Biometrics: friend or foe of privacy?

News & Analysis
Biometrics: friend or foe of privacy?

New technologies may hold great benefits for the developing world, but without strong legal frameworks ensuring that rights are adequately protected, they pose serious threats to populations they are supposed to empower.

This is never more evident than with the rapid and widespread implementation of biometric technology. Whilst concerns and challenges are seen in both developed and developing countries when it comes to biometrics, for the latter they are more acute due the absence of laws or flawed legal frameworks, which are failing to uphold and ensure the protection of basic human rights.

In a paper published today by Privacy International, Biometrics: friend or foe of privacy?, we illustrate that while intended as tool to facilitate socio-economic and political developments, the deployment of biometrics technology is not without risk in both developed and developing countries. Through the analysis of thematic and country-specific case studies, we demonstrate that the negative consequences are particularly acute in the latter.

You can read the full report here. Below are some of the key topics discussed in the paper.

What are biometrics?

Biometrics refers to the measurement of unique and distinctive physical, biological and behavioural characteristics used to confirm the identity of individuals. This paper provides an insight into the origins of biometrics and its evolution in terms of the technology but also in the ways it has been used.

The Right to Privacy, Technology and Biometrics

In today’s digital world, the fundamental right to privacy safeguards who we are and supports our on-going struggle to maintain our autonomy and self-determination in the face of increasing state power. Technological advancements are providing unprecedented opportunities to empower people, but also pose the potential for significant negative impacts on basic human rights. These consequences are a particular risk in the deployment of biometric technology, which remains unregulated by laws relating to the protection of personal data and privacy as well as the biometric industry, which fails to incorporate privacy and data protection standards in their own procedures. Emerging challenges include the ethical impact of identification programmes, the need to consider cultural and social norms, and the dangers of the amassment of data.

Biometrics – the risks

It is essential to understand the risks of biometric technologies in order to develop relevant policy and legislative frameworks on their development and use, and minimise the potential negative impact they may have. The very nature of biometric technologies can lead several problems:

the data processed is at risk of being misused and is subject to fraud;
it can result in misidentification and inaccuracies;
its nature renders it exclusionary;
and its unregulated retention raises questions function creep and the safety of the data itself.

In addition, whilst recognising that biometric technology is in and of itself is not harmful, the policy and legal void in which it is used fails to regulate and limit its purpose. Thus, it can potentially be seen and used as a tool for surveillance through profiling, data mining and big data.

The use of biometric technology in developing countries

The developing world has attracted much attention and interest from the biometric technology industry, which views these countries as an area of growth for the industry. Technology. Seen as a tool to facilitate socio-economic and political developments, an array of sectors in the biometrics field have been deployed, ranging from national identification systems in India and Argentina, delivery of social services including health services such as in Peru and Pakistan, electoral management as in Kenya and the Philippines, aid delivery and social protection programmes as those run by the World Bank and UNHCR, and border management such as the biometric passports and visas introduced in Senegal.

Protecting privacy in biometric systems: the challenges

Without discrediting the benefits of the aforementioned uses of biometric technology, the failure to carry out thorough risk assessments has meant that threats to privacy have failed to be identified and thus are not being prevented or at the very least mitigated. This lacuna permits mass human rights violations, which directly deny individuals of their autonomy, their fundamental freedoms and – in extreme circumstances – their identity. In the case, for example, of migrants, the use of biometrics systems for identification purposes means that a misidentification could hinder their fundamental right to seek asylum if they are identified for already having had their asylum claim rejected. In addition, the lack of risk assessments also means the relevance and appropriateness to use the technology is also not being addressed, such as in Kenya were the system failed due to poor training of voting officers to handle the system and there were no power sockets. 

The recent major leak of personal data experienced by the biometric electoral registration roll in Argentina is yet an another warning that these concerns are real, and the poorly framed deployment of biometric technologie is having disastrous negative effects on the privacy of individuals and the protection of their personal data.

Protecting privacy in biometric systems: the opportunities

Biometric technology itself can have both positive and negative uses. The aim of this paper is not to discredit the technology or the potential advantages of its use, but rather to raise awareness as to its risks and the consequent need for the collection, deployment and storage of biometric data to be regulated. It is essential to consider the opportunities to minimise the negative impact on basic human rights, such as including privacy at the heart of any decision to use biometric technologies to minimise risks of function creep, fraud, and misuse, securing the digital infrastructure which stores this data as well as developing a culture of accountability.

Recommendations

Based on the exploration of opportunities to protect privacy in biometric system, this paper concludes with key recommendations put forth by Privacy International, calling for the development of standards around the use of biometrics technology, in particular to address the challenges and risks emerging from their use in developing countries. These focus on the need for strict enforceable safeguards at every step of the biometrics process, from collection to retention as well as on authorised access, securing of the digital infrastructure and the need for oversight of all of these steps.

These recommendations are not exhaustive but are intended to spark a debate, a debate which is currently lacking on this issue, around how to implement biometric technologies in a way that ensure the protection and promotion of the right to privacy.