Biometric Security Poses Huge Privacy Risks

Without explicit safeguards, your personal biometric data are destined for a government database

Security through biology is an enticing idea. Since 2011, police departments across the U.S. have been scanning biometric data in the field using devices such as the Mobile Offender Recognition and Information System (MORIS), an iPhone attachment that checks fingerprints and iris scans. The fbi is currently building its Next Generation Identification database, which will contain fingerprints, palm prints, iris scans, voice data and photographs of faces. Before long, even your cell phone will be secured by information that resides in a distant biometric database.

Unfortunately, this shift to biometric-enabled security creates profound threats to commonly accepted notions of privacy and security. It makes possible privacy violations that would make the National Security Agency’s data sweeps seem superficial by comparison.

Biometrics could turn existing surveillance systems into something categorically new—something more powerful and much more invasive. Consider the so-called Domain Awareness System, a network of 3,000 surveillance cameras in New York City. Currently if someone commits a crime, cops can go back and review sections of video. Equip the system with facial-recognition technology, however, and the people behind the controls can actively track you throughout your daily life. “A person who lives and works in lower Manhattan would be under constant surveillance,” says Jennifer Lynch, an attorney at the Electronic Frontier Foundation, a nonprofit group. Face-in-a-crowd detection is a formidable technical problem, but researchers working on projects such as the Department of Homeland Security’s Biometric Optical Surveillance System (BOSS) are making rapid progress.

In addition, once your face, iris or DNA profile becomes a digital file, that file will be difficult to protect. As the recent nsa revelations have made clear, the boundary between commercial and government data is porous at best. Biometric identifiers could also be stolen. It’s easy to replace a swiped credit card, but good luck changing the patterns on your iris.

These days gathering biometric data generally requires the cooperation (or coercion) of the subject: for your iris to get into a database, you have to let someone take a close-up photograph of your eyeball. That will not be the case for long. Department of Defense–funded researchers at Carnegie Mellon University are perfecting a camera that can take rapid-fire, database-quality iris scans of every person in a crowd from a distance of 10 meters.

Read more . . .