to delete your personal records. I’m not sure if the proper place for this is legal or social. If companies are doing things to alienate or upset their customers, in the information age, word will usually get out.
ReplyDeleteI think that regardless of your views on biometrics, it's important to recognize that this is the future of technology. The potential benefits of this technology are too tempting and outweigh the potential cons as technology becomes more and more integrated into our lives. We can already see the benefits with things like fingerprint and retina scans to gain access to private information and locations. or even to unlock your cell phone.
ReplyDeleteWith that being said, I think that the use of this technology is a very slippery slope. It's very easy to say that "as long as the technology is not abused, it will be great!". The problem is finding proper regulations and maintenance of biometrics, akin to the points presented at the end of Professor Dryer's video lecture. Even so, my fear is that even with such regulations in place, the technology will still be abused. We found out through the Snowden leaks about the surveillance the government was doing, which makes me skeptical about the wide-spread use of biometric technology in the future.
As I said, I realize that this is an unfortunate cost of the advancing technological world we live in. The important thing is to regulate it and UPHOLD those regulations. It makes me very uncomfortable how easy it could be to be tracked at nearly all times, and how unlikely it is that anyone would know or be able to do anything about it.
personally, I find the growth of biometric technology to be exiting. Like it was said in the blog post biometrics have long been the way that we see the future. We have discussed in this class whether privacy is dead or if it is just in a metamorphosis, changing as technology develops. I see the use of biometrics as a way to combat our technology dependent society. Before private documents were on paper, they could be locked away and only approved people and super spies could get to them. Now that everything is digital that is no longer the case. It makes committing fraud easier plus acts of terror can be committed without even leaving ones home. I see biometrics going hand in hand with the rise of technology.
ReplyDelete