Russel Megonigal, Senior Product Manager, Biometric Hardware at HID Global, tells us how biometrics can help organisations balance the need for stringent security while maintaining efficiencies and employee privacy.
When employing biometrics, there is a balance between privacy and security. Government entities are entrusted with keeping their citizens safe from both external and internal threats and biometrics are a useful tool to meet this expectation. However, there is a risk that corrupt governments can use biometrics to monitor citizens on issues not directly related to security, thus violating their privacy.
Forfeiting a small measure of privacy can lead to more convenience for citizens
In more recent times, a third consideration has emerged: the added convenience of biometrics to the end user. Citizens are offered an option to voluntarily cede some of their privacy in return for a benefit. In many cases, it is difficult for individual citizens to understand the full ramifications of their choice, so it’s important that lawmakers consider this carefully and create the best laws suited to the culture of each region, state or country.
Biometrics help define threat profiles
Biometrics are important because they can be used to accurately identify a person and help determine their ‘threat profile’. If an individual has previously committed a crime, a biometric record will exist on one or more Automated Fingerprint Identification System (AFIS) databases. If the individual has a clean record (no criminal records exist), he or she may be considered a low threat.
The most common modes of biometric authentication have been fingerprints, iris images and face recognition – though others are in development. The first two require permission from subjects or at least some physical contact. The third, however, can be captured without a subject’s permission or knowledge.
Whether a country has laws in place or not, there are three general schools of thought regarding the balance between security, privacy and benefit to the individuals who have a clean record.
Level 1: Voluntary – Biometrics in exchange for greater convenience
In this first type, privacy is valued above all else, even at the expense of some potential security concerns. However, benefits are offered to citizens who would like to opt-in to traveller pre-screen programmes. Examples of such programmes include Trusted Traveller in Europe or TSA PreCheck in the United States. The traveller enjoys the benefit of an easier, more convenient and time-saving passage through airport security checkpoints. The government also gains an advantage of increased focus on potential threats from travellers who weren’t pre-screened.
A quote from US News explains the advantages of the voluntary TSA PreCheck programme:
“Become a member of TSA PreCheck and the most important benefit you’ll receive is the freedom to use expedited security lines. Land in a PreCheck line and you can leave on your shoes, belt and light outerwear. Plus, you won’t have to dig into your carry-on luggage to remove laptops, tablets or quart-sized plastic bags.”
To become eligible, citizens must provide their fingerprints to the government for a criminal background check. Citizens give up some privacy in return for this benefit, but they are not required to do so.
Level 2: Incentivised – Biometrics required for access to key government and financial services
In the second type, laws specifically state that although a citizen is not required to provide a biometric, choosing not to do so will likely cause them to miss out on key public and private sector services. India’s Aadhaar program is the best example of this. Aadhaar provides many benefits like easy access to government assistance and the ability to pay for goods and services using one or more biometrics. Mexico provides a similar example. Mexican citizens are required to provide fingerprints in order to vote. As they sign up for banking services, the banks must collect their fingerprints to compare against the voting records.
In both cases, citizens can avoid providing biometrics and therefore maintain their privacy, but doing so disqualifies them from using important services — like getting a bank loan.
Level 3: Compelled – Biometrics mandated for everyday living
In the third example, citizens are compelled (they have no choice) to provide their biometric data and the government can use this to ‘encourage good behaviour’. We look to China for an example of this method in action. As of 2012, all Chinese citizens are required to have a national ID with fingerprints and a portrait. As of 2018, there are more than 200 million CCTV cameras all around China – about one for every seven citizens – and the Chinese government uses every conceivable method to monitor the behaviour of their citizens. In this case, security is valued more highly than privacy. It is likely much harder to be a successful criminal in China than in other countries around the world, making citizens feel safer.
Defining the scope of influence of biometrics
The risk of any of these options and especially the last one, is that biometrics can potentially be used to punish or otherwise control the behaviour of citizens in terms of their political, social or religious beliefs, even if they are otherwise obeying the law.
Perhaps the people of China feel comfortable having less privacy but better security. Individuals in other countries may feel differently. Each country should decide where the lines between privacy, security and convenience intersect and create laws that strike the right balance for their citizenry.
Click below to share this article
