The use of biological markers like fingerprints, faces and irises to identify people is rapidly moving from science fiction to reality. Apple’s latest iPhone, which went on sale this week, can be unlocked with a fingerprint. Users of Android smartphones can unlock their devices with a glance. And the Department of Homeland Security is developing facial recognition technology that would allow it to pinpoint criminals and suspects in large crowds of people with closed-circuit cameras.
Once so expensive that it was used only by the military or high-tech companies, biometric technology has become so commonplace that even some schools and hospitals are using it. Its adoption could make sensitive information more secure than conventional identification cards or passwords, which can be easily forgotten, lost or hacked. But it also has the potential to undermine privacy, which has been greatly compromised by recent revelations about government surveillance of phone and Internet communications.
In fact, biometrics are not as safe as is often thought. A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy. For example, people leave their fingerprints on everything they touch, which makes those fingerprints available to any determined spy or law enforcement agent. Experts have shown that fingerprints and other markers can be copied, giving hackers and thieves access to private information. And once compromised, fingerprints cannot be reset, like passwords, or replaced, like passports.
If proper safeguards are not put in place, the use of some biometrics, like facial-recognition technology, can also be used to conduct intrusive surveillance of individuals or groups of people by governments and private companies. Using facial-recognition software to match databases of photos with images from security cameras in public spaces and private buildings can help law enforcement agencies spot and track dangerous criminals. But the same technology can just as easily be abused to target political activists or protesters. Retailers could use such systems to snoop on their customers’ shopping behavior so that they could later target specific ads and offers to those customers. Facebook already uses software to determine whether photos that users upload to the site contain the images of their friends, though the company does let users opt out of the system.
Even as the use of such technology has expanded rapidly, there has been little public debate about its use. Most federal and state laws do not directly address the collection and use of biological markers by businesses and the government. Some lawmakers, like Senator Al Franken, Democrat of Minnesota, have asked government agencies and companies like Apple and Facebook to explain how they use biometrics. But Congress must do more by enacting legislation that governs how this technology is used, to make sure it does not compromise privacy rights.
Virginia is developing a master identity database called the e-ID Initiative:
Using Department of Motor Vehicles records as its core, the state government is quietly developing a master identity database of Virginia residents for use by state agencies.
Four state agencies are now involved in Virginia’s e-ID initiative: DMV, the state’s “ID professionals”; the Virginia Information Technologies Agency, which runs the state’s IT systems; the Department of Social Services; and the Department of Medical Assistance Services.
DMV has the records of about 5.9 million licensed drivers and ID card holders. Some of that information — names, addresses, dates of birth, driver’s license numbers — will form the core of the state’s identity authentication system.
While officials say the e-ID initiative will be limited in scope and access, it comes at a time of growing public concern about electronic privacy, identity theft and government intrusion.
“It makes it easier to compromise your privacy,” said Claire Guthrie Gastañaga, executive director of the American Civil Liberties Union of Virginia. “They’re using DMV for some other purpose than driving.”
The state enterprise record – the master electronic ID database – would help agencies ferret out fraud and help residents do business electronically with the state more easily, officials said.
DMV points out that, in today’s world, state driver’s licenses are the fundamental identification documents used by most Americans.
State officials say participation in the e-ID system will be voluntary, but the reason that the state has been moving to offer “privacy-enhancing credentials” to Virginia residents is the increasing number of government services offered online.
However, “anything you make more accessible and efficient for the user, you potentially open up for opportunities for risk, for attack,” said Robby Demeria, executive director of RichTech, Richmond’s technology council.
DHS begins using facial recognition technology at sporting events claims its for research:
DHS’s biometric Biometric Optical Surveillance System or BOSS should concern every American:
DHS installed 37 surveillance cameras on the Las Vegas strip:
Pennsylvania DOT to enter 36 million drivers licenses and ID photos into facial recogntion database: