Picture a world in which you use your fingerprints, rather than keys to open your front door; where you pay for items by taking a selfie; where your heartbeat serves as your password. Biometrics —automated recognition of individuals based on unique characteristics—are making all of this possible. But maybe not surprisingly, the commercial use of biometrics raises numerous privacy and security concerns, which are worth exploring.
It’s important to understand how biometrics are defined and how they work on a basic level. In simple terms, biometrics involve the measurement and analysis of unique physical and behavioral characteristics to determine 1) who a person is and 2) if he or she really is who they claim to be. Distinct physical traits include fingerprints, vein, retina, and voice patterns, as well as facial measurements (like the distance between someone’s eyes or the shape of their cheekbones). Behavioral identifiers can include an individual’s signature and keystroke patterns, gait, hand-eye coordination, and response times. After these biometric identifiers are captured, data is extracted, and then translated into codes and stored in a database or on a portable device like a smart card. Future data is compared to the established biometric template for authentication purposes.
The advantages of biometrics as a means of identification and authentication include reduced costs (no more replacing lost ID cards) and added convenience (no more carrying key fobs, or having to reset or remember multiple passwords). Biometric data cannot be lost or forgotten. Because biometric identifiers are unique and immutable, they are considered more secure than passwords. However, it’s still possible to hack or trick scanning devices. And biometric information can be stolen. In 2015, hackers breached the U.S. Office of Personnel Management and stole the fingerprints of more than five million government employees.
There has been a tremendous uptick in the use of biometrics by the private sector due to a decrease in size and cost of biometric devices, combined with the desire for quicker, more efficient methods of authentication. For instance, banks are using retinal scans instead of passwords as a way to access online banking. Hospitals have implemented palm-vein scans to prevent misidentification of patients. Airports are increasingly replacing boarding passes with face and fingerprint scans to strengthen and speed up the boarding process. Colleges use them as a method of accessing dorms, and to confirm identification ahead of test taking.
While many organizations utilize biometrics for security, retailers are further taking advantage of facial-recognition systems to identify customers, and to direct them to specific products, or make recommendations based upon prior purchases. Car manufacturers are designing vehicles that require fingerprint or iris recognition to start their cars. Many cars will also automatically adjust seat location, music preferences and dashboard displays after identifying the driver. Auto companies are developing ways to monitor driver eye movements and heart rates to counter inattentive behavior and to prevent accidents. Sensors will be able to scan drivers’ faces for signs of drowsiness, track stress levels, and set phones automatically to “do not disturb.”
*For more, see PDF**