Wednesday, August 31, 2011

Privacy issues with biometrics - what if the criminals use it?

[NOTE: The opinions expressed below do not necessarily represent the views of my employer.]

I have been employed in biometrics, mostly in automated fingerprint identification systems, for nearly two decades now. I have primarily worked on systems for law enforcement agencies, but have been exposed to systems used by benefits recipients, driver's license holders, and even people who get services from private companies.

In the popular media, there has been a long-standing concern about privacy and the use of biometrics. In my view, some of this is silly - the thumbprint that you provide for your gym membership, and even the thumbprint that you provide for your driver's license, is NOT going to make its way to the FBI or Mossad or Interpol or whoever; for both technical reasons and bureaucratic reasons, the chance of multiple agencies ganging up on you in a "Big Brother" style is extremely remote. As another example, people who get really weirded out about giving someone a fingerprint have no problem whatsoever in giving someone an ID card with a picture of a face on it - despite that fact that the face itself is a biometric, and facial recognition systems merely try to duplicate the human activities that take place when we look at a face and "recognize" someone.

However, there are certainly possibilities in particular circumstances for biometric data to be abused. We can partially mitigate this by controlling access to law enforcement systems, making sure that these systems are only used for their intended and legal purposes, and making sure that the people who do access these systems are reputable people. In short, the same safeguards that need to be employed by grocery and other stores when they hire people to handle YOUR credit cards.

But even if we were able to achieve 100% legitimate use of biometrics by law enforcement agencies, we would not be safe. You see, biometrics is merely a tool - and law enforcement officials aren't the only people with access to this tool.


In a survey last winter, they found the vast majority of law enforcement officers were using social media — 90 percent of females and 81 percent of males, with Facebook and Twitter the top two sites, respectively....

“All respondents aged 26 years or younger had uploaded photos of themselves onto the Internet,” ComputerWorld reports. And 85 percent of respondents said someone else had uploaded photos of them. What’s more, 42 percent of respondents said they could identify someone based on his or her social media relationships, ComputerWorld says.

On the face of it, this doesn't seem like a big concern. Cops should have the same rights to use the Internet as anyone else, shouldn't they?

But - what if the cops are UNDERCOVER cops? And their pictures are posted on Facebook? Now it gets interesting.

What happens if the gang you’ve infiltrated finds your grinning mug in Facebook photos from the police union annual picnic?

We’ve seen how easily biometrics can be used to identify people based on their Internet photos, using something as simple as an iPhone app. Cops themselves are using this technology to ID people on the street — so why wouldn’t intrepid motorcycle gang leaders do the same?

More here.
blog comments powered by Disqus