Don Erickson director, government relations, Security Industry Association (SIA)
Biometrics are among the most advanced and valuable security technologies available. Devices that scan facial features, irises, fingerprints and other physical characteristics have secured some of the most sensitive facilities in the world for many years and are now being used for more routine purposes, from controlling access at schools to verifying identities for financial transactions.
As with many security products, biometrics raise privacy questions. What opponents of biometrics fail to recognize, however, is that these have been thoroughly addressed by the security industry. Privacy safeguards are regularly put in place to automatically control the collection, storage and use of biometric data according to carefully defined standards. While criminals will always try to find ways to circumvent such protections, these abuses can be punished.
The safety provided by biometrics and the privacy that we all value are not mutually exclusive. Sacrificing security because of misperceptions about the effects of biometrics on privacy would only serve to endanger millions of people unnecessarily.
Lee Tien, senior staff attorney, Electronic Frontier Foundation (EFF)
Do the security benefits of biometrics technology outweigh the privacy concerns? Probably not.
People always look for technical solutions to human problems, and the allure of biometrics for security is no exception. But biometrics, at best, handle identification, which is only one part of security.
Biometrics are often perceived as foolproof, but fingerprint scanners have been fooled by fake prints made from gelatin, and iris scanners by photographs. Conversely, if I forge an ID card using a fake name but use my actual fingerprint, I've probably guaranteed a successful match.
More important, biometrics aren't secrets—they're easy to steal. Cameras record our faces and we leave fingerprints and DNA everywhere. And once a biometric is digitized for computers, it becomes a file capable of being copied.
The broader point is that identification alone isn't security – knowing my identity doesn't tell you whether I'm a threat. Biometrics are merely part of a system that relies on databases of information about us and on humans deciding how to handle false positives and false negatives.