Computerworld – IT news for New Zealand's ICT community

Biometrics: privacy concerns over scope creep

Privacy Commissioner sees risk of fear, privacy invasion and identity theft, but wants to avoid regulation

By Stephen Bell, Wellington | Thursday, 21 October, 2004

Initial public consultations on the use of biometrics for security show the most concerned section of the public are those having substantial experience with ICT, either as commercial users or intensive home users, says former Australian MP Terry Aulich, project manager for an emerging Australian industry code of practice.

This, he agrees, suggests that fears, principally of “scope creep” — the biometric identifier being used for purposes not acknowledged in the original specification — could be well-informed and based on previous experience of privacy failure and "creep", rather than just vague worries or science fiction scenarios.

Aulich was speaking with Computerworld during a break at a Wellington conference on the topic this month.

Australia and New Zealand “should be working very closely” on the privacy implications of the fast-moving implementation of biometrics for security and identification, Aulich says. Similar businesses (often the same businesses) and government styles operate on both sides of the Tasman, and the two countries’ peoples have broadly similar attitudes to civil liberties and limits on the information that can and should be gathered about private individuals, he says.

The industry in Australia is currently evolving a code, which Aulich says is preferable to government regulation. Apart from the danger of heavy-handed law followed by “underground” avoidance, there is an abiding public suspicion of governments as potentially the worst abusers of privacy and the least desirable bodies to be regulating it.

Nor can a US-style free-enterprise competitive environment be depended on to produce the most appropriate set of practices, Aulich says. All stakeholders should be consulted. “We should try to arrive at a set of reasonable expectations [of the way the technology should be used] between government and citizens and between citizens and commercial institutions."

The Biometrics Institute — probably the most influential biometrics industry body in Australia — sees the need for the code to inspire “public confidence in the new technology”, Aulich says.

Before his formal address to the conference, New Zealand’s Privacy Commissioner, Marie Shroff, gave the New Zealand view. Government and the Commissioner’s office here have been amenable to voluntary industry codes (in fact Aulich suggests that New Zealand relies more on them and less on legal sanctions than Australia does). “If the industry does not produce a code, government and people like me will,” she says.

There is ample potential for scope creep if the use of biometrics is left uncontrolled, Shroff warned. Potential abuse includes potential demand for biometric identifiers for authentication in new areas, once they have initially been issued (there is already a New Zealand company which uses them for signing on to record hours worked); also, additional data can be attached to a biometric, permitting expansion of its use, and there is the potential for surreptitious reading of biometric characteristics for covert surveillance in public. The classic example is the US experiment in facial recognition over the crowds at a Superbowl game.

It may be argued that the technology is “just” another identifier and not ethically questionable in itself: “technologically neutral”. “The technology may be neutral but its use is not … [public concern] might be a zephyr now, but could grow to a gale,” Shroff says.

She quotes Roger Clarke, principal of Xanax IT consultancy and visiting fellow at Australian National University, who in 2001 called for a moratorium of the technology, which he described as “extraordinarily threatening” and having been implemented very badly. “I do not neecessaily see the situation as so dire,” Shroff says, but biometrics combine a seductive appeal with a danger of privacy invasion and real loss in the event of identity theft. While a stolen ID number could be quickly replaced, a stolen biometric potentially creates much more of a problem.

Many people would want, like Clarke, to stop and think, but the pressure of perceived benefits could act against such sensible deliberation, she suggests.