Biometrics must get the big questions right: privacy, consent and function creep


Biometrics is offering huge potential to reimagine a wide array of identification and verification processes.

 


It's already having a profound impact on sectors such as border management, banking and mobile commerce.​​

However, the technology is not without its challenges.

As Isabelle Moeller, chief executive of the Biometrics Institute underlines in this short video interview, the key to successful deployment ultimately lies in finding the right answers to some big questions.

Ethics and policy of biometrics

As the industry's leading representative body, the Biometrics Institute's prime objectives include sharing best practice and promoting the responsible use of biometrics in both the public and private sectors.

But whilst much progress has been made, Isabelle acknowledges there is "still a lot of discussion about the vulnerabilities."

In technical terms, she draws attention to the fact that there are now plenty of proven tools available to mitigate the risk of biometric systems being fooled by fraudsters or other malevolent individuals.

The central issue, Isabelle believes, is the need to address broader ethical concerns such as privacy, informed consent and so-called function creep, where biometric data ends up being used in applications that the holder never actually signed up for.

What's creepy?

Generally speaking, function creep refers to information that is collected for one purpose but being used for another. Function creep may be motivated by several reasons (from state intelligence to commercial motivations) and usually involves three elements:

  1. A policy vacuum
  2. An unsatisfied demand for a given function
  3. A slippery slope effect, or a covert application.

When discovered and publicized, these stories generate negative response and allegations of creepiness. They also give very short timeframes available for society—and the law—to react.

Consumer advocates are conjuring the threat of a surveillance culture that will end civil society as we know it. Business groups are accusing the media to spread fears and regulators of a ploy to destroy innovation.


Guidance is needed

For all concerned, the Biometrics Institute is an invaluable source of guidance.

In identifying the right strategy, Isabelle particularly urges service providers not to regard biometrics as a standalone response to the multi-dimensional challenges of identity verification.

A layered approach is critical.

Or, as she puts it: "I'm comfortable to access my phone using my fingerprint…but would I want to transact £50,000 just using a fingerprint? Probably not." She continues: "A multi-factor approach is in most cases the best way to go."

Given the speed with which relatively new technologies are now being deployed in security-critical applications, Isabelle also recognizes the importance of all stakeholders striving to achieve and maintain the highest standards of integrity.

A very important milestone achieved by the Biometrics Institute was the work on a Privacy Code to help provide best-practice privacy principles for the use of biometrics addressing issues such as consent, notice and purpose.

We just need to ensure as an industry that there are no bad news stories breaking that will lose consumer trust.

The comment follows revelations that a London police trial of facial recognition technology generated 104 "alerts", of which 102 were false. Facial recognition technology was used to scan CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in London in search of wanted criminals.

Another trial by South Wales police returned 2,400 false positives from CCTV footage gathered at UEFA football matches and the like.

Concerns have also been raised that Police resources could be tied up chasing false identities as officers, in some cases, questioning innocent crowd members who'd been matched by the software with criminal identities.

Facial biometrics in particular is an emerging technology, and for the public to embrace it fully, the industry needs to work hard to allay fears and build confidence, while in parallel, procedures and guidelines should be debated, and legislation strengthened.

A brief introduction to the Biometrics Institute

The Biometrics Institute was formed in 2001 to create an independent and impartial international forum for sharing knowledge, providing best practice guidance and promoting the responsible use of biometric technology.

Over the years the Biometrics Institute established several committees to provide expert advice and develop guiding material for members. It now has four Expert Groups including Digital Services, Privacy, Technology Innovation and Vulnerability Assessments and two User Groups including Academic Users and Borders and Major Programs.

Today it has well over 200 member organizations located across numerous different countries, and maintains permanent offices in both London and Sydney.

The Institute's primary members are governmental and other users of biometric services and products.

However, these are joined by many leading vendors, ensuring a healthy exchange of ideas and experiences, drawn from the widest possible array of applications and environments.

For more details on the work of the Biometrics Institute, please visit www.biometricsinstitute.org

More resources on biometrics

Below you will find some of our latest web dossiers: in-depth, informative reports and interviews that cover topics including biometrics in 2018, trends, facts and applications.

Now it's your turn

What do you think?

If you've something to say on biometrics, privacy, consent and function creep, a question to ask, or have simply found this article useful, please leave a comment in the box below. We'd also welcome any suggestions on how it could be improved, or proposals for future articles.

We look forward to hearing from you.