May 14, 2012 -
Privacy protection will become increasingly critical once biometrics are integrated into personal computing profiles.
Currently, biometrics are mostly the domain of governments and mainly used for verification at national borders. Subject to government laws and regulations, biometric profiles are often integrated with national security, immigration, and criminal record databases. As a result, such records are typically protected by privacy legislation which ensures the highly-regulated collection, control, storage and use of personal information.
While governments utilize controlled, walled-garden systems to protect biometric data, the emergence of inexpensive biometric technology and their integration into more open systems designed for regular consumers will become both a legal and technical challenge.
BiometricUpdate.com recently reported the IBM prediction that by 2015, password authentication will be replaced by biometric systems that can identify individuals based on unique biological features. Once such systems become mainstream, the problem of how biometric characteristics can be managed, controlled and protected will become key.
Certainly, governments will move to legislate controls over commercial biometric applications, but as we can anticipate, the passage of such technology legislation will be slow, and most likely will be outdated the moment it is passed.
Debate around proposed legislation can also become cantankerous and unproductive if undertaken without finesse and proper consultation, as the recent debates in the U.S. Congress surrounding the failed “Protect IP” (PIPA) and the “Stop Online Piracy” (SOPA) Acts attest. Despite the intent of the laws to address a legitimate problem, that being foreign-based Web sites that engage in digital piracy and trafficking in counterfeit goods, the bills were so poorly designed, they in fact had the potential to stifle innovation, require censorship, impose monitoring obligations, and change the way information is distributed on the Web. As a result Twitter, Wikipedia and Google opposed the bills thereby contributing to public pressure that withdrew the legislation and created a call for further study along with more exploration of technical solutions to resolve the identified problems.
Consumers can expect technology companies to take such a stance on biometrics and their privacy. While individuals should be rightly concerned about the power exercised by firms such as Google and Facebook over information collection and its use and marketing, they should also be aware that the business models of such firms are completely dependent upon consumer confidence surrounding how they collect, market use, and most importantly, protect, that information.
Facebook was so acutely aware of this, that it recently threatened legal action against employers that demanded access to a job seeker’s social networking profile. The thought of potential employers either advertently or inadvertently obtaining access to such confidential information is so odious for most consumers, that Facebook’s intervention was welcome.
Conceivably, a future Facebook or Google social networking profile could contain biometric parameters if password authentication were to become passe as IBM predicts. If such sensitive data is ultimately to reside in cyberspace, then privacy protections will need to be established, not unlike those that exist for biometric information maintained by governments.