Chapter 3. Protecting Privacy with Biometrics and Policy

The encroachment by technology into individual privacy has never been greater. From being tracked by surveillance cameras as we travel through cities and businesses to the use of customer loyalty programs, our movements and habits are under constant surveillance. The lack of personal anonymity is decreasing quickly as more personal information is gathered about us. This gathering and tracking can begin as soon as we turn on our cell phones in the morning. The cell phone puts out a "here I am" signal to the nearest cell phone towers . Using the strength of the signals at each tower, your location can be triangulated. On the drive to work, you may have a transponder in your car, to whisk you through the toll lanes on the freeway . Now there is a record of when you passed a certain location. When you park and take the train into the city, the cameras of the transit company have you under surveillance. They can tell with whom you sat, what newspaper you read, and at what station you departed. As you exit the train on the way to work, you may stop at a pharmacy and get a prescription for high blood pressure filled. While there, you pick up some potato chips for your children that night. You pay for your purchase and use both a credit card that lets you get points for purchases and the pharmacy's loyalty card. The pharmacy now knows that you bought a prescription and snacks. This information, if sold to your health insurer, could form the basis for the insurer to think that you are not doing what is best for your high blood pressure and personal health. From the pharmacy, you head to work; you pass the security gate, where you present your photo ID, and then enter camera- monitored hallways and elevators to get to your desk.

During this trip to the office in the morning, your every move and action have been tracked and recorded. During this trip to the office, only twice have you positively identified yourself. The first time was when you signed your credit card receipt at the pharmacy, and the second time was when you presented your photo ID at the security checkpoint. All the other times, you have been watched and quite possibly recorded as an anonymous face. If any of the surveillance cameras that captured your image had been integrated with facial or gait biometrics, you could have possibly been identified. It is the possibility of a third party identifying you without your consent or knowledge that is of greatest concern.

Privacy is really much more than the personal information we think of. Privacy can apply to anything that we want to keep private. In keeping something private, we wish to safeguard it from use or view. For example, meeting with different people or organizations could be seen as personal matters. I may also want to keep my physical person private. That is, my body is private, and I should expect privacy in not being viewed intimately. The thoughts in my head are private to me, and if I wrote them down in a journal, I would want that to remain private. Thus, I would expect others to respect the privacy of my thoughts. The right to or need for privacy must be protected somehow. The protection afforded my information is of importance. If I am required to share certain private details with my employer in order to be employed, I expect my employer to protect the privacy of that information. The use of a password is one way to guard the privacy of my information; requiring biometric authentication to access that data would be even stronger. In this way, biometrics help to preserve my privacy. If my employer were to use facial biometrics for authentication, I would be enrolled in the system so I could authenticate at work. If my employer used that biometric information to identify me outside of work, or to correlate my movements with those of others, my privacy would be violated, as my right for privacy with whom I meet would be invaded. In this way, biometric identification technologies are seen as invaders of privacy.

With employers now looking at using biometrics as a strong factor of authentication, all the previous prejudices concerned with the loss of privacy need to addressed. The right to privacy and the expectation of it are not only individual concerns, but also concerns for employers and employees . Biometrics play a role in each group's privacy issues and concerns. Biometrics can be seen as both a compromiser of privacy and a protector of that privacy. Once the role that biometrics will play in each party's privacy is clear, it is important to try to create a positive biometric policy in order to ensure that the rights of both the employer and employee are protected. Let's examine each group 's concerns about privacy and biometrics and use this discussion to provide an outline for a positive biometric policy.