Home Private Sector Protecting Biometric Data: The Conflict between Security and Privacy
Protecting Biometric Data: The Conflict between Security and Privacy

Protecting Biometric Data: The Conflict between Security and Privacy

0
Get started on your cybersecurity degree at American Military University.

By Susan Hoffman
Contributor, InCyberDefense

For years, companies and governments have used digital biometrics to automate the process of identifying individuals and guarding private data. Biometric data commonly comes in various forms, including:

  • Fingerprints
  • Hands
  • Eyes (iris or retinal scans)
  • Ear shapes
  • Heartbeats
  • Facial shapes
  • Voice recognition

Biometric data is versatile and convenient. It also saves time because it provides a unique way to quickly identify individuals and authenticate their identity for law enforcement or commercial transactions.

However, the use of biometric data is not without its problems. It can be stolen by hackers and used for criminal purposes. It’s also possible for some identifiers to be collected via camera or microphone when you’re in public and used to track you without your knowledge.

Once Biometric Data Is Lost to Hackers, It Is Hard to Replace

Several experts have pointed out the difficulty of replacing biometric data that has been compromised. Dave Aitel, the CEO of Immunity, Inc., in Miami, Florida, noted in a USA Today article: “Today, if your Twitter account gets hacked, you just change the password – but if you are using a biometric, you will be stuck with that hacked password for the rest of your life.”

Similarly, a recent story in Scientific American observed, “It’s easy to replace a swiped credit card, but good luck changing the patterns on your iris.”

In a March 2016 WIRED article, author April Glaser notes the irreplaceable nature of biometric data and quotes Woodrow Hartzog, an associate professor of law at Alabama’s Samford University. Hartzog states, “Biometrics are tricky….They can be great because they are really secure. It’s hard to fake someone’s ear, eye, gait or other things that make an individual uniquely identifiable. But if a biometric is compromised, you’re done. You can’t get another ear.”

The Rise of Protection for the Use of Your Biometric Data

Some states have already put legal protections in place to control third-party use and collection of personal biometric data. Legal experts Ted Claypool and Cameron Stoll, writing for the American Bar Association, note that “State laws concerning biometric information fall roughly into one of three categories:

(1) laws with respect to the collection and use of biometric information belonging to students;

(2) laws dealing with collection by government actors; and

(3) laws targeting the collection and use of biometric information by businesses.”

So far, Illinois, Texas and Washington have active biometric privacy laws, according to U.S. law firm Davis Wright Tremaine. DWT lawyer Ben Byer advises that “all companies intending to collect and use biometric identifiers must proceed carefully….staying vigilant as more biometric privacy laws come into effect.”

The Future of Biometrics

What is the future of biometrics? It appears likely that more and more companies will want to protect themselves from lawsuits by providing opt-in clauses in their privacy policies. Similarly, more regulations will be needed to protect consumers, so that they are promptly told about biometric data breaches. Over time, we may see more laws passed by state legislatures so that consumers have the data protection they need.

Comments

comments