pz wrote:
Why isn't automated video surveillance considered biometric? Isn't the point of biometric identification to reduce personally-identifiable features into a code which can be easily stored and referenced computationally? And if so, this video surveillance system, with its automated face recognition software, should be considered a form of biometric identification.
It is biometric.
Further, if the category "personal information" isn't just about medical history, financial records, etc., shouldn't it include photographs and video and voice?
It should. Realize the IBIA has been very responsible, in comparison to other industries. They had some problems with the CA bill, but left a lot of the safeguards. The industry wants to see safeguards - but yes, they serve their own interests. Go look at the IBIA membership - where are the privacy advocate positions? They do have some noted advisors. They offer a membership for end-users but it is more expensive than one of their lower-tier vendors. I see the reasons for it, common in many industry associations. However, I wish more of them (specifically, the IBIA and the SIA - Security Industry Association) would establish formal advisory relationships with privacy advocacy groups. I advocate a *new* privacy advocacy group for security-privacy and surveillance.
Obviously the IBIA demonstrating naivety when it says biometrics are simply "electronic code" and not personal information.
:)
(which reminds me of a speaker at biotech 2001 who advocated the sharing of all mri and xray images to futher research into computational biology -- as for privacy "we'll figure it out later".)
That's a big medical privacy issue. Interesting cases on that. First Monday just had an interesting paper on blind research infomediaries...I was trying to turn it into something we had talked about privately...go over there an look....didn't look like it would work.
The rest of the privacy policies of the IBIA (http://www.ibia.org/privacy.htm) are horribly off the mark as well. What about the concept of individual rights to provide/not provide data; insure that the $7/hour rent-a-cop is monitored to make sure he isn't using data illegally; insure data won't be used in applications/research not already agreed-to in advance by the individual; individual right to not have biometric information collected in the first place or even opt out of existing databases, etc. etc.?
Ah, fair information code of practice - yes, indeed. However, security-privacy is a unique juncture. I argue that they should incorporate more of these standards. I don't like their principles approach. Show me exemplar guidelines that are comprehensive in nature. Show me a accountability. HYPO: -deleted as to too sensitive and cypherpunk-provoking- Sent to you privately. HYPO: Are we moving to a biometric crypto-passphrase? Good/bad? Why? HYPO: No hypo, but I just heard something about ANONYMOUS biometric digital cash. How the hell do you do that? ~Aimee