John Woodward contends that, by properly addressing privacy issues, a successful deployment is possible
Just the mere suggestion of scanning a person's iris to gain entrance to a building can send many privacy-conscious individuals running scared. The use of biometrics - that is, simply the automatic recognition of a person using distinguishing traits - raises privacy concerns galore, yet, it can be argued that biometric technologies are not that different from individual identifiers, such as social security numbers. In many cases, biometrics can enhance the protection of one's identity.
Considering the controversy, before entertaining thoughts of employing biometric tools, the Department of Defense (DoD) had to do its homework.More to the point, the DoD is required by many laws, regulations and policies to provide privacy protections. The DoD Biometrics Management Office fully realizes that its biometric activities must comply with the law.
Understanding the issues
To help it understand the privacy issues involved, in 1999 the military asked RAND to complete a study on the concerns raised by DoD's use of biometrics.
The study, titled the Army Biometric Applications: Identifying and Addressing Sociocultural Concerns, is available to the public. Concerns raised include an individual's ability to control information about himself or herself, freedom from contact with other people or monitoring agents, and an individual's objection to the use of biometrics based on sincerely held religious beliefs. Delving into these individual concerns more thoroughly will help shed some light on the confusion that has often plagued biometrics.
The most significant informational privacy concerns relate to the threat of function creep and the tracking capabilities of biometrics. Function creep is the process by which the original purpose for which information is obtained is widened to include purposes other than the ones initially stated. It can occur with or without the knowledge or agreement of the person providing the data.
Depending on whom it affects and how it affects them, function creep may be seen as desirable or undesirable. For instance, using a social security number to search for a parent receiving a federal entitlement who is delinquent with child support payments may be seen as highly desirable. On the other hand, having a person's digitized state Department of Motor Vehicles (DMV) photograph sold to a commercial firm to create a national photo ID database might be seen as unacceptable.
Tracking refers to the ability to monitor an individual's actions or to search databases that contain information about these actions. The use of databases containing detailed personal information in both the public and private sectors, has raised concerns about individuals' abilities to maintain their anonymity. Some people fear a 'Big Brother' government, able to track every individual. If an individual must use a standard biometric for multiple governmental, business and leisure transactions of everyday life, it becomes possible for records of these transactions to be linked. This in turn could allow an entity, such as the government, to compile a comprehensive profile of the individual's actions.
The possibility of clandestine capture of biometric data increases 'Big Brother' concerns. Facial recognition systems can track individuals secretly without the individual's knowledge or permission. Moreover, the information from tracking, combined with other personal data acquired through biometrics or other means, can be used to provide even more insight into an individual's private life.
Misuse of personal information, including the stealing of identities, has become more of a threat as information technology, including electronic commerce, has become ubiquitous. Where biometrics are authenticated remotely, for instance, by transmission of data from a sensor to a centralized data repository, there is a chance that a hacker can steal, copy or reverse-engineer the biometric. This misappropriation could also come about through insider misuse. Without good safeguards, the fear is that files could be misappropriated and transactions could be performed using other people's identities.
The use of biometrics may raise physical privacy concerns. These concerns are threefold: the stigma associated with some biometrics, such as fingerprints; the possibility of actual harm that might be caused to participants by the technology itself; and the concern that the devices used to obtain or 'read' the biometric may be unhygienic.
In the U.S., some individuals and segments of society associate fingerprinting with law enforcement, acts of criminal behavior and oppressive government. However, these concerns seem to be held by a minority and can generally be overcome through education about the protections in place for using and safeguarding data. Moreover, all military members and federal government employees are required to provide copies of their fingerprints.
Concerns about actual harm that could be caused by biometrics are primarily perceptual. There are no documented scientific or legal cases of biometrics causing injury. Others may be concerned that a dismembered limb could be stolen and used to fool a system. At its Biometrics Fusion Center, DoD tests and evaluates biometric technologies to ensure performance standards are met. Objections to biometrics based on concerns about the cleanliness of sensors is another issue, but users have no more contact with the sensor than with doorknobs or ATM keypads.
Some segments of American society have religious objections to the use of biometrics. Among these objections, individuals oppose being compelled to participate in a government-mandated biometric application.
The New York Department of Social Services and the Connecticut Depart-ment of Social Services (DSS) have encountered legal challenges based on religious concerns from entitlement program recipients who refused to provide a biometric identifier. In New York, the state court ruled that mandating a biometric for the receipt of benefits did not violate the recipient's religious beliefs. In Connecticut, a decision by the DSS Commissioner to grant a recipient exemption from the digital imaging requirement was made before the state court could render a decision on the legal challenge.
As a new technology, biometrics raises privacy concerns. However, these concerns are not uniquely associated with biometrics. In fact, they are very similar to the concerns expressed over the use of many identifiers, and are related to the fact that we live in an age where information has value as a commodity.
Also, when evaluating biometrics, the privacy-enhancing aspects of this technology should not be overlooked. Used in many ways, biometrics provides greater security because the identifier is much harder to steal or counterfeit compared to passwords or other identifiers. Using a biometric is also more convenient than remembering passwords.
Another privacy-enhancing aspect is that a biometric identifier discloses little personal information.Unlike information on a driver's license, a biometric template contains no information about an individual's name, address, SSN, race, height, weight or medical condition. To the extent biometrics protects identity, it acts as privacy's friend.
To ensure that privacy concerns are properly addressed in its work, the DoD Biometrics Management Office has established a biometric policy working group, consisting of members from various defense components. A legal working group has also been created and consists of attorneys from DoD and the armed services. Both groups were initiated to explore legal and privacy issues associated with the technology.
The DoD also has procedures to deal with service members' religious concerns. A senior coordinating group oversees the work of the management office, and can also weigh in on any privacy matters. Moreover, DoD policy concerning biometrics must go through an extensive coordination process where many different organizations get an opportunity to voice their opinions. In this way, DoD is building a program that protects the privacy and related concerns of all users.
John Woodward is senior policy analyst, RAND (a contractor for the DoD biometrics management office).