It’s clear that biometric recognition technology is making our daily lives significantly easier. You may have a phone that you unlock with a fingerprint, a laptop that you unlock with a smile (facial recognition), or a customs station you can get through quickly by giving both a fingerprint and a smile. In many ways, these are also improving security – it is much harder for a malicious actor to guess and spoof a fingerprint than it is for them to do the same with a password. For reasons like these, biometric improvements have been an asset to modern life.
However, as the use of these technologies grow, we need to make sure we have regulatory frameworks that ensures the use continues to be ethical. Based on current trends, there seems to be a spectrum of possible uses, that vary based on who uses the data (the individual/another organization) and for what purpose (to improve life of the individual/for societal needs). For now, I’m focusing this towards public use (private company use would be different):
Stage 1: Biometric use only by individuals for their quality of life (ex: unlocking a device).
Stage 2: Biometric use of an individual by other organizations, to provide greater ease for the individual (ex: automated customs stations, ClearMe airport security clearance).
Stage 3: Biometric recognition techniques used for law enforcement purposes, only for scenarios involving an acute danger/threat.
Stage 4: Biometric recognition techniques used for any law enforcement.
Stage 5: Biometric recognition used for general surveillance and monitoring.
I believe that as a society, we should push our regulators to create laws that cap the use of this technology at stage 3. The examples at the top of the blog are both stage 1 and 2. Stage 3 would be cases like the use of biometric software to identify suspected terrorists, armed criminals, or in other cases where there is a direct threat to people. Faster identification and tracking of these people would significantly improve the safety and lives of many individuals.
To understand stage 4, we can look at some of the techniques being used today by the Chinese government. Forbes has an article with great depth about the use of just one biometric technology, facial recognition, by the government. One of the striking examples is the case of using facial recognition software along with traffic cams to capture jaywalkers, and then post “personal information, including names and home addresses…on screens at the side of roads as a warning.” The crime was much less severe than something that would qualify for stage 3. However, law enforcement used the same type of technology, and then leveraged it in a way that potentially also poses a privacy violation.
I think there are many regulatory guidelines and protections that would prevent us from getting to stage 5 – that would be a Big Brother type scenario. Once we reach this stage, there is a high potential for violation of free speech, freedom of expression, and other individual rights.
The use of biometrics is quickly expanding, and more organizations both in the public and private sector are looking to leverage these better. At the same time, we need to make sure that we have regulatory frameworks that cap the use of biometrics to an ethical level, and robust discussions to establish exactly what that level is.
TechLawLogy: The Art and Science of Technology Policy 