|
 |
|
General Information
|
Add To My Personal Library |
July 25, 2008
• Vol.30 Issue 30
Page(s) 12 in print issue
|
Move To Biometrics Unlocks Privacy Pandora’s Box
Taking A Look At Whether Security Ever Crosses The Line
|
 There’s no question that the market for biometric technologies—including fingerprint sensors, palm print readers, eye and facial scanners, and voice recognition systems—is booming. BCC Research estimates global 2007 biometrics sales of $2.7 billion will grow to $7.1 billion by 2012, an annual compound growth rate of more than 20%.
As biometric technologies grow in popularity, privacy concerns are giving small to midsized enterprise decision makers pause. While this issue isn’t necessarily a showstopper for most organizations, it does present an opportunity to clean up existing privacy policies and take a look at whether the use of biometrics ever crosses the line into the territory of invasion of privacy.
 Privacy Concerns
For all of the advantages of biometrics, privacy remains an issue. Privacy advocates and employees alike will continue to raise concerns over how much personal information is captured, where it is stored, who has access to it, and what it is ultimately used for.
“Biometrics solutions don’t raise more concerns than any other kind of authorization technology,” says Ant Allan, research vice president at Gartner. “But the perception is that they do. So companies considering biometrics should adjust their approach accordingly to ensure they send the right message.”
Forrester Research senior analyst Geoffrey Turner says privacy is more an issue of emotion than law. “The legal right to privacy does not exist in the U.S.,” he says. “While some individuals would like to have more control over who knows what about them, there is no basis for this in law. The European Union does mandate privacy, but that’s not the case here.”
Turner says the fingerprint’s long association with criminality doesn’t help the public image of biometrics. He says privacy concerns can be addressed by up-front communication with stakeholders and advocates building such messaging into the earliest stages of a biometrics implementation.
“State explicitly what you’re capturing,” he says. “Most biometrics systems allow you to capture a derivation of an image and not the complete image itself. Explain what you’re doing up front to avoid reactions that are often emotional and not fact-based.”
Turner describes the current boom in biometrics adoption as a golden opportunity to educate end users.
“Identity theft is a rampant problem in online life across the planet,” says Turner. “These technologies can positively ensure that no one will masquerade as you. For the first time, you will be in absolute control of your own identity. This is a positive trend, so make sure you’re communicating that.”
Potential Difficulties
Although biometric products do offer positive benefits, employee-related issues may crop up that hinder their use. Reliability, where some users simply have difficulty working with certain types of scanners, can be an obstacle to smooth implementation.
“Biometrics is not binary,” says Allan. “With passwords, either you know them or you don’t. But often there’s a certain threadiness due to how we interact with the sensor. In some cases, if you don’t swipe your finger a certain way or place your eye just so, you won’t be able to log in.”
Allan says some people have more difficulty than others, which raises the potential for discrimination. Healthcare workers in particular often wrestle with fingerprint sensors because they’re constantly washing their hands. This can affect the level of oils in their skin and result in unreliable scanning.
“Cases like this illustrate that you can’t use biometrics for everyone,” says Allan. “If you have to have another mechanism for those users, it may make more sense to drop biometrics altogether and use a single, more reliable authorization mechanism.”
Ultimately, privacy is an issue that extends far beyond any one authorization technology. Turner advises companies and individuals to get proactive. “I think most Americans are unaware about how much information about them has already been aggregated,” he says. “They need to become informed.” 
by Carmi Levy
U.S. & World Agencies Driving Biometrics Adoption
A broad range of national and global initiatives to tighten user access control are accelerating the move to biometrics. These include:
• International Civil Aviation Organization ePassport establishes a standard format for a biometrically enhanced passport that promises to streamline cross-border travel.
• U.S. Homeland Security Presidential Directive 12 is a standard protocol for all identification issued to federal government employees and contractors.
• The REAL ID Act of 2005 defines consistent protocols for state-issued driver licenses and identification cards. Countrywide compliance is not expected before 2017.
• Some U.S. states with international borders are developing Enhanced Driver Licenses. These upgraded license and ID card protocols will also include biometrics capability. Washington’s licenses are already in use, allowing holders to cross the border without a passport. |
|
|
