[LINK] biometrics paper

[stephen at melbpc.org.au]

Marghanita da Cruz (and Tom) write,

> Information management capability matrix draft for comment  ...
> http://naa.gov.au/records-management/development/qualifications/draft-
matrix.aspx

Hmm .. 

Not one specific mention of privacy in this whole records-management draft 
document. Perhaps the writers have graduated from an MIT bigdata course :)

But Jan writes,

> If anyone is after a primer on biometric recognition, check this out.
> http://www.nap.edu/catalog.php?record_id=12720

Interesting reference Jan. This book certainly examines broader issues ..

(Quote)

Cultural, Social, and Legal Considerations

Biometric systems assume and require an intimate relationship between 
people and technologies that collect and record the biological and 
behavioral characteristics of their bodies. It is therefore incumbent upon 
those who conceive, design, and deploy biometric systems to consider the 
cultural, social and legal contexts of these systems. 

Not attending to these considerations and failing to consider social 
impacts can bring serious unintended consequences.

Privacy as a Cultural Consideration

Biometric systems have the potential to collect and aggregate large amounts 
of information about individuals. Almost no popular discussion of biometric 
technologies and systems takes place without reference to privacy concerns, 
surveillance potential, and concerns about large databases of personal 
information being put to unknown uses. ("Mission creep")

Privacy issues arise in a cultural context and have implications for 
individuals and society apart from those that arise in legal and regulatory 
contexts. 

The problems arising from aggregating information records about individuals 
in various information systems and the potential for linking those records 
through a common identifier go well beyond biometrics, and the challenges 
raised have been addressed extensively.

For example, a 2007 NRC report that examined privacy in the digital age had 
a host of citations to important work in this area. A thorough treatment of 
authentication technologies and privacy, with references to a host of 
sources, appears in the NRC report "Who Goes There? Authentication Through 
the Lens of Privacy" (2003), which treats the constitutional, statutory, 
and common law protections of privacy and their intersection with modern 
authentication technologies, including biometrics. 

Record Linkage and Compromise of Anonymity

Information of various kinds about individuals is routinely stored in a 
variety of databases. Linking such information, however imperfectly, in 
order to form profiles of individuals is also routinely done for purposes 
ranging from commercial marketing to law enforcement. The biometric data 
stored in information systems have the potential of becoming yet another 
avenue through which records across systems might be linked. 

This potential raises several questions: Under what circumstances is such 
linkage possible? If undesirable linkages are technically feasible, what 
technological and/or policy mechanisms would impede or prevent them? How 
could compliance with those mechanisms be monitored by those whose data are 
stored? What criteria should be used for deciding whether these mechanisms 
are needed? 

Depending on the anticipated uses of the personal data, policy and 
technical mechanisms may have to be put in place to prevent their 
unauthorized linking.

A challenge related to record linkage is the potential for erosion or 
compromise of anonymity. Thus, even a biometric system that does not 
internally link an individual’s biometric data with other identifying 
information may fail to preserve anonymity if it were to be linked using 
biometric data to another system that does connect biometric data to 
identity data. 

This means that even a well-designed biometric system with significant 
privacy and security protections may still compromise privacy when 
considered in a larger context. 

A related challenge is secondary use of data. That is, using data in ways 
other than originally specified or anticipated. ("Mission creep")

The 2003 NRC report "Who Goes There?" examined secondary use in an 
authentication context. The challenge to privacy posed by secondary use of 
data in information systems generally, and particularly in data-intensive 
systems even without biometrics, is widely known.

Although it may seem that these concerns are specific to individuals, 
privacy considerations can have broad social effects beyond the individual.

Privacy breaches, however well-contained, can erode trust not only in the 
technological systems but also in the institutions that require their use. 

The potential for abuse of personal information can be sufficient to make 
segments of society reluctant to engage with particular technologies, 
systems, and institutions. Biometric systems carry their own particular 
privacy challenges in addition to many of those that have been identified 
for other information systems ..
--



Message sent using MelbPC WebMail Server