Ethics Issues with Biometrics

The use of biometric information to identify or authenticate individuals gives rise to ethical concerns around the improper use of the identification and authentication processes because the biometric data is considered personal data. It is important for the public to be aware of some of the ethical concerns with regards to biometrics:

Tracking you down – Although biometrics measurements are used to identify individuals as agreed by the end user, it can also be used to track their movements and activities in ways completely unrelated to the task for which the identifying information was originally collected. When using biometric data, there is no way to decouple the identifying information from the person. That is, every place where the biometric information is captured can be linked with every other time and place that biometric information has been presented, forming a complete picture of the individual’s activities, tastes, financial position, associates, affiliations, and whereabouts. Although this may be desirable when talking about criminal activity, it’s an extreme violation of personal privacy for normal citizens going about their noncriminal lives. It is important to realise that many of the biometric measurements can be captured without the individual’s knowledge or consent.

Some biometric measures — such as gait, iris, facial imaging and voiceprint — cannot easily be concealed in public places, and might allow entities in possession of this kind of biometric information to know far more about the subject than would be possible otherwise. Indeed,

focuses on the Invasion of Privacy as one of the essential biometric scenarios to plan for. The use of biometrics has numerous benefits as highlighted in previous articles. However, the use of biometrics also risks biometrics data and results in data creep, in which biometric information given voluntarily to one recipient for one purpose may be transferred, without permission, to another recipient, linked with other data and applied to a new purpose. The risk of invasion of privacy has increased as the number of organisations implementing biometric based solution has increased significantly and most of these organisations never plan for this vital biometric scenario.

The events of September 11th have spurred an increased activity of private and public interest in security and especially, biometrics. The rapid implementations of biometric technology by some organisations with limited knowledge on the subject may result in sacrificing privacy rights in the name of security. In fact, it is so common for most organisations to tell employees who have concerns with regards to biometrics privacy that the implementation of biometrics is for their benefits and fail to address the privacy concerns. It is normal for people to feel that collecting and storing biometric information about them is a personal violation of their privacy. It is important to get to the practical root of the problem by asking exactly what bothers them about the chosen biometrics. The idea is to fully understand their concerns and try to address them. For example, What if the stored biometric data could be used to create a false version of the same biometric data (such as fingerprints) and the imposter now has accesses to all resources. Biometrics security is secure and therefore it is difficult to detect when biometric has been compromised.

Therefore it is essential that any organisation planning to embark on biometric based projects plan for at least the following biometric scenarios:

  • High security hosting which focuses on a high volume of people requiring access to a highly secure facility and access is granted if you are on a master list of authorized individuals.
  • Other Entry Access which focuses securing all the entry accesses to the facility including side entrances.
  • Port of entry which focuses a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals.
  • And biometrics limitation scenarios which focuses on situations where the chosen biometrics technology may not be suitable.
  • Malicious software, malware, which focuses on malware on the biometric system. The impact of malware on a biometric server can be devastating depending on the actions performed by the malware.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from