Biometrics systems are designed to identify or verify the identity of people by using their intrinsic physical or behavioral characteristics. Biometric identifiers include fingerprints; iris, face and palm prints; gait; voice; and DNA, among others.
The government insists that biometrics databases can be used effectively for border security, to verify employment, to identify criminals, and to combat terrorism. Private companies argue biometrics can enhance our lives by helping us to identify our friends more easily and by allowing us access to places, products, and services more quickly and accurately. But the privacy risks that accompany biometrics databases are extreme.
Biometrics’ biggest risk to privacy comes from the government’s ability to use it for surveillance. As face recognition technologies become more effective and cameras are capable of recording greater and greater detail, surreptitious identification and tracking could become the norm.
The problems are multiplied when biometrics databases are “multimodal,” allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. Further, geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance. And if the government gets its way, all of this data could be obtained without a warrant and without notice or warning.
Large standardized collections of biometrics also increase the risk of data compromise from which it could be almost impossible to recover. In the near future, biometrics could stand in for your driver license or social security number, and you could be asked for a thumbprint or an iris scan just to rent an apartment or see a doctor. This could lead to many vulnerable copies of that linked data that could wind up in the hands of identity thieves. And any data compromises would be catastrophic; unlike a credit card or even a social security number, your biometric data can’t be revoked or re-issued.
EFF is monitoring the development and implementation of these technologies, both in the law enforcement and commercial contexts. We are fighting to build privacy protections into systems at the front end so that we don’t have to face privacy threats on the back end.
EFF Related Content: Biometrics
- As Trump surveys the surveillance system at his disposal, he should know that there are at least 471 of the location-spying devices in the U.S. today, according to an exclusive Vocativ survey of known police and other official documents. “The big concern with stingrays is we still don’t know exactly...
- Last week, a House Committee on Oversight and Government Reform found that privacy experts were right to be concerned: the FBI uses facial recognition without complying with privacy laws; 1 out of every 2 Americans’ photo is in some kind of FRT database; and facial recognition technology can reproduce race...
- FBI spokesperson Kimberly Del Greco said, “The only information the FBI has and have collected in our database are criminal mugshot photos,” Del Greco stated, when asked by committee chairman Rep. Jason Chaffetz (R-UT) whether the FBI was collecting or storing photos of innocent people from other sources, like social...
- EFF Senior Staff Attorney Jennifer Lynch emphasized that the Federal government needs to implement certain regulations to safeguard privacy issues regarding law enforcement’s use of facial recognition technology. “Face recognition and its accompanying privacy and civil liberties concerns are not going away,” Lynch said in her testimony.