Through the theoretical adaptation of biometric technologies to people of variable abilities

Privacy/Legal Issues

By means of numerous personal communications, surveys (Appendix 4, Question 3), and interviews the researcher has concluded that by opting to use a single biometric (e.g. fingerprint scanning) without the presence of an alternative authentication method, that biometric technologies cannot be applied to all groups of people. Hence, the purchaser has ultimately chosen a solution that will surely increase the likelihood of discrimination against specific diverse groups (i.e. people of variable abilities).

One of the most consistent and prolific constraint towards the implementation of many new technologies is the controversy over civil rights, namely privacy (physical or informational) issues. It is a consensus of opinions that opponents of newfangled emerging technologies such as biometrics are necessary to the developmental and implementation processes for emerging technology. Opponents of emerging technologies urge all technology maestros to improve designs, refine processes, and safeguard the things we hold most dear, our freedom and humanity.

Furthermore, it is believed that the majority of civilized people are compassionate and recognize the supreme need for new assistive technologies. Therefore, both advocates and opponents alike must do everything possible as civilized human beings to bestow freedom to everyone in need. To accomplish such a monumental task, society must harness the creativity and innovation of our society to develop new theories and assistive technologies.

Individual Anonymity

Many individuals are concern that the ubiquitous proliferation of biometric technologies into our societies would be the catalyst that leads to the destruction of individual anonymity. The reasoning behind this fear is that the supposed lost of individual anonymity can discourage spontaneous and free behavior (i.e. speech). The underlining concept here is the perceived loss of freedom or losing oneself.

Still, there are other individuals that believe that anonymity has already gone astray. This group of individuals believes that if the omnipresence of ‘Big Brother’ (government) wanted to track down an individual that it could be easily accomplished via credit card transactions, cell phones, pagers (two-way), GPS (Global Positioning Satellites) and surveillance of the subject and/or acquaintances.

An interesting tidbit about the concept of individual anonymity with respect to the Fourth Amendment as explained by Woodward, J., Orlans, N., & Higgins, P. (2003), p. 358 is that based on:

Florida v. Royer, 460 U.S. 491, 497-498 (1983), a law enforcement officer does not violate the Fourth Amendment when he approaches an individual in a public setting and asks him questions. However, the Court has made it clear that “the person approached need not answer any question put to him; indeed he may decline to listen to the question at all and may go on his way.”
Biometric Technologies

The Americans Civil Liberties Union (ACLU) is only one of many local, state, federal, and international organizations with legitimate concerns about the security (privacy) or misuse of the biometric data collected by the government and private companies (Winter, 2000). It is important to note that the ACLU does supports the use of biometric technologies for access to logical assets and physical facilities, providing the technology is proven to balance the elements of reliability, effectiveness, intrusiveness level must be balanced with magnitude of risk, and technology must be applied in a non-discriminatory manner. Having said that, do not forget that the acceptance requirements (elements) expressed by the ACLU are intrinsically problematic and left to the interpretation of the user.

The aforementioned concerns are of such importance that two organizations were formed to address the concerns, the first is the International Biometric Industry Association (www.ibia.org), which is sponsored by the National Institute of Standards and Technology (NIST) and the second is the Bioprivacy Organization (www.bioprivacy.org), which is sponsored by the International Biometric Group (www.biometric group.com) (Woodlands Online, n.d.).

An attention-grabbing veracity to point out is that it is the consentaneous consensus of the Biometric Consortium that biometrics was and will continue to be developed as a method of securing freedom, protecting data, and ensuring privacy. That is to say that biometric developers have went to great lengths to all sensitive data is encrypted by not only one algorithm, but in many cases multiple encryption levels.

Privacy advocates find the establishment of centralized databases via the traditional client-server architecture to be an abhorrent incubus that will devour freedom. One might think that the concerns stem from the perceive lack of ability for institutions both government and corporate to protect valuable data from hackers. This is, however, not the case, it appears that privacy advocates fears revolve around the perceived notion that the government will collect this data for the purpose of violating the civil rights of it’s citizens.

The public perceptions of radio-frequency identification chips is that they are an invasion of privacy that could theoretically be used to track an individual's buying habits and the individuals themselves. While the perception of industry is that RFID tags were never intended to be used in the tracking of a person or an individual’s buying habit’s.

Clothing manufactures embed RFID tags into the labels of garments to track the products through the manufacturing and supply chains. The end result would be a cost savings that could have been passed on to the consumer (Huff, n.d.).

Despite differences in opinions, the RFID industry does seem to agree that now is the time to explore all privacy issues related to RFID. AIM Global (http://www.aimglobal.org/technologies/rfid), is a global trade association that addresses automatic identification, data collection and networking in mobile environments, is setting up a committee to look into privacy issues, make recommendations and build industry consensus.

Smart cards are more secure and would remove much of the data that pertains to a person from the centralized database. This data would reside on the smart card. Without protection, however, the data would be ripe for misuse. The protection would come in the form of PKI encryption for transmissions and biometrics user authentication. For example, software that generates keys for a PKI encryption system might use data derived from one or more biometric sensor to generate at least one of the keys.

Corporations are encroaching further into our private lives, seeking out new opportunities to sell us products and turning every aspect of life into a commodity. The use of biometrics and biometric storage technologies in a corporate setting has been the subject of much debate. Many individuals do not have a problem using the fore mentioned technologies to monitor for security risks, sexual harassment, and/or to ensure the acceptable performance of employees.

The concern of labor unions and employees is that employers will exploit the technologies to spy on employees in order to facilitate explicit control over an employee’s every move. These activities may diminish an employee’s morale, dignity, and increase worker stress.

Advocates of workplace privacy are attempting to have laws established that specifically call for the purpose, collection limitations, accuracy of data, limits on retention of data, security, and protections against the transfer of data. Advocates believe that this level of protections elevates employees to a more equal footing while allowing employers to monitor for legitimate reasons (Gindin, 1997).

Government facilities bring into play contrasting beliefs. As government facilities and records are to be both a place of work and open to the public. Records are open public so that citizens have the ability to monitor their government and to ensure accountability in a democratic society. Yet society demands even greater security and monitoring of the facility and the employees.

The challenge for lawmakers is to strike a balance between the publics right to information and the individual's right to privacy. As stated by Gindin, S. E. (1997), the following are some of those attempted to protect privacy:

The Electronic Communications Privacy Act of 1986 (ECPA) and the Computer Fraud and Abuse Act contain provisions to protect electronic privacy. The Privacy Protection Act of 1980 restricts governmental seizure of publishers' investigative work product. The Privacy Act of 1974 and the Computer Matching and Privacy Protection Act of 1988 regulate government record-keeping and prevent government agencies from divulging certain personal information without proper authorization.

Are biometric technologies on public streets and at recreational events in violation of the Constitution of the United States’ Bill of Rights (http://www.law.emory.edu/FEDERAL/usconst.html) First Amendment (freedom of expression/religion), Fourth Amendment (protection against unreasonable searches and seizures, Fifth Amendment (protection against self-incrimination), and Fourteenth Amendment (Due Process Clause protects against personal decisions concerning marriage, procreation, contraception, family relationship, child rearing, and education)? If you ask the ACLU the answer to each of these is; Yes (http://www.aclu.org).

However, the majority of law scholars and ruling do not agree with the stance of the ACLU. They have instead determined that term privacy in public is a contradictory concept; as such the expectation of privacy in a public forum does not exist. This is reinforced by the work of Woodward, J., Orlans, N., & Higgins, P. (2003) p. 358, that there are no laws prohibiting the collection of biometric data in public places. Given this one should have no expectation of privacy in public (Nanavati et al.).

Misuse of Personal Data

In accordance with the work of Gindin, S. E. (1997) the misuse of personal data for something other then it’s intended purpose is a violation of the many federal acts and statues.

• 
  American Family Privacy Act of 1997 - Prohibits federal officers from providing access to social security, earnings, benefits & tax information through the Internet.
  
• 
  Cable Communications Policy Act of 1984 - Protects cable television subscriber information.
  
• 
  Children's Privacy Protection and Parental Empowerment Act of 1999 (H.R. 369) - Prohibits the sale of personal information about children without their parents' consent.
  
• 
  Collections of Information Anti-Conspiracy Act (H.R. 354) - Creates new property rights for owners of databases of public information.
  
• 
  Consumer Internet Privacy Protection Act of 1997 – Prohibits the disclosure of personally identifiable information without consent.
  
• 
  Consumer Internet Privacy Protection Act of 1999 (H.R. 313) - Regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services.
  
• 
  Data Privacy Act of 1997 - Guidelines that limit the collection and use of personally identifiable information obtained from individuals through any interactive computer service for commercial marketing purposes,
  
• 
  Department of Transportation and Related Agencies and Appropriations Act, 2000 (H.R. 2084) - Two amendments proposed by Sen. Shelby (R-AL) pertain to privacy. Section 339 eliminates federal funding for highway projects in states that sell drivers' license personal information, motor vehicle records, or photographs from drivers' licenses. Section 348 repeals section 656(b) of the Omnibus Consolidated Appropriations Act of 1997, which required social security numbers to be displayed on drivers' licenses.
  
• 
  Driver's Privacy Protection Act of 1994 - restricts the release of motor vehicle records.
  
• 
  Fair Health Information Practices Act of 1997 – disclosure of health information to non-medical personnel without consent is prohibited.
  
• 
  Family Educational Rights and Privacy Act of 1974 (FERPA) - protects student records.
  
• 
  Federal Internet Privacy Protection Act of 1997 - Prohibits Federal agencies from making certain confidential records with respect to individuals available through the Internet.
  
• 
  Federal Records Act - regulates the disposal of federal records (all records electronic or otherwise).
  
• 
  Financial Information Privacy Act of 1999 (S. 187) - Requires FDIC to set privacy rules.
  
• 
  Financial Services Act of 1999 (H.R. 10) - Major bank, securities and other financial services merger bill. It requires the FTC to issue interim reports on consumer privacy.
  
• 
  H.R. 191 - Creates a tamper-proof Social Security Card (i.e., National I.D. Card) used for employment verification.
  
• 
  Know your Customers Sunset Act (H.R. 516) - Prohibits government from implementing the "Know Your Customer" rules.
  
• 
  Patient's Bill of Rights Act of 1999 (S. 6) - Requires health plans and insurers to protect confidentiality of medical records and allow patient access.
  
• 
  Patients' Bill of Rights Act of 1999 (H.R. 358) - Requires health plans and insurers to protect confidentiality of medical records and allow patient access.
  
• 
  Personal Privacy Protection Act (H.R. 97) - Prohibits physical intrusion into privacy for commercial purposes (i.e., press). Exempts law enforcement.
  
• 
  Right to Financial Privacy Act - Prohibits the government agencies, except for the Internal Revenue Service and agencies supervising banks from accessing financial records of individuals.
  
• 
  Social Security On-line Privacy Protection Act of 1999 (H.R. 367) - Limits disclosure of social security numbers by interactive computer services.
  
• 
  Telecommunications Act of 1996 - Safeguards customer information held by telecommunications carriers.
  
• 
  Video Privacy Act - Protects videotape rental records.
  

Chart 4: Potential Abuses of Power

For this poll, Harris Interactive interviewed by telephone 1,012 adults between Sept. 19-24, 2001 about concerns about increased law enforcement powers in the wake of the September 11 attacks. The margin of error is plus or minus 3 percentage points.

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_1.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_2.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_3.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_4.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_5.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_6.gif

Source: http://www.msnbc.com/news/wld/national/brill/

images/abuse_power_brill_7.gif
Profiling (Big Brother is Watching)

As technology becomes more robust there is greater concern about the centralization of a national identity database, for such a database could set the stage for the practice of unwarranted and/or unlawful surveillance. Further, it is the trepidation of society that the collection and storage of biometric data will lead to the prolific profiling a person based on his or her picture (appearance), ethnicity, religion, age, or gender (unconstitutional).

Given the following scenario, if surveillance of a person was set into motion based on a persons picture (appearance), ethnicity, religion, or gender. Then it would most likely be the defense of law enforcement officers that the person was being watched because he or she looked suspicious, which could be construed by courts as one of the twelve exception rules (Intra-Agency Need to Know) to The Privacy Act of 1974 (Woodward, Orlans, & Higgins, 2003). However, if the decision to initiate surveillance were based on profiled data of a discriminatory nature, then the actions of the law enforcement officer would have been illegal and unconstitutional. The problem is how can we as a society police our police, if we cannot be sure of the circumstances surrounding a law enforcement officers decision to initiate the surveillance.

There are potential solutions to the above scenario, but not all of the solutions are feasible. The first potential solution would be not to use biometrics, which is not feasible because the genie is out of the bottle. Second solution would be to ensure that unconstitutional or profiling data is not associated to the biometric template, which is not feasible because biometric like facial geometry require a picture. The most logical solution would be to decentralize of databases and give control of the biometric templates to the biometric owner. The decentralization can be accomplished with a smart card or RFID.

Child Protection Education of America is a nonprofit organization that offers free digital fingerprinting (all ten) and digital photographing of children in hopes of protecting children. The question is does the collection and storing of this data in a centralized database constitute a national identity database? At this time such issues with respect to the collection of child’s biometric has not been addressed.

Download 2.12 Mb.

Share with your friends: