Concerned about the erosion of civil liberties, in the U.S. during 2020, Senators Bernie Sanders and Jeff Merkley introduced the National Biometric Information Privacy Act.
“We can’t let companies scoop up or profit from people’s faces and fingerprints
without their consent.” This is the central thrust of the legislation, according to Senator Merkley.
The politician has also said: “We have to fight against a ‘big brother’ surveillance state that eradicates our privacy and our controller of our own information, be it a threat from the government or from private companies.”
Yet to be passed, the bill has saved the way for a national conversation (mirroring similar discussions worldwide) between lawmakers to debate new rules for biometrics, facial recognition and other far-reaching technologies that can erode privacy.
Meanwhile, actions related to biometrics continues to occupy the legal system. In 2021, the Federal Trade Commission (FTC) undertook action and agreed a settlement with the California-based developer of a photographic digital storage app. The company had been accused of deceiving consumers about how it used and stored facial recognition technology.
Central to the data security concerns are with what happens if biometrics are poorly understood or implemented?
Biometrics refers to the measurement and statistical analysis of people’s unique physical and behavioral characteristics. The primary application relates to identification and access control.
Considering some of these essential issues is the security firm BehavioSec. The company has published a research paper by noted mobile, cybersecurity and privacy analyst Alan Goode.
The paper explores whether advanced behavioral biometrics – identifying people based on how they uniquely swipe, type, and hold devices – can coexist with tougher, multiplying privacy regulations around the world, like GDPR, CCPA and others. The paper also addresses biometrics modalities and how their differences impact security, compliance, and data privacy.
To unravel this important questions needed to be asked and eventually answered. This will include asking where do the next wave of behavioral-based technologies fit? Moreover, the question can be posed as to whether behavior-based technology improve things? Or, instead, will they make matters much worse?
For example, some are concerned about high risks of miscalculations, wrongful accusations, and infringements of civil liberties. Critics in the US have also signaled a conflict between biometric applications and the 4th Amendment.
However, the central question and its associated debate is with how new technologies will impact upon our delicate balance between security and privacy? It follows that consideration is needed as to how the technologies will relate to existing or proposed regulations. Do, for example, we need a new regulatory framework, and does it make sense for this to adhere to a global, enforceable standard?