Biometrics must get the big questions right: privacy, consent and function creep

​ Biometrics is offering huge potential to reimagine a wide array of identification and verification processes.

It's already having a profound impact on sectors such as border management, banking, and mobile commerce.​​

However, the technology is not without its challenges.

As Isabelle Moeller, chief executive of the Biometrics Institute, underlines in this short video interview, the key to successful deployment ultimately lies in finding the right answers to some big questions.

Let's jump right into it.
 

Ethics and policy of biometrics

As the industry's leading representative body, the Biometrics Institute's prime objectives include sharing best practices and promoting the responsible use of biometrics in both the public and private sectors.

In technical terms, she draws attention to the fact that there are now plenty of proven tools available to mitigate the risk of biometric systems being fooled by fraudsters or other malevolent individuals.

The central issue, Isabelle believes, is the need to address broader ethical concerns such as privacy, informed consent, and so-called function creep, where biometric data ends up being used in applications that the holder never actually signed up for.

What's creepy?

Generally speaking, function creep refers to information collected for one purpose but being used for another. Function creep may be motivated by several reasons (from state intelligence to commercial motivations) and usually involves three elements:

1. #1. A policy vacuum
2. #2. Unsatisfied demand for a given function
3. #3. A slippery slope effect, or a covert application.

When discovered and publicized, these stories generate negative response and allegations of creepiness. They also give very short timeframes available for society—and the law—to react.

Consumer advocates are conjuring the threat of a surveillance culture that will end civil society as we know it. Business groups are accusing the media of spreading fears and regulators of a ploy to destroy innovation.

Guidance is needed

For all concerned, the Biometrics Institute is an invaluable source of guidance.

In identifying the right strategy, Isabelle particularly urges service providers not to regard biometrics as a standalone response to identity verification's multi-dimensional challenges.

A layered approach is critical.

Given the speed with which relatively new technologies are now being deployed in security-critical applications, Isabelle also recognizes the importance of all stakeholders striving to achieve and maintain the highest standards of integrity.

A significant milestone achieved by the Biometrics Institute was the work on a Privacy Code to help provide best-practice privacy principles for the use of biometrics addressing issues such as consent, notice, and purpose.

We just need to ensure that there are no bad news stories breaking that will lose consumer trust as an industry.

The comment follows revelations that a London police trial of facial recognition technology generated 104 "alerts," of which 102 were false. Facial recognition technology was used to scan CCTV footage from the Notting Hill Carnival and Six Nations Rugby matches in London in search of wanted criminals.

Another trial by South Wales police returned 2,400 false positives from CCTV footage gathered at UEFA football matches and the like.

Concerns have also been raised that Police resources could be tied up chasing false identities as officers, in some cases, questioning innocent crowd members who the software had matched with criminal identities.

Facial biometrics, in particular, is an emerging technology, and for the public to embrace it fully, the industry needs to work hard to allay fears and build confidence, while in parallel, procedures and guidelines should be debated, and legislation strengthened.

A brief introduction to the Biometrics Institute

The Biometrics Institute was formed in 2001 to create an independent and impartial international forum for sharing knowledge, providing best practice guidance, and promoting the responsible use of biometric technology.

Over the years, the Biometrics Institute established several committees to provide expert advice and develop guidance material for members. It now has four Expert Groups, including Digital Services, Privacy, Technology Innovation, and Vulnerability Assessments, and two User Groups, including Academic Users and Borders and Major Programs.

Today it has well over 200 member organizations located across numerous countries and maintains permanent offices in London and Sydney.

The Institute's primary members are governmental and other users of biometric services and products.

However, these are joined by many leading vendors, ensuring a healthy exchange of ideas and experiences drawn from the broadest possible array of applications and environments.

For more details on the work of the Biometrics Institute, please visit www.biometricsinstitute.org

More resources on biometrics

Below you will find some of our latest web dossiers: in-depth, informative reports and interviews covering topics including biometrics in 2018, trends, facts, and applications.

• Biometric data and privacy: what the law says
• Schrems II and data protection (EU to US data transfer)
• What is biometrics?
• Trends in biometrics (interview)
• Top Facial recognition facts and trends (Dec 2020 update)
• Biometrics to transform air travel
• Liveness detection in 2021

Now it's your turn

What do you think?

If you've something to say on biometrics, privacy, consent, and function creep, a question to ask, or have simply found this article useful, please leave a comment in the box below.

We'd also welcome any suggestions on how it could be improved or proposals for future articles.

We look forward to hearing from you.