Why you should care
The coming biometric identification revolution offers convenience and participation, but it also threatens privacy and security.
Ready for ID by body odor? Or the butt scan?
Neither are we. But in the brave new world of the biometric revolution, biomarkers like scent and derrière shape could open doors — literally. Or start your car. Or let you vote.
This is not the distant future. Around the world, governments are rolling out massive biometric identification programs. Smartphone makers are acquiring all sorts of Minority Report-ish techologies. And for scientists, the race is on to find new, workable biomarkers, which go away beyond the iris scans and fingerprints we have now.
Think recognition by gait, electrocardiogram, palm vein — and, yes, eau de you and tush shape, too.
After all, you can change your passwords after a Heartbleed bug, but you can’t change your irises.
Reliable studies on the size of the biometric market are hard to come by; estimates range from $3.6 billion to nearly $7 billion. But experts agree it’s growing fast — from 7 percent to 18 percent a year, depending on who’s projecting. Markets and Markets claims that the biometric systems market will be worth $23.5 billion by 2020.
The rapid rollout of biometric ID systems holds some promise. Hundreds of millions of people lack formal identification, and that’s an obstacle to participating in society. Without ID, it’s hard to vote, register land or get a bank account, let alone a loan. States, meanwhile, have a hard time collecting the taxes of undocumented citizens. Those are all reasons that India’s Universal ID program, which has scanned the irises of 450 million unregistered citizens, has won so many plaudits.
Biometrics are a different story in the developed world. In the United States, Europe and other regions, the worry is not that the state doesn’t know who you are, but that it knows too well — like Big Brother. Critics of biometric programs argue that important questions haven’t been resolved.
Who has the right to collect your biodata? Who gets to access it? How can it be used? And what happens in case of security failures? After all, you can change your passwords after a Heartbleed bug, but you can’t change your irises.
The color of your eyes and your height are technically biometrics, as is your signature.
Even agnostics agree that laws haven’t kept pace with the technology. “The technology itself is ethically neutral,” says Alan Gelb, a researcher at the Center for Global Development who studies national ID systems, including biometrics. “The question is how the technology is used.”
But Gelb says there’s not enough oversight or regulation of the technologies. Although the 160 national ID programs Gelb and his co-researcher found go a long way toward bridging the “identity gap,” half of them lack adequate data-protection laws, he said.
That’s one reason Scientific American argued in December that the biometric revolution “makes possible privacy violations that would make the National Security Agency’s data sweeps seem superficial by comparison.” Much biometric data are collected without the subject’s explicit consent — or even knowledge, says Jennifer Lynch, a senior attorney at the Electronic Frontier Foundation (EFF). Little is known about how it is used.
Security is at stake, too, because biometric data is hard (if not impossible) to revoke or replace. “Data breaches occur all the time — who might get control of that data?” says Lynch. “I think we should be incredibly concerned over this.”
Biometric identification is not new. Fingerprints are the classic example, and headshots are considered biometrics, too. Even the data on your driver’s license — your eye color, height, signature — are technically biometrics. The field got a big boost after the terrorist attacks on Sept. 11, 2001, as the United States invested heavily in fingerprint-, face- and iris-detection technology.
Most who worry about the privacy aspects of ID technology already enjoy the benefits of being identified.
The past few years have seen a great biometric leap forward, as the saturation of smartphones and biotech advances have expanded the universe of potential biomarkers and applications. It’s not just the iPhone 5’s fingerprint sensors or Fujitsu’s plan to embed a palm vein scanner into its mobiles. We’re talking scanning the irises of all 1.2 billion Indians, as well as long-range iris scans, gait-recognition systems that use your smartphone’s accelerometer to identify you while you pace, electrocardiogram wristbands rigged to open your door and, yes, the butt and body odor scans.
Some applications raise amusing reliability questions: How effective would a body odor ID system be if you were to eat a lot of garlic or wear a new perfume? The probable application for the bottom-sensor would be in the drivers’ seat of a car, and the sensor would likely adjust to gradual variations in body weight and shape. But what if you drop off your car at the airport, go on a two-week vacation and come back 10 pounds heavier — would you still be able to start the car?
Most recent biometric identification systems are not quite so outlandish. Many are connected to smartphones, and, indeed, one consultancy predicts that 619 million people will be using biometrics on their mobile devices by the end of 2015. The reason: As phones do more and more important things for us, secure phone access becomes paramount.
At Christophe Busch’s lab in Germany, scientists are working on a variety of biometric technologies for phones, including those that use the smartphone’s built-in accelerometer to recognize gaits. Busch’s team is also keen on using smartphones’ near-field communication (NCF) ability to unlock doors.
NFC was a worrisome topic for many participants at recent German conference of key manufacturers, Busch says. “They were saying that the time for physical keys opening doors will end: ‘These smartphones, horrible, horrible smartphones — they’ll kill our business!’” Busch reports. “That’s not a joke — that’s what they were saying.”
The threat to key makers seems minor when compared to civil rights issues. The FBI has been very secretive about its Next Generation Identification program, which includes massive amounts of biometrics — much of it collected on people who’ve never been accused of a crime, and some of it, at least, collected without subjects’ knowledge. (Iris scanner technology has improved so rapidly that it’s now possible to detect irises from 1,000 feet away, according to the EFF’s Lynch.)
Backlash is brewing. In Pinellas County, Fla., a palm scanner at the school cafeteria sent parents into a tizzy — and this month, Florida’s legislature passed a measure that prevents schools from collecting students’ biometrics. Dorothy Hukill, the state senator who sponsored the bill, said: “We’ve been able to get kids through a lunch line for decades. Why do we need to take their biometric information when we know there is the potential for identity theft?”
Valid as the privacy concerns are, they are very much first-world problems. Most who worry about the privacy aspects of ID technology already enjoy the benefits of being identified, Gelb points out, like having passports, bank accounts and the ability to vote.
“When you look across the world, you see that those with the least access [to ID] are the poorest and the most excluded,” he says. “To argue that these people live in some blissful state where no one knows who they are — this is bizarre.”