Although it is the most accurate evidence of someone's identity, the implementation of biometrics has raised concerns. These have ranged from the technology allowing false positives and false negatives, where access is given (or denied) on the basis of an incorrect match; spoofing, where systems can be fooled by false representations of an individual's biometric data; through to data and privacy, where biometric data is not being collected responsibly or kept securely.
While these concerns are being addressed, there are currently no biometric-specific laws in existence to ensure that biometric technology will be developed and deployed in an ethical, consistent and responsible manner going forward. Standards bodies, institutions and organizations are therefore looking into how to create a framework that will help biometric technology enhance and drive the digital economy, rather than hold it back.
A report from the Secure Identity Alliance (SIA), 'Building inclusive futures and protecting civil liberties', says that although the introduction of GDPR in Europe sets a useful benchmark, it has not been globally adopted and does not eliminate the need for governments or private enterprise to address individual rights and freedoms when planning biometric-led projects.
The SIA has therefore developed a set of best practice guidelines to help policymakers' make informed decisions about implementing biometric-led projects. This involves implementing a standards-based approach that includes professional learning and norms, and consistency in the uses of technical vocabulary.
Earlier this year, the Biometrics Institute launched its Ethical Principles for Biometrics to guide its members – and the wider biometrics community – to act ethically, in the absence of international law. One of the principles, 'Recognizing dignity of individuals and families', supports the "dignity and human rights of individuals and families", provided that it does not conflict with the legitimate and lawful aims of the criminal justice system to protect the public.
The Biometrics Institute has also updated its Privacy Guidelines, which cover the right of citizens to have their biometric record amended or deleted, as well as the right to redress and complaint by people who have suffered discrimination, humiliation or damage as a result of biometric-related systems.
In the UK, an independent panel has set out new guidelines on how facial recognition technology should be used by the Metropolitan Police in London. Ten trials using facial recognition across the capital were carried out as part of efforts to incorporate the technology into day-to-day policing.
Following an extensive review, the independent Ethics Panel recommended that live facial recognition software could be deployed by the police if a number of conditions were met. These included making sure the overall benefits to public safety were great enough to outweigh any potential public distrust in the technology; and that strict guidelines were developed to ensure that deployments balance the benefits of this technology with the potential intrusion on the public.
With the Financial Times reporting that Brussels plans to legislate on facial recognition technology as part of an EU drive to create ethically based laws governing AI, the pressure is on for governments, regulatory bodies and private organizations alike to give the general public the assurances they need about the deployment of biometric technology in everyday life.