Privacy Management

Even now, after years of biometric identification has been in place, there are huge users’ concerns about biometric misuse and privacy invasions, the reasons remain poorly articulated and the user fear remains high.

If iris characteristics are possibly related to personality, then privacy concerns about who gets to capture, examine, and store iris images becomes more important.

Biometrics help with authentication issues that traditional methods can’t solve, but the technical state of the art that enables biometric usage is not the only sufficient reason to unleash it to our day to day lives. For example if there is no clarity of how biometric templates are secured then there is a risk of bad utilization, for example if iris characteristics are to be related to personality, as some people state, then privacy concerns about the actual iris capture, storage and security is critical. 

It is obvious that biometrics are no secrets since we have since begining of our human history used them to distinguish people one way or the other, be it voice, posture, face, and more recently fingerprints, iris, etc. There is still is a general lack of understanding of their implementation, or as tu say the biometric templates. This is because there is no regulation in place to explain how they are created, stored and secured, nontheless to regulate how they are created, stored and secured. We believe that applications and institutions must explain how the biometric template is to be kept as a secret, and to commit to that explanation.

 

The same happens for face biometric templates, and if there is no clarity for creation, storage or security then biometric authentication may create a bigger problem that the one it solves.

 

Being transparent about Privacy Management, and under Privacy Legislation or Guidelines is very important for promoting acceptance as well as to keep ourselves safe.

The Ontario Privacy Commissioner analyzed and with total clarity stated the requirements for a biometric deployment scenario, I find the requirement list correct:

  • encrypted biometrics;
  • restrict the encrypted biometric creation only to authentication of elegibility, ensuring that it is not used as an instrument of social control or surveillance;
  • ensure that the biometric template cannot be reconstructed from a stored encrypted biometric template,
  • ensure that a biometric template (i.e., picked up from a crime scene) cannot be matched to a stored encrypted biometric template;
  • ensure that a biometric template cannot be used as a unique identifier (on a database);
  • ensure that a biometric template alone cannot be used to identify an individual;
  • ensure stricts controls as to who may access the biometric information and for what purpose;
  • require a warrant or court order prior to granting access to the biometric information to external agencies;
  • ensure that any benefits data are stored separately from personal identifiers;

Unfortunately, the previous list automatically disqualifies most of the commercial alternatives for Biometric Authentication and Computer Vision software, so we as citizens and consumers are left with the responsibility of learning and evaluating our options before engaging in a riskier scenario than the one we are trying to fix.

If you want to learn more about Biometric Privacy Management and how Braingine can help you feel free to contact us.