Biometrics: Enhancing Security Or Invading Privacy?

Total Page:16

File Type:pdf, Size:1020Kb

Biometrics: Enhancing Security Or Invading Privacy? BIOMETRICS: ENHANCING SECURITY OR INVADING PRIVACY? OPINION Published by The Irish Council for Bioethics 1 Ormond Quay Lower, Dublin 1. E-mail: [email protected] Website: www.bioethics.ie © Irish Council for Bioethics 2009 All or part of this publication may be reproduced without further permission, provided the source is acknowledged. Biometrics: Enhancing Security or Invading Privacy? Opinion. Published by The Irish Council for Bioethics, Dublin ISBN 978-0-9563391-0-2 Price €10.00 BIOMETRICS: ENHANCING SECURITY OR INVADING PRIVACY? Preface Biometric technologies including iris, voice, fingerprint and vein pattern recognition – once the realm of science fiction and film – are now becoming more of a daily reality. The potential biometrics provides as an individual identifier has resulted in the widespread diffusion of this technology into people’s lives. For example, Irish citizens now encounter biometric applications in many different situations, such as for workplace time and attendance, for physical and logical access (e.g. for laptops) and particularly in relation to international travel. In addition, Ireland is now recognised as a European hub for biometric research in both industry and academia. Indeed, the European Biometrics Forum (a European-wide stakeholder group supporting the appropriate use of biometric technologies) was established in Dublin and is part funded by the Irish government. Given Ireland’s involvement in and contribution to biometric research, the Irish Council for Bioethics (the Council) considered it appropriate to examine the ethical, social and legal issues associated with biometric technologies and the collection, use and storage of biometric information. This opinion document outlines the Council’s views and recommendations on these issues. In contrast to many emerging technologies, biometrics has the potential to impact peoples’ lives directly at the level of the individual, but also from a larger societal perspective. Therefore, the Council considers it imperative for there to be increased trust, transparency and honest engagement with the public in relation to biometric technologies and applications. The Council is hopeful that this document can provide a useful and informative resource for both policy makers and the general public and will also help to engender greater discussion and consideration of the issues pertaining to biometrics. I would like to express my thanks to the members of the Rapporteur Group and the Council, as well as to the Council’s Secretariat, for the time and effort they have expended in the production of this document. The Council would also like to thank both the stakeholders and the members of the focus groups who contributed to the consultation process. Their input proved very helpful in the Council’s deliberations on this rapidly developing and multifaceted topic. Dr Dolores Dooley Chairperson Irish Council for Bioethics i THE IRISH COUNCIL FOR BIOETHICS Foreword This opinion document examines, in detail, existing and forthcoming biometric technologies, and the ethical and legal ramifications that are relevant to this technology. Developments in biometrics hold very great hopes of ensuring the protection and maintenance of one’s identity and privacy. Biometric technologies also have the great potential to enhance security and safety of citizens. However, along with this potential, is also the potential to compromise the privacy of individuals in the misapplication of the technology. Central to this discussion are the themes of balance, proportionality and transparency. The Council recognises benefits of biometric technology however in alliance with these themes. Any technology which purports to collect and retain personal information in relation to an individual should be used only after careful consideration and only as to its necessity as is required for the intended use. In order for individuals to have confidence that this technology will properly provide the positive benefits which it can, manufacturers, policy makers and end users of this technology should be as transparent as possible in relation to the technology, the reasons for its use and how the information obtained from the technology is to be secured. The autonomy of individuals again features in this opinion document of the Council: in relation to biometric technology, the autonomy of the individual should be protected by allowing an individual’s involvement in the use of the technology, as much as is possible. There may be circumstances that are exceptions, where in the common good/public interest, the individual’s involvement may have to be limited. However, these circumstances should be limited and properly considered and discussed before the invocation of such exceptions. As is the Council’s normal practice, it engaged in a consultation process by way of focus groups. The results of this exercise are to be found in the appendices of this report. In addition, the Irish Council for Bioethics organised a conference in November 2008 entitled ‘Biometrics: Enhancing Security or Invading Privacy?’. The Council is very grateful to the participants at the conference. The views of our distinguished speakers have assisted as part of the process of the preparation and consideration of this opinion document. The Council is also grateful to all those who made submissions to it (a list of submissions received by the Council can be found in the appendices). It is the Council’s hope that this detailed document will provide information, insight, and guidance to the public at large and to any party that is likely to be involved in biometric technology. We also hope that the document will act as a catalyst to further discussion of this topic at both national and international level. ii BIOMETRICS: ENHANCING SECURITY OR INVADING PRIVACY? The Council’s terms of reference are to identify and interpret the ethical questions raised by biomedicine in order to respond to, and anticipate, questions of substantive concern and also to investigate and report on such questions in the interest of promoting public understanding, informed discussion and education. The Council hopes that this document achieves such ends. The Rapporteur Group and the Council would again like to extend its gratitude and appreciation to the members of the secretariat, Dr Siobhan O’Sullivan, Ms Emily de Grae, Mr Paul Ivory and Ms Emma Clancy. Their efforts and diligence are invaluable to the Council’s work past, present and future and to the completion and compilation of this opinion document. Silence and inaction have very rarely served, if ever, to promote progress and prosperity in any given field. The Council hopes that it can continue fulfilling its objectives through its terms of reference in order to play its part in ensuring that constructive debate and activity in the field of bioethics continues and prospers. We hope that this opinion document is another small, but helpful step in that process. Professor Alan Donnelly Mr Stephen McMahon Mr Asim A. Sheikh, BL (Vice Chair) Rapporteur Group on Biometrics Members, Irish Council for Bioethics iii THE IRISH COUNCIL FOR BIOETHICS Table of Contents Preface ......................................................................................................... i Foreword ..................................................................................................... ii Executive Summary .....................................................................................vi Chapter 1: An Overview of Biometrics and its Applications ...................... 1 What are Biometrics? .....................................................................................................................2 Why are Biometrics Used? .............................................................................................................3 Architecture and Design of Biometric Recognition Systems ......................................................4 Practical Considerations.................................................................................................................8 Technology Associated with Biometric Systems ........................................................................14 Chapter 2: Overview and Comparison of Biometric Modalities .............. 17 Market Overview ...........................................................................................................................18 Fingerprint Recognition ...............................................................................................................19 Palm Print Recognition .................................................................................................................25 Hand Geometry ............................................................................................................................26 Vein Pattern Recognition .............................................................................................................29 Facial Recognition ........................................................................................................................31 Facial Thermography ...................................................................................................................35 Ear Geometry Biometrics .............................................................................................................36 Iris Recognition .............................................................................................................................37
Recommended publications
  • The Relationship Between Biometric Technology and Privacy: a Systematic Review
    Future Technologies Conference (FTC) 2017 29-30 November 2017| Vancouver, Canada The Relationship between Biometric Technology and Privacy: A Systematic Review Zibusiso Dewa School of Computer Science and Informatics De Montfort University Leicester, UK [email protected] Abstract—As the demand for biometric technology grows its of the technology. Regulators, policy developers, privacy very implementation appears poised for broader use and commissioners and privacy advocates are important as they can increased concerns with regard to privacy have been raised. encourage public debate, establish and enforce legislation and Biometric recognition is promoted in a variety of private and safe data practices that maintain trust [2]. government domains, helping to identify individuals or criminals, provide access control systems to enable efficient access to In the last decade, the infrastructure of Information services, helping keep patient data safe amongst other functions. Communication Technology has seen huge changes in the way However, new advances in biometrics have brought forth it operates. Modern ICT ecosystems utilise the connection of widespread debate amongst researchers with concerns multiple devices and services, all with the capability of surrounding the effectiveness and management of biometric processing and storing large streams of ―Big Data‖ in real time, systems. Further questions arise about their appropriateness and enabling a process known as data analytics [61]. Data societal impacts of use. This review begins by providing an Analytics affords the users‘ ability to identify future trends or overview of past and present biometric technological uses and the establish strategic plans using large streams of data [61]. serious problems they pose to privacy. It then factors that play a Furthermore, developments such as the Internet of Things, part in the implementation of privacy in biometrics.
    [Show full text]
  • Article Building Biometrics
    Building Biometrics: Article Knowledge Construction in the Democratic Control of Surveillance Technology Jonathan Bright PhD Candidate, European University Institute, Italy. [email protected] Abstract If surveillance technologies are to be democratically controlled, then knowledge of these technologies is required. What do they do? How do they work? What are the costs? Yet gaining this knowledge in the context of a new surveillance technology such as biometrics can be problematic, because no settled definition exists. Competing versions of biometrics appear in both public and governmental discourse on the technology: different ideas about how often it fails, where it can be used and even what it does. This paper is an exploration of how these different versions compete with each other, and how knowledge about a new surveillance technology such as biometrics is thus constructed. Through reference to original research in the context of the use of biometrics in the UK, points of stability and instability in the definition of biometrics are identified, and some of the processes through which instable definitions become stable are tracked. From this empirical story, conclusions are drawn both for the process of construction of the meaning of technologies, and the general practice of surveillance in modern society. In particular, this paper aims to show how notions such as democratic control (central to the legitimation of state surveillance) become problematic when the very meaning of a technology is negotiable. Introduction Over the last 10 years, the UK government has invested heavily in biometric technology, making it the key component in a range of upgrades to government identity systems: most significantly in biometric visas, biometric passports and of course the (eventually cancelled) biometric National Identity Scheme [NIS].
    [Show full text]
  • Biometric Surveillance in Schools: Cause for Concern Or Case for Curriculum?, Scottish Educational Review, 42 (1), 3-22
    Bryce, T.G.K., Nellis, M., Corrigan, A., Gallagher, H., Lee, P. & Sercombe, H. (2010) Biometric Surveillance in Schools: Cause for concern or case for curriculum?, Scottish Educational Review, 42 (1), 3-22. Biometric Surveillance in Schools: Cause for concern or case for curriculum? Tom Bryce, Mike Nellis, Amanda Corrigan, Hugh Gallagher, Peter Lee and Howard Sercombe University of Strathclyde ABSTRACT This article critically examines the draft consultation paper issued by the Scottish Government to local authorities on the use of biometric technologies in schools in September 2008 (see http://www.scotland.gov.uk/Publications/2008/09/08135019/0 ). Coming at a time when a number of schools are considering using biometric systems to register and confirm the identity of pupils in a number of settings (cashless catering systems, automated registration of pupils’ arrival in school and school library automation), this guidance is undoubtedly welcome. The present focus seems to be on using fingerprints, but as the guidance acknowledges, the debate in future may encompass iris prints, voice prints and facial recognition systems, which are already in use in non-educational settings. The article notes broader developments in school surveillance in Scotland and in the rest of the UK and argues that serious attention must be given to the educational considerations which arise. Schools must prepare pupils for life in the newly emergent ‘surveillance society’, not by uncritically habituating them to the surveillance systems installed in their schools, but by critically engaging them in thought about the way surveillance technologies work in the wider world, the various rationales given to them, and the implications - in terms of privacy, safety and inclusion - of being a ‘surveilled subject’.
    [Show full text]
  • Sprokkereef the Privacy Legal Framework for Biometrics The
    Tilburg University The privacy legal framework for biometrics de Hert, P.J.A.; Sprokkereef, A.C.J. Publication date: 2009 Document Version Publisher's PDF, also known as Version of record Link to publication in Tilburg University Research Portal Citation for published version (APA): de Hert, P. J. A., & Sprokkereef, A. C. J. (2009). The privacy legal framework for biometrics: The Netherlands. FIDIS. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Download date: 02. okt. 2021 FIDIS Future of Identity in the Information Society Title: “D13.4: The privacy legal framework for biometrics” Authors: WP13.4 Editors: Els Kindt (K.U.Leuven, Belgium), Lorenz Müller (AxSionics, Switzerland) Reviewers: Jozef Vyskoc (VAF, Slovakia), Martin Meints (ICCP, Germany) Identifier: D13.4 Type: Deliverable Version: 1.1 Date: 8 May 2009 Status: Final Class: Public File: Summary The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing.
    [Show full text]
  • Quantum Surveillance and ‘Shared Secrets’ a Biometric Step Too Far?
    Quantum Surveillance and ‘Shared Secrets’ A biometric step too far? Juliet Lodge July 2010 The CEPS “Liberty and Security in Europe” publication series offers the views and critical reflections of CEPS researchers and external collaborators with key policy discussions surrounding the construction of the EU’s Area of Freedom, Security and Justice. The series encompasses policy-oriented and interdisciplinary academic studies and commentary about the internal and external implications of Justice and Home Affairs policies inside Europe and elsewhere throughout the world. Unless otherwise indicated, the views expressed are attributable only to the author in a personal capacity and not to any institution with which she is associated. This publication may be reproduced or transmitted in any form for non-profit purposes only and on the condition that the source is fully acknowledged. ISBN 978-94-6138-009-8 Available for free downloading from the CEPS website (http://www.ceps.eu) ©CEPS, 2010 CONTENTS 1. Introduction: Context – the Stockholm Programme and Information Management Strategy2 2. Maximising biometrics for EU information exchange and internal security......................... 4 2.1 Towards a European information model..................................................................... 5 3. Why biometrics?.................................................................................................................... 7 4. Changing biometrics.............................................................................................................
    [Show full text]
  • A Case Study of Biometrics in the National Identity Scheme in the United Kingdom
    Envisioning Technology through Discourse: A case study of biometrics in the National Identity Scheme in the United Kingdom Aaron K. Martin Information Systems and Innovation Group Department of Management London School of Economics and Political Science Thesis submitted for the degree of Doctor of Philosophy September 2011 1 Declaration I certify that the thesis I have presented for examination for the PhD degree of the London School of Economics and Political Science is solely my own work. The copyright of this thesis rests with the author. Quotation from it is permitted, provided that full acknowledgement is made. This thesis may not be reproduced without the prior written consent of the author. I warrant that this authorization does not, to the best of my belief, infringe the rights of any third party. 2 Envisioning technology through discourse: A case study of biometrics in the National Identity Scheme in the United Kingdom Abstract Around the globe, governments are pursuing policies that depend on information technology (IT). The United Kingdom’s National Identity Scheme was a government proposal for a national identity system, based on biometrics. These proposals for biometrics provide us with an opportunity to explore the diverse and shifting discourses that accompany the attempted diffusion of a controversial IT innovation. This thesis offers a longitudinal case study of these visionary discourses. I begin with a critical review of the literature on biometrics, drawing attention to the lack of in-depth studies that explore the discursive and organizational dynamics accompanying their implementation on a national scale. I then devise a theoretical framework to study these speculative and future-directed discourses based on concepts and ideas from organizing visions theory, the sociology of expectations, and critical approaches to studying the public’s understanding of technology.
    [Show full text]
  • Future of Identity in the Information Society Summary
    FIDIS Future of Identity in the Information Society Title: “D13.4: The privacy legal framework for biometrics” Authors: WP13.4 Editors: Els Kindt (K.U.Leuven, Belgium), Lorenz Müller (AxSionics, Switzerland) Reviewers: Jozef Vyskoc (VAF, Slovakia), Martin Meints (ICCP, Germany) Identifier: D13.4 Type: Deliverable Version: 1.1 Date: 8 May 2009 Status: Final Class: Public File: Summary The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing. The present framework does not seem apt to cope with all issues and problems raised by biometric applications. The limited recent case law of the European Court of Human Rights and the Court of Justice sheds some light on some relevant issues, but does not answer all questions. The report provides an analysis of the use of biometric data and the applicable current legal framework in six countries. The research demonstrates that in various countries, position is taken against the central storage of biometric data because of the various additional risks such storage entails. Furthermore, some countries stress the risks of the use of biometric characteristics which leave traces (such as e.g., fingerprint, face, voice…). In general, controllers of biometric applications receive limited clear guidance as to how implement biometric applications. Because of conflicting approaches, general recommendations are made in this report with regard to the regulation of central storage of biometric data and various other aspects, including the need for transparency of biometric systems.
    [Show full text]
  • Biometrics - Wikipedia
    10/19/2017 Biometrics - Wikipedia Biometrics Biometrics refers to metrics related to human characteristics. Biometrics authentication (or realistic authentication)[note 1] is used in computer science as a form of identification and access control.[1] It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are then distinctive, measurable characteristics used to label and describe individuals.[2] Biometric identifiers are often categorized as physiological versus behavioral characteristics.[3] Physiological characteristics are related to the At Walt Disney World in Lake shape of the body. Examples include, but are not limited to fingerprint, palm veins, Buena Vista, Florida, face recognition, DNA, palm print, hand geometry, iris recognition, retina and biometric measurements are odour/scent. Behavioral characteristics are related to the pattern of behavior of a taken from the fingers of person, including but not limited to typing rhythm, gait,[4] and voice.[5][note 2] Some guests to ensure that a ticket researchers have coined the term behaviometrics to describe the latter class of is used by the same person from day to day biometrics.[6] More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number.[2] Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods;
    [Show full text]