Francisco A. Laguna & Emily Schneider
Last week, we discussed the growing field of biometric technology. Many countries are starting to employ biometrics to identify citizens and non-citizens, regulate immigration and enhance government aid programs. Companies in the private sector are using it to manage client files, add extra levels of security in their services and even to target consumers with promotions tailored to their personal preferences.
Biometric technology is inherently personally invasive. Body parts and personal characteristics are being used for biometric identification. Some identifiers – fingers, hands, feet, faces, eyes – have been dramatized in movies and novels and are better known to the public. However, biometrics can also include identifiers like ears, teeth, voice, veins, hand-written signatures, typing styles, gaits and odors.
Biometrics data is useless without the accompanying component: the biometric identification system. These biometric systems compare the captured biometric data to a database. A biometric identification system consists of many parts: a scanning or sensing device, signal processing algorithm, a data storage component, a matching algorithm, and a decision process. The sensor is used to collect the biometric data and convert the information to a digital format. The signal-processing algorithm performs quality control activities and develops the biometric template. A data storage component keeps information, like registration samples, for future use when new live samples are provided. The matching algorithm is used to compare the live biometric samples to the ones in the data storage. The last component, a decision process, uses the results from the matching component to make a system level decision about whether the live sample matches any previously registered samples. The decision process can be fully automated or human-assisted.
The identifiers and systems can vary greatly, but they all have one common aspect: they are dependent upon an accurate reference or registration sample. An accurate registration sample is integral to a biometric system’s ability to identify a person: Without a registration sample, there is nothing with which the system can compare a live sample. Once a registration sample is enrolled, the biometric system identifies compares future live samples with the registration sample to verify the identity of the subject.
Privacy and security concerns are heavily imbedded in almost every step of this process. Critics of biometric technology use by government entities say that the collection process presents tricky ethical issues. Some worry that the technology will become a tool to exclude or monitor persons of a particular race or ethnicity. For instance, in the U.S., current efforts to expand the biometric system have largely been targeted at our southern border and immigration control, which raises a number of constitutional questions about its implications on privacy and equal rights. Proponents of this view suggest that biometric identification will be used to track and spy on those who participate in certain groups, political activists or those who are exercising a right to free speech. Even the Indian Aadhaar system, meant to prevent corruption of civil servants, can potentially be misused.
Security concerns surround the biometric identification system where the registration samples and individuals’ personal information samples are stored. Specifically, many large companies and governments are utilizing the cloud to store the registration samples and personal information, which raises concerns about the safety of the data and access by unauthorized third parties. Other countries are storing the information at physical locations in different countries, where such facilities are subject to third-country privacy laws.
Another issue is the potential for the data, once collected and stored, to be used for purposes other than the origin intent. Without a consistent legal standard guarding the data and promoting proper use, it is possible that information could be shared with third parties in the private sector and used for purposes to which the individuals did not consent when originally handing over their biometric data.
As is often the case, legal, business and ethical standards lag behind technological innovation. Given the easy transferability of biometric data, it may be that an international convention may be more effective. Negotiating and getting it into force would be the challenge!
TransLegal assists clients understand the legal and regulatory requirements for working overseas. Contact us with your questions.