Biometrics: Does Convenience Outweigh Privacy?
Jarret Roberts and Sejal Patel
Eight years ago, the tiny ridges that make up a fingerprint meant little more than a way for crime scene investigators to identify suspects. Now, in the world of 2007, they are linked to everything from bank accounts to national identification systems. Consumers can pay at grocery stores literally with the touch of a finger, and employees do not need to carry around security cards because they can use their fingerprints to gain access to restricted areas. “Biometrics is the science of measuring biological characteristics and behaviors for the purpose of determining or verifying identity” (Langenderfer and Linnhoff 314). Even though fingerprint scanning is the most widely used and known form, the entire biometrics field is quickly becoming integrated as a standard in both the consumer and business world. The rapid expansion of an industry so closely tied to extremely personal information raises the question: are the conveniences created by biometrics worth the sacrificed privacy?
Much of the attention surrounding biometrics has focused on accuracy and reliability (Carpoor 48). While this chapter will touch on the topics of accuracy and reliability, the main focus will be to explore the ethics, convenience, and security issues integrated within biometrics. The first section of this chapter will present a brief introduction to the topic of biometrics. From there, the role of this chapter will be to present research findings on the perceptions surrounding biometrics, regarding the trade off individuals face between ethics, convenience, and security.
An Overview of Biometrics
Biometrics originally stemmed from the need to identify victims though forensics (Carpoor 48). While early forms of the technology required an expert to analyze and make conclusions based on human experience, the integration of technology allowed biometrics to be implemented on the mass scale seen today. In early 1998, Visa began the first commercial integration of biometrics by linking credit accounts to the fingerprints of participants in a pilot study (Cuneo 24). From there, the industry grew to reach revenues of over $800 million in 2003 and is now projected to more than triple by 2008 (Allan 77). In addition to the aforementioned fingerprint scanning, biometrics includes face recognition, hand geometry, iris scanning, voice recognition, signature recognition, retina scanning, ear/lip motion recognition, body odor analysis, skin reflection analysis, nail bed analysis, body shape analysis, dental analysis, and DNA recognition. (Langenderfe and Linnhoff). All of these functions require a two-step process, “enrollment” and “authentication,” to verify identity (Langenderfe and Linnhoff 315).
How It Works
Biometrics works by first enrolling information and then later using that information to authenticate an individual’s identity. In the first step, enrollment, data collected and the individual’s data points are linked to her identity. The purpose of this first step is to create a data set that can later be compared to data points during authorization. In the case of biometrics, enrollment is unique because of the biological and behavioral information collected. Unlike many current forms of collected identifiers, such as Personal Identification Numbers (PINs), the data collected for a biometric data set is physically linked to its owner. For example, an individual’s fingerprint could be scanned into a database, and then linked to the identity of the individual it came from. As will be seen, this link to the physical form is the source of much convenience, but also a great deal of ethical debate. After enrollment, new data can be compared to the existing data set through the second step, authentication. The data being collected is in the form of biological or behavior attributes. Again using fingerprints as an example, an individual scans a fingerprint into a system that searches a data set of fingerprints to determine if there is a match.
Matching is not a simple process. To authenticate these individual data points against the data set, they must first be translated into a form that is easily comparable and readable. In order to accomplish this conversion, physical information, such as fingerprints, is translated into vectors or equations (Langenderfe and Linnhoff). The equations generated are easily read and compared to each other by computers when run through algorithms. Authentication is granted if the equation fulfills the requirements of the algorithm. In the case of fingerprints, the scanner would take a digital image of the fingerprint. From this image an equation would be written describing features, such as a ridge splitting or the center point, along with the location of these features. This equation is then run through an algorithm and if the features and their locations match, authentication is granted.
If authentication is granted it can come in two distinct forms: identification and verification (Hong, Yun, and Cho 502). Identification, the first type of authentication, occurs when a newly acquired data point is compared to a pre-existing set to see if the point can be identified via the set. In this case, a name or some other identifier would identify an individual by scanning their fingerprint individually. In the other type of authentication, verification, a data point is compared to a set in which it may or may not exist. If, for instance, a security guard scanned his finger, and that data point existed in the authenticating data set, he would be verified and granted access without actually being identified as an individual.
No two scans will ever be exactly alike even if they are of the same image. For example, fingers placed at slightly different angles create a much different image than the one created during enrollment. Further, an individual may have a paper cut, or some other new abnormality, running across the middle of a finger which was not there when the original enrollment image was scanned. Thus, even with the most advanced technology the vector renditions are never exact and limits must be set as to which data points pass and which do not. Setting very stringent criteria for matching ensures a much lower likelihood of false positives. However, setting such stringent limits also drastically increases the number of false negatives. The opposite is true for setting an intensely lenient limit. There will be fewer negatives that should have been authenticated, but false positives will register more often. While finding a balance between stringent and lenient limits is a constant source of debate, the effects on society from a false positive often outweigh those of a false negative. From a company perspective, it is better to wrongly lock out someone who belongs in a restricted area than to wrongly grant access to someone who does not belong there.
Users of Biometrics
Biometrics reaches into three main user segments: government, consumer, and business. With the recent increase in global terrorist activities, governments are pushing even harder for identification technologies that are reliable and secure. For example, “the U.S. government is pressuring twenty-six visa-waiver nations to embed biometric data into their passports” (Allan 77). Additionally, “next generation smart cards in Europe, Asia, and Japan promise to include biometrics for identification, passport visa, and driver’s license purposes” (Allan 77).
The implications of such large-scale implementation are enormous. If the UK government were to utilize biometric technology in their national identification cards, it would create a biometric database with over 50 million entries (Dettmer 26; Hornung 502). Aside from national implementation, the consumer segment will be the largest group affected by biometrics. Companies such as Piggly-Wiggly grocery store and Blockbuster Video are already beginning to allow consumers to link accounts and even payment to biometric identifiers (Langenderfe and Linnhoff 327). Finally, businesses are beginning to employ biometric technology into all aspects of employees’ workdays, from authorization to print, to accessing restricted areas. For companies, the advantage of biometrics security is the inability to transfer access. While employees can let someone borrow an access card and clock each other in, a fingerprint scanning time clock would prevent such exploitation.
Ethics of Biometric Data Collection
While lost credit cards can be canceled, and PINs reassigned, the permanence of biometric data magnifies the ethical debate about its collection. Perhaps one of the greatest concerns revolves around the possibility of a breach in a biometric database. All too often, it is reported that personal information on a company’s system or Website has been compromised. In the case of biometric data, a compromise of biometric databases would have much more permanence. Once a fingerprint is compromised, it is impossible to exchange it because of its physical link to the owner. Individuals cannot simply cancel their current fingerprint and get a new one. This physical link and permanence are, however, what make biometrics such a convenience.
The permanence and extreme individuality of biometric identification factors make data exchange and tracking easier than ever (Langenderfe and Linnhoff 330-334). The consolidation of identification biometrics provides, and often leads to one form of identification. In turn, this allows for easier tracking of individuals. At the same time, the biometric identification factors are both unique and universal, again creating an ease of sharing consumer information. While some argue linking databases could allow the capture of criminals that otherwise would have dodged apprehension, there is a greater cost to society to consider. Such ease in tracking could easily be taken to an extreme. It is possible that tracking could lead to a society where every violation, no matter how small, is tracked though the use of biometrics. If this were to escalate, the world could transform into a “Big Brother” society. It is also realistic for corporations to be able to track and link consumers’ every interaction with a biometric scanner, permitting the formation of in depth consumer profiles. Individuals have always had to balance the convenience of technology with its intrusiveness. Now, however, technologies such as biometrics utilize one of the last unexploited pieces of information individuals have, their biological characteristics.
Convenience of Biometrics
While the ethics of biometrics are still a major debate, the potential convenience is often viewed as the beneficial contribution society will receive from the technology. Biometrics removes the inconvenience of being without identification. In a survey by New York based Biometrics Group, 240 random consumers were questioned as to their preferred form of security. According to a recent poll by US Banker, fingerprint scanning ranked nearly three times higher than traditional passwords. The reason given for such a high ranking was closely linked to the convenience. Imagine a society where a wallet or purse is a thing of the past. Additionally, biometric identifiers add convenience because, for the most part, they do not change over a person’s lifetime, eliminating the need to physically renew cards. DNA and even finger print samples taken from a newborn will be nearly identical to those taken from the same individual decades later. Waiting in line for a license at the Department of Motor vehicles would no longer be necessary.
Next, since biometric data is a physically stored type of data it cannot be lost, forgotten, or easily stolen. Thus, remembering many different passwords or leaving behind credit cards after purchases would be a thing of the past. Having an identification or credit identifier that cannot be lost or physically stolen would greatly reduce the fraud currently seen with credit cards. Finally, biometrics has the potential to make life more convenient by reducing theft. If computers and cell phones were integrated with biometric sensors, they would be useless to anyone but the owners. For thieves, the desire to steal them would be greatly reduced because the stolen goods would have little value to anyone except the owner, whose fingerprint is needed to unlock the goods. The convenience linked to biometric sensors continues to fuel the debate over its ethics.
Security Implications of Biometrics
Biometric technologies have tremendous potential to strengthen national securities by uniquely identifying individuals. As previously mentioned, many governments are currently putting a great deal of effort into the development of nationally linked biometric identification systems. One major problem with such implications is enrollment. In order for an individual to be authenticated as a criminal or suspect they must first be enrolled and classified as one. It is unlikely that many criminals or terrorists will willingly enroll in biometric databases, and it is likely, these will not be the only groups opposed to enrollment. Some religious groups, such as Mormons, discourage or even prohibit the use of technology. If biometric systems were put in place, would these people then be excluded from societal interaction or would a by-pass have to be allowed? Any form of by-pass would compromise the security of the system. However, it will almost certainly be necessary for such bypasses to exist. It is inevitable that no matter how accurate the technology behind biometrics becomes, there will still need to be some way to by-pass the system. Due to the false positives that will occur, even at the smallest of percentages, and the potential for technology failure such as a power outage, the overall security of biometrics will only be as strong as its weakest part.
There are also security concerns about biometric tracking, which is “real-time or near-real-time surveillance of an individual,” and mapping a person’s past habits to make or reconstruct someone’s path (Arthur 6). Such tracking could provide enormous security and is becoming closer to a reality. Iris scans now can take place from up to twenty-four inches away (Langenderfe and Linnhoff 319). The implications of such technology lead to the concern that individuals will soon be tracked with little knowledge of such happenings. In much the same way, hidden cameras now cover much of the public and consumer world; soon, biometric scanners could track individuals. Again, it is a trade off of convenience and privacy. It would be convenient as a society, if criminals could be located and apprehended in a matter of moments due to the tracking capabilities. At the same time, our society must weigh the ethical implications of giving up so much privacy.
Future Obstacles for Biometrics
The advancement and acceptance of biometric technology globally shows that consumer acceptance and trust is growing exponentially. Companies are also adopting biometrics at an amazing rate. The Aite Group, a research firm in Boston, predicts that in January 2009, 35% of financial institutions will have deployed biometric technologies (Allen 77). The International Biometric Group of New York also projected in January, that global biometric revenue would rise from $2.1 billion in 2006 to $5.7 billion in 2010 (Allen 77). However, biometrics must surmount some very real concerns before becoming common in everyday life, especially in the areas of cost and accuracy.
Cost is one major concern. Currently, the cost to produce and implement biometric technology is beyond what many companies can afford to pass on to their consumers. United Airlines mandated 400 of its employees to use biometrics technology to gain access to their network and log their work hours. The total cost for this one biometric project cost millions of dollars for the United States (Costanzo 6-11). For smaller companies, the cost of implementing biometric technology may not be realistic. "Eventually the industry will provide biometric solutions that will be more acceptable to a wider audience, making it more affordable to everyone,” stated Ken Silveira, the chief information officer at Bridge Bank in San Jose (Costanzo 6-11). Until economies of scale combine with cheaper technology, cost will be a major hindrance on the growth of biometrics.
Another major obstacle facing biometric technology is the possibility of error. Even though the International Biometric Group states that in the last decade biometric technology has become “a lot more accurate, with less than a one percent False Rejection Rate (FRR),” error is still a major concern (Bruno 41). If in the aforementioned case of the UK implementing a national biometric system with 50 million data points, a one-tenth percent FRR occurred, it would mean that 50,000 data points would be falsely rejected. False identification could have implications just as harmful; “Oregon attorney Brandon Mayfield was wrongly jailed for two weeks because his fingerprint purportedly matched one found at the scene of the Madrid bombings in March 2004 (Langenderfe and Linnhoff 228). It is highly likely that accuracy will never reach 100%. With this in mind, society must consider the cost of error that will occur, compared to the convenience provided.
Design, Methodology, and Approach
As mentioned, the research done for this chapter examined individuals’ views regarding the sacrifice of privacy for the convenience that biometric technology provides. To allow the full exploration of this topic, in-depth personal interviews were conducted with twenty-four respondents. Respondents were selected to yield a balance of age, gender, profession, and interests. This allowed a greater variety of perspective on the subject. A set of ten predetermined questions was the concentration of the interview. However, respondents were encouraged to expand upon topics. The questions were designed to assess the sample perceptions surrounding biometric technology, the ethical obligation of collecting personal information, how security weighs in on technology today, and how important convenience is in individual lives. The interviews were conducted in person and lasted between fifteen and twenty minutes. Questions were designed with as little bias as possible to allow respondents to reply positively or negatively. The focus was to extract trends that either bridged the entirety of respondents or were isolated within homogeneous segments of respondents. Thus, major themes regarding ethics, convenience, and security of biometric technology in individuals’ lives could be compared to trends regarding the sacrifice of privacy.
Responses on Ethics
“I do not think it is ethical. It’s the last piece of privacy a human being has,” one respondent begins. Nearly all interviewees expressed concern about the ethics of collecting biometric data. Additionally, respondents were concerned about the collection of personal information such as address and social security number. Nevertheless, a majority of respondents said they willingly gave up personal information without knowing its end use. As one respondent stated, “I give it to them, but I don’t think they need it. I don’t know what they do or might do with it.” Individuals realized there were ethical dilemmas in giving up personal or biological information, but were still willing to do so. “We are getting to the point where we do so much of it [giving out information] that we are getting jaded as people,” one interviewee stated. Another respondent affirmed this claim when she stated “it’s kind of one of those things you don’t have a choice on. It’s like if they decided to get rid of the penny, do you really have any choice in it?”
The interviews revealed that while respondents immediately expressed concern about the implications of biometric data collection, they were not opposed and seemed optimistic regarding the possibilities it could provide. New technologies such as biometrics were seen as the solution to current problems, and the ethical implications were put aside in the minds of respondents. Consequently, while biometric information was viewed as the last piece of personal information left to be exploited, it was also something individuals were willing to consider sacrificing for a more secure and convenient future. As one respondent concluded, “it depends on how the information will be used, and what they tell me it will be used for.”
Whether consumers consciously guide and limit the integration of biometrics, or simply accept it as the next progression, has yet to be seen. Holding biometric data collection to a high standard and limiting data exchange will reduce some of the ethical issues surrounding biometric systems. However, there will always exist some ethical debates on the collection of “the last piece of privacy a human being has.”
Responses on Convenience
“Biometric technology would, in the end be more convenient,” one respondent replied when asked to comment on how biometrics would affect his life. The majority of respondents believed that biometrics would, to some degree, add convenience to their lives. However, older respondents, over the age of forty, were more concerned with the tradeoff of privacy for convenience than respondents under the age of twenty. As an older respondent reported, concern is carried over from current technologies and projected on biometrics. “Well, you know when you pay bills online, you have to give them all your information, your credit cards. No, I don’t think it’s secure. But you do it, ‘cause it makes your life more convenient.”
The reported willingness to sacrifice privacy for technology lead to a few conclusions. First, individuals may not be informed about the privacy implications associated with technologies, such as biometrics. Second, individuals may understand, but may not be concerned with the implications. Finally, individuals may be subject to a lack of both understanding and concern. The qualitative data provided by interviews showed a variation of all three responses throughout the entire set of those willing to forgo parts of their privacy. One respondent expressed understanding but a lack of concern with privacy issues, when she described the security of technology in society as being an “illusion of security.” Later, when questioned about privacy and convenience, this same respondent stated, “biometric technology would, in the end, be more convenient.” A second respondent’s comment exemplified the idea that individuals knowingly trade privacy for convenience. “[New technology is] part of the reason they’re getting all the information. They can keep track of what you do easier (sic) because of all that stuff.” At the same time, this respondent stated that, “you can really see the benefits of technology,” showing a knowledge of sacrificing privacy, but also a willingness to do so. The overall trend found in respondents was an acceptance of new technologies that provide greater convenience, even at the cost of privacy.
Responses On Security
From the subjects interviewed, there was a general theme that respondents believed biometric technology would provide more security than current technologies. “I think they would be more secure. For instance, if they took fingerprints or retina scans, those are my distinct features and they are not easily copied or cannot be easily hacked using some computer” one respondent replied. The idea that biometric data would be carried by the owner and not left on a computer appeared in many interviews. However, the conclusion was also drawn that the perceived security of biometrics will be greater during the introductory phase of the technology and, then lessen over time. This is due to the belief by respondents that any technology can and will be broken into.
While respondents believed that a greater security would be provided by biometrics, they also thought it would only be a matter of time before it is exploited. As one respondent explained, “technologies are insecure because if someone can write it and make it secure, someone can hack it.” Individuals’ belief and trust in new technology may stem from this idea that new technology is secure for a short while, but later becomes compromised. One interviewee described, “I’m sure someone’s going to figure out how to break it [biometrics] and there’s always going to be someone who will figure it out.” From this respondent’s answers, it was inferred that the idea of security with emerging technologies has very little permanence, even with biometric technology. While there was a strong acceptance, and trust, in the promise of improved security from biometrics, there was also reason to believe that individuals would be quick to change their minds if biometrics does not fulfill its promise.
The information collected for this paper provided many insights. Still, as with any research, there are limitations. This study was done over a period of two months. One of the major benefits of conducting research over a short period of time is the snapshot it creates. This is especially relevant for such a rapidly evolving topic. On the other hand, the short time frame limits both the quantity of data it is possible to collect, and the ability to track trends over time. In addition to these issues, the global aspect of biometrics raised some other concerns around the methodology and research findings. Using one location, Boulder, Colorado undoubtedly added bias to such a global topic. Given more time and the opportunity to expand the survey area, it would be interesting to see how geography affects the opinions on biometric technology’s role in privacy and convenience. Not only would a larger geographic area reduce location bias, but it would also allow for a larger sample size creating greater statistical significance. Finally, a larger, more geographically balanced sample would provide a more even distribution within gender, age, and profession.
The research concluded that there were major trends in ethics: the convenience and security of biometrics, and the sacrifice of privacy. According to the sample of respondents, biological information is ultimately the last unexploited piece of individual’s identity. However, many of the individuals were quick to consider its sacrifice in order to live a more secure and convenient future. While respondents had consideration, it was not black and white. There was concern about how the information would be used and if there would be policies in place to protect biometric information. It was clear that regardless of the policies, it would only help control the debate over biometric technology’s ethics. Additionally, respondents’ answers helped conclude that the idea of security is nonexistent in today’s technology, and that the integration of biometric technology would only give the “illusion of security” for the short term. Finally, it was also concluded that many of the respondents see technology as ever changing and only a step ahead of being cracked.
Ultimately, this research paper sought to answer the question: is the convenience created by biometrics worth the sacrificed privacy? Many of the respondents felt there would be an inherent beneficial implication of convenience in their lives from biometric technology. However, it was the respondents over the age of forty who feared and questioned the tradeoff of privacy and convenience. Conversely, the respondents from the ages of eighteen to twenty-five, who will be the leaders and consumers of tomorrow, were not as concerned with their privacy being exploited.
Today’s world is a place where convenience is on the forefront of every consumer’s mind. In this fast paced, evolving world, new technologies are proving to be a balance of intrusion and convenience. Biometrics is quickly becoming integrated into the consumer and business world. Clearly, biometrics will bring convenience to consumers; however, it will also cause a loss of privacy. In the end, the degree of the privacy lost will depend on how involved consumers are in the integration of biometrics.
Allan, Roger. “Biometrics Wields a Double-Edged Sword.” Electronic Design; 6/30/2005, Vol. 53 Issue 14, p77-81, 3p, 4 diagrams, 1 graph, 2c.
Bruno, Mark. “That's My Finger.”Bank Technology News; Mar2001, Vol. 14 Issue 3, p41-42, 2p.
Capoor, Sapna. “Biometrics as a Convenience.” Security: For Buyers of Products, Systems & Services, Dec2006, Vol. 43 Issue 12, p48-50, 2p.
Charndra, Akhilesh; Calderor, Thomas. “CHALLENGES AND CONSTRAINTS TO THE Diffusion of Biometrics IN INFORMATION SYSTEMS.” Communications of the ACM, Dec2005, Vol. 48 Issue 12, p101-106, 6p.
CHO, SUNG-BAE; HONG, JIN-HYUK; YUN, EUN-KYUNG. “A REVIEW OF PERFORMANCE EVALUATION FOR BIOMETRICS SYSTEMS.” International Journal of Image & Graphics, Jul2005, Vol. 5 Issue 3, p501-536, 36p.
Castanzo, Chris “Suddenly Biometric ID Doesn’t Seem Like Science Fiction.” American Banker, June2006, Vol. 171 Issue 107, special section p6-11, 5p.
Cuneo, Alice Z.. “Let your fingers do the paying.” Advertising Age, 10/4/2004, Vol. 75 Issue 40, p24-24, 2/3p, 1c.
Dettmer, Roger. “SAFETY IN NUMBERS.” IEE Review, Nov2004, Vol. 50 Issue 11, p26-29, 4p.
Hornung, Gerrit. “Biometric Passports and Identity Cards: Technical, Legal, and Policy Issues.” European Public Law, Dec2005, Vol. 11 Issue 4, p501-514, 14p.
Langenderfer, Jeff; Linnhoff, Stefan. “The Emergence of Biometrics and Its Effect on Consumers.” Journal of Consumer Affairs, Winter2005, Vol. 39 Issue 2, p314-338, 25p.
Ploeg, Irma. “Biometrics and Privacy A note on the politics of theorizing
technology.” Information, Communication & Society, Mar2003, Vol. 6 Issue 1, p85-104, 20p.
“That’s My Finger.” U.S. Banker. Feb2001, p20 1p.
Back to Top