Civil liberties groups reject IBIA biometric “best practices” recommendations
The International Biometrics and Identification Association (IBIA) recently issued a “best practices” document listing numerous recommendations on how to best deploy biometric technology for commercial situations.
The IBIA is participating in the National Telecommunications and Information Administration (NTIA) effort to develop a voluntary code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in a commercial environment.
The Consumer Privacy Bill of Rights is an initiative of the Obama administration that seeks to provide a comprehensive blueprint to improve consumers’ privacy protections while concurrently ensuring that the Internet remains an engine for innovation and economic growth. The blueprint will guide efforts to give users more control over how their personal information is used on the Internet and to help businesses maintain consumer trust and grow in a rapidly changing digital environment.
IBIA is participating in the NTIA’s multi-stakeholder process regarding the commercial use of facial recognition technology through a facilitated discussion that examines how best to ensure that consumers’ rights to “control, transparency, security, access and accuracy, focused collection, and accountability” are respected within the context of current and emerging commercial uses of facial recognition technology.
The IBIA determined in its best practices document that privacy is vulnerable to abuse by many means and methods and therefore recommends that corporate privacy policies should ensure that all data is protected. The IBIA also found that levels of protection should be consistent with the level of risk associated with its use and the consequences of abuse. Levels of protection should also be applicable and tailored to the context of each specific biometric use.
The easy availability of vast amounts of detailed personal information both online and offline is identified by IBIA as the greatest privacy risk. IBIA argues that the pervasive privacy risk in the United States is the result of the emergence of “Big Data” and is completely independent of biometric technology, let alone a single modality. Big Data is a term used to describe large and complex data sets that can provide insightful conclusions when analyzed and visualized in a meaningful way.
As a result, the IBIA argues that new methods of authenticating identity are necessary to augment existing conventions and meet current needs. The IBIA believes that biometric technologies do this and, as a major privacy‐enhancing technology, preserve privacy at the same time. The IBIA therefore wants the implementation of industry-wide best practice recommendations to enhance and strengthen personal privacy protections.
In contrast, civil liberties groups have been actively expressing concern with the guidelines. As BiometricUpdate.com reported in May, while the American Civil Liberties Union has endorsed the use of a voluntary code of conduct for companies to utilize in order to maintain privacy in the face of emerging facial recognition technologies, the lobby group would rather legislation be passed which enforces privacy measures.
In May, the ACLU said in a statement that “while voluntary codes of conduct represent an important step in protecting biometric information from exploitation and misuse, it is impossible to protect against the negative effects of this powerful technology fully without government intervention and statutorily created legal protections.”
The ACLU most recently reinforced this view in media statements from its legislative counsel. The ACLU’s Chris Calabrese told Broadcasting & Cable/MultiChannel News that “the biometrics industry seems to believe that they always have the right to know who you are …the reality is that privacy and anonymity have been woven into the fabric of America since its founding. No technology or industry should be allowed to erode our core values.”
The Center for Digital Democracy has also responded negatively to the NTIA process. In response to the IBIA submission, Jeff Chester, the Center’s executive director stated in the same MultiChannel News item that: “This is just the latest example of where the NTIA process is being run by industry lobbyists who really don’t want to see consumer privacy protected.”
The Center objects to statements in the IBIA’s best practices document that state that it is impractical to obtain opt-in consent when entering buildings. The Center is also disappointed with statements that accept that surveillance should be normally adopted as part of our daily life and that “anonymity and privacy are not not synonymous terms … [and that] the former is forfeited if one chooses to live in society.” In a press report, Chester called those and other passages “Orwellian”, “indecipherable” and “inaccurate”.
As part of its facial recognition technology process, NTIA expects to hold a webcast tomorrow.