Human Bar Code

October 4, 2002 • Commentary

Biometric technologies — voiceprints, retina, iris, and face scanners, digitized fingerprints, and implanted chips — can benefit us. Such technologies will soon be used in cell phones, mobile computers, cars doors, doorknobs and office keys — basically everywhere. Biometrics can bolster online commerce, help locate a lost child, and transmit medical information to doctors. They promise increased privacy by preventing identity theft.

But no one wants to be treated like a human bar code by authorities.

So what are the benefits and concerns surrounding the deployment of biometric ID techniques into our lives? While they promise new levels of physical security and safer commerce, they also threaten privacy and liberty. We need a framework to judge biometric deployment, to make distinctions for appropriate and inappropriate uses. The management of databases that underlies biometric applications can affect anonymity, privacy, and even the purpose of the technology itself.

The most pressing threat to liberty is a government‐​mandated database containing all of us, corresponding to a National ID with biometric identifiers. This is the Big Brother scenario that would lead to the asking for ID everywhere, and devolve into a general law enforcement tool, which would have nothing to do with the terrorism that prompted calls for National IDs. Such IDs threaten liberty and anonymity, and, ironically, undermine security itself by moving technological advances in authentication technologies out of the private sector and into the public sector: Uncle Sam.

A less sweeping biometric database is a partial one containing criminals and suspects — not the general population. For example, it could be government‐​run face recognition cameras set up in public places. People are observed but presumably only to see if they matched a face already in the database. Allegedly, the information collection, pertaining to criminals, has already taken place under Fourth Amendment procedures, and no data are collected on persons not already in the database. Nevertheless, many critics understandably doubt that governments can be trusted to discard incidental data collected on innocent people. Applications of biometrics to identify and track individuals, even in “public” places, can constitute an unreasonable search and easily be abused. Stringent safeguards are required, but they do not yet exist.

Finally, private, limited use of biometrics is less worrisome. These might constitute databases of “members,” as contrasted with governmental “bad guy” databases. Such tailored solutions exist where security clearances are needed, like factories and laboratories, and can offer the opportunity for extraordinary security by preventing someone from posing as you. Such devices say, in effect, “You may enter my privately owned building, airplane, parking garage, neighborhood, house, etc., but only if I know who you are.”

However, those applications must not be allowed access to individual data gleaned by government coercion or they will turn society against the technology and make it impossible to defend the industry from regulation. Let’s keep it self‐​regulated.

No doubt, biometrics offers tremendous promise, but also risk. To safeguard civil liberties, there are basically three requirements: (1) avoid mandatory databases or any form of National ID; (2) ensure Fourth Amendment protections even for public surveillance, and; (3) avoid the mixing of public and private databases.

Instead of granting the private sector the use of government‐​mandated information, private industry must generate its own information for purposes limited by the market’s twin engines of consumer choice and consumer rejection. Privacy, liberty, and even authentication technology will be all the better for it.