Tactical Information Systems
Biometric Identification Software

Tactical Information Systems Blog

Identity & Technology

Advances in Biometrics & Privacy

Does Anyone Care About Privacy?

When new technologies are developed and put into use, there is always a delay between implementation of the technology and implementation of policies and best practices of how the new technology should be used. But as a person staunch privacy advocate, I've been waiting for the general public to start paying attention to what various companies and government agencies are doing with their data and to start clamoring for restrictions on who has the data and how it is used. And it keeps not happening. Repeatedly, it just doesn't seem to happen. I've been working in this industry for a long time now, and when I talk about biometric technology, any concerns about privacy are always on behalf of someone else. "Well, I don't have any problem with it, but I think other people might." or "I don't have anything to hide." I caution friends and family members who post (what I consider to be) inappropriate content on social media only to be told "Oh, you are just being old fashioned. Nobody cares about this stuff anymore." or "My future employers will expect that I had some crazy times in high school. It's no big deal." And maybe they are right. But what if they are wrong?

Government versus Commercial Use

I have a second group of friends, who are very concerned about what Google or Facebook are doing with their data, but don't pay any attention to what the various government organizations (at every level are doing). Both Google and Facebook publish detailed information about their data collection and privacy policies. Maybe they could be clearer, but they exist.

In 2014, the Texas DPS started collecting 10 fingerprints from people trying to get a Texas drivers license. Why? Because they wanted to. For the children! To make things safer. And they didn't even think about it - they just started doing it. The fact that it was the first time they were collecting fingerprints of Texans who were not suspected of a crime didn't seem important. The program was only made public six months after it started and the agency fought hard to keep it after privacy groups objected.

When required to stop by Texas lawmakers, DPS complied and went back to collecting a single print (to verify your identity in the case you lost your drivers license and need to replace it). But they collected full ten-prints for about a year - what happened to those prints? Where are they and who has access? Nobody knows and few people care.

Recently the Vermont Attorney General's Office determined that a facial recognition program used by the state's DMV does not comply with Vermont law and must be suspended. I was amazed - both because lawmakers were paying attention and that the Governor of Vermont asked them to stop. It just doesn't happen very often.

I'm happy to see various states starting to address biometric and privacy. Texas, Illinois and Washington have some sort of biometric privacy law. This article addresses them in more detail. Still, there are problems. For example, the Washington law's definition of biometric identifiers doesn't include physical or digital photographs, videos or audio recordings. So it includes fingerprints? How handy.

 Biometric privacy laws in the United States.

Biometric privacy laws in the United States.

Which brings me to new biometric technologies. At TIS, we've been working with a new form of biometrics called "biometrics in motion". The point is to have biometric identity technology where people do not have to stop walking or touch a sensor in order to be identified. When talking about the advantages, mostly you hear about hygiene, speed or ease of use. And those are advantages. Especially when you are talking about fingerprints. Being able to wave your hand over a sensor, instead of pressing your hand to a glass plate, as with normal fingerprint collection, is better and faster. There is less maintenance - if you don't touch the glass, you don't have to clean the glass.

But there is a creepy aspect to biometrics in motion with respect to face and iris that I haven't seen discussed. When your fingerprints are collected, even when you are just waving your hand over a sensor, you know about it. This can't be done without your cooperation. But sensor technology is advancing and we are now able to collect face and iris images from a distance, and while people are moving. That means it's possible (or soon will be) to collect biometric data from non-cooperative people. Not "uncooperative" - because if you are covering your face or looking down, such collection would be difficult. But non-cooperative in that you didn't know a camera was there and had no idea you were being photographed or identified.

With every new technology, in my opinion, the key issues are transparency and accountability. You need to know what data is being collected, by who and for how long. And government agencies and commercial organizations need to be accountable if they are collecting or storing information improperly. Biometrics in motion makes the transparency part a bit more difficult. Does anyone care?