IntroductionBiometric: Promise and peril

The move toward digital identification and biometrics appears inexorable. Every week brings news of yet another country opting for a biometric passport, another state choosing biometric driver licenses, another government agency selecting biometric means to identify the people it serves. This trend offers lucrative business opportunities for many companies even as it worries privacy advocates.

Business opportunities
Business Week’s Ellen Gibson writes that the digitization of personal information is a boon to companies in biometrics. There are countless applications for biometrics — in border control, medical records, computing, and commercial transactions — and many experts predict it is not long before such scans are part of everyday lives.

The business opportunities in biometric have attracted some of the largest defense contractors. Lockheed Martin is one of several companies partnering with government agencies to develop new applications in biometrics. The company is managing an effort by the Transportation Security Administration (TSA) to provide up to one million maritime and transportation workers access to secure areas of ports via biometric credentials, including finger and iris scans, which will be stored on biometric ID cards (the TWIC program).

Northrop Grumman is supplying the technology to a project sponsored by the FBI — in collaboration with Australia, Britain, and Canada — to set up a Server in the Sky — a network for sharing biometric data on criminals and suspected terrorists. The group, called the International Information Consortium, says that a global biometric clearinghouse would help nations combat terrorism and rapidly identify victims in large-scale disasters such as Hurricane Katrina.

Gibson notes that the private sector has been experimenting with biometrics for years. Casinos have been using the technology for a while, and night clubs in Britain are beginning to use it. Some regional credit unions have already piloted programs wherein members are identified by palm scans. Walt Disney World has been using finger scanners to ID visitors and prevent pass-sharing for years.

“Pre-9/11, the expectation was that [advances in biometrics] would percolate up from the commercial sector,” says Lawrence Hornak, codirector of the National Science Foundation’s Center for Identification Technology Research. “But with the emphasis on security after 9/11, there are now major government initiatives.”

Privacy concerns
Many consumers appear to prefer digital identification over other security systems, which require memorizing lengthy combinations of letters and numbers that must be changed frequently. Proponents of biometric envision a future in which body scanners replace passwords in computers and personal identification numbers at ATMs. “You always carry your physical characteristics with you,” notes Hornak. “That provides a lot of convenience.”

Gibson notes that one of the major challenge in implementing biometric banking on a larger scale is building the infrastructure. Institutions would need a central repository of biometric information against which to compare the scans.

A bigger hurdle is the fierce opposition from civil liberties advocates who argue that that biometric systems infringe on privacy at the same time that they compromise individual security. People are uncomfortable with a future in which cameras monitor their physical traits and behvior patterns, compiling digital dossiers about them without their knowledge or consent as they stroll through an airport or convenience store. Consumers worry that hackers would find easier to steal their information when it is contained in a centralized database.

Security analysts admit that data breaches are inevitable. “If my password security is breached, my bank and I can agree on another bit of secret information,” explains John Verdi, senior counsel at the Electronic Privacy Information Center. “If I give my bank an iris scan and somebody spoofs it, I can’t do anything other than poke out my eyes.”

Gibson writes that Verdi is not opposed to biometrics research, but he has a hard time believing that the advantages of current applications outweigh the risks. “If you’re going to submit this truly sensitive information, you’re pretty much assured that it’s going to be compromised at some point,” he says. “The question is: What is so important that I’m willing to put that information out there?”