FB pixel

Two ways to not protect biometric data demonstrated by world’s most populous countries

Breach in China, lack of trust in India yet to hold back technology deployments
Two ways to not protect biometric data demonstrated by world’s most populous countries
 

Several civil society groups in India are highly concerned about the spread of facial recognition and other surveillance technologies in the country, particularly in the context of a legal and regulatory open season on private data.

In China, a recently-passed data privacy did not motivate a physical access control and human resources software provider to secure its databases of face biometric templates and license plate records.

A huge trove of exposed records, including biometric data, was discovered on a server hosted by Alibaba for Xinai Electronics, reports TechCrunch.

The database has held as many as 800 million records, and contained complete URLs for image files. Neither were protected, and both could be accessed from a normal web browser. The data included high-resolution facial photos, as well as resident ID numbers and other personal information.

Xinai offers facial recognition for access management, but also employee time and attendance and other applications.

The researcher who discovered the exposed data also found a ransom note demanding cryptocurrency in return for not releasing the data.

It is the second major breach, chronologically and by size, of personal data in China since the country’s Personal Information Protection Law came into effect last November.

Scepticism abounds in India

A panel discussion hosted by the Internet Freedom Foundation and titled Privacy Supreme featured representatives from the CivicDataLab and Amnesty International India, as well as privacy advocate Usha Ramanathan and others.

The discussion focused on the relationship between privacy and technology, but also on the relationships between individuals, businesses, and the government.

Both the government and businesses in India are using new technologies as tools to violate people’s privacy, panelists agreed. The result is apprehensiveness about those technologies and how they will be used, and ultimately resistance.

Not only are technologies outpacing people’s ability to understand them, but businesses and government entities are racing to ingest data, and in some cases share it.

“You can’t have facial recognition technology being rolled out,” in this context without robust debate, Ramanathan argued. “A moratorium doesn’t have to be for 10 or 15 years. But there has to be enough time for people to know what it is.”

India’s Constitution does not enshrine a right to privacy, so Ramanathan suggests that a court judgement is needed to establish privacy rights in the country.

She also said that more than 9 out of 10 people in Chennai have declined to link their Aadhaar and voter ID credentials. In the absence of a legal right to privacy, according to Ramanathan, this is among the only recourse available to people.

India has had legislation to regulate data protection on the books for years, but has failed to operationalize it. Each passing year makes an update to the unimplemented law more critical.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

NIST adds flexibility, digital format to security requirements for federal contractors

The U.S. National Institute of Standards and Technology has updated its guidance for how businesses working with the federal government…

 

Cryptomathic is Belgium’s digital wallet mobile app security provider

Tech from Cryptomathic has been deployed in Belgium’s digital identity wallet, one of the first to go live in the…

 

Bringing ethics into the discussion on digital identity

A panel at EIC 2024 addresses head-on a topic that lurks around the edges of many discussions of digital ID….

 

Kantara Initiative launches group devoted to deepfake injection attack threats

“It’s probably not as bad as this makes it seem,” says Andrew Hughes, VP of global standards for FaceTec and…

 

Seamfix CEO makes case for digital ID as unlocker of Africa’s growth potential

The co-founder and Chief Executive Officer of Seamfix, Chimezie Emewulu, has posited that digital identity and related services have the…

 

Nigeria’s digital ID authority unveils new measures to uphold data security

The National Identity Management Commission of Nigeria (NIMC) has outlined new measures that align with its push to make data…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events