As the old adage goes, security access-control systems depend either on:
- what you know (passwords, combinations, etc)
- what you have (keys, access cards, passports etc) or
- who you are (recognition by photograph, fingerprint, DNA etc).
The reasons for this quest are simple. People forget what they know. People lose what they have. But most of all, access-control is about letting the right people through, through the door, through log-on, through country border crossings and so on, while keeping the wrong people out.
Biometrics, recordings of unique characteristics of parts of our body, offer this path to the perfect access-control system.
However, like most things in life the perfect system for one person is a nightmare for the other.
Adoption of biometric based security is happening now. The key challenge for many system developers is to prevent false negatives. False negatives are where a system denies you entry when you are entitled to entry because it cannot properly read your fingerprint, iris scan, retinal scan, face scan or other chosen biometric. The problem of false negatives is, however, relatively easily solved. Enter multi-modal biometrics. Multi-modal biometric systems can use more than one biometric to ensure that the guess as to who is at the door is the right person.
Multi-modal biometric system development is, accordingly, all the buzz. The flip side to this marvellous technology is that multiple biometrics will tell our computers more than just who we are.
Combinations of biometrics, all today’s technology, could determine that:
a) you are drug-affected (retinal and iris scans)
b) you are angry (face or lip scanning using thermograms or eigenface [face pattern] technology)
c) your blood pressure is high (using capacitative fingerprint scanners).
The problem with such a system is what the employer can do with such information. Ignore it and destroy it and the supporters of privacy and human rights will be satisfied. Use it to prevent illegal entry (of any sort) and the supporters of law and order will rejoice. Use it for good to prevent entry of a drug-crazed, angry, homicidal employee determined to mow down fellow employees and the system administrator will be a hero.
Like so many good things, the uses of such marvellous technology do not need to stop there. If we can take health readings 10 times a day as employees walk in through access-controlled doors or log on to computers, why not store that data and data-mine it to find employees with health risks or poor health practices? After all, if we find that an employee drinks at lunchtime, and intervene, the good will be reduced absenteeism, better productivity, reduced erratic behaviours with other employees and customers, better interpersonal relationships, lower long— term health costs through early intervention and reduction in dangers from drunken operation of cars and plant and equipment.
These are all powerful arguments for the good of multi-modal biometrics being extended into real-time people monitoring.
Use of real-time multi-modal biometrics not only will happen but is happening. Cars being fitted with breath testers for the recidivist drunk driver are one example of the start down the track. There are many other occupations where the greater good argument is so compelling it will be hard not get trampled in the rush. For example, safety is uppermost in the minds of people who fly. It will comfort the passenger to know that the pilot is the right pilot and is health monitored.
Where or how to draw the line will be more than just a matter of the individual employer’s choice. The hard issue that has emerged between the right to know and the right to use (that has to date primarily been focused around use of genetic information) will now have an added degree of complexity.
Our worries that our children might be declined medical or life insurance because of, say, a genetic predisposition to a form of cancer or heart disease may be added to with worries that their metabolism demonstrates (detected through biometric monitoring) inadequate seratonin generation in the afternoons. We will also want the benefits of safer workplaces, earlier health interventions and simply the possible convenience of never having to carry a credit card, keys, passports and remembering passwords ever again.
The development of jurisprudence or philosophy of law as to how we imperfect beings are going to be able to live in an even more perfect-seeking world, has only just begun. This debate is not one only for scholars cloistered in the halls of the great universities, it is a necessary debate for all of us. It is also a debate that, if not had before biometrics become a way of life, will be lost by default.
Horrocks is a partner of Clendon Feeney’s technology law team. This article, together with further background comments and links to other websites, can be downloaded from www.clendons.co.nz. Questions and comments are welcome to email@example.com.