Biometrics and Your Rights

The data and privacy dangers of biometrics

How would you feel if the government used networks of cameras and facial recognition to track your every move, while artificial intelligence (AI) analyzed the footage to catch you in crimes or undesirable activities? What if that tracking could lead to your arrest, even if the biometrics were wrong and it wasn’t you? As dystopian as it seems, this kind of surveillance is happening in China, and some privacy experts fear we might be headed down the same path. Biometrics are becoming increasingly sophisticated, and our privacy laws are not keeping up. ​

In previous blogs, we’ve talked about biometric technology as a replacement or supplement for passwords or other security verification, and how it does and doesn’t keep us safe. Personal identification using unique biological characteristics has real security benefits, but it also has risks. First of all, biometric technology is not 100% accurate, and its inaccuracies can put some people at more risk than others. For example, researchers found that Amazon’s facial recognition software misidentified dark-skinned women about 30 percent of the time, in contrast to near-perfect accuracy at identifying light-skinned men. ​

Second, the use of biometrics is rapidly moving from simple authentication to surveillance. For instance, the Department of Homeland Security is preparing to feed video from cameras around the White House through recognition software to look for “persons of interest.” Presumably, they are looking for potential criminals or terrorists, but you can see how this technology could be misused to restrict freedom of speech by barring protesters. And there is the risk of someone being misidentified or having their actions misinterpreted by artificial intelligence and being wrongly detained. The worst-case scenario is that biometrics are used for social control. If you’ve ever seen the movie Minority Report or the BBC series The Last Enemy, you know how chilling that prospect could be. ​

There is also the potential for private organizations to misuse biometrics. When Facebook rolled out facial recognition software in Europe, users were told it would be used to block others from impersonating them using their photos. But privacy experts have raised concerns that Facebook might use the technology to track user behavior and sell the information, especially since Facebook allowed research firm Cambridge Analytica to harvest and exploit personal information from millions of users. ​

Technology has often outpaced our ability to use it safely. Automobiles were available for decades before the increasing speed and volume of vehicles prompted laws requiring seatbelts. Similarly, the recent stream of revelations involving covert data-gathering on consumers has moved several U.S. lawmakers to introduce privacy legislation meant to protect our personal data, hopefully including biometrics. Three states have passed laws governing the gathering, use, and protection of biometric information. Others, including California, have tried and failed in the face of strong opposition from tech giants, including Facebook, Microsoft, and Google. ​

Unlike a password, you can’t readily change your face, speech patterns, gait, or other physical characteristics, so if biometric data about them is stolen or misused, the consequences can be devastating. If you’re concerned, read privacy policies, think carefully about where you are willing to supply biometric data, and also take the time to contact your legislators and ask for strong laws to protect this most personal of personal data. ​