What the biometrics industry says about privacy, surveillance
Declan McCullagh
declan at well.com
Mon Feb 5 19:37:29 PST 2001
**********
Background:
http://www.politechbot.com/p-01696.html
http://www.politechbot.com/cgi-bin/politech.cgi?name=biometric
Biometric-enabled laptop:
http://www.cnn.com/2001/TECH/computing/02/02/biometric.security.idg
Time magazine on "Welcome to the Snooper Bowl":
http://www.time.com/time/magazine/article/0,9171,98003,00.html
National Basketball Association vows no face-recog at All-Star Game:
http://www.nypost.com/technology/23123.htm
AP article on Utah officials considering face-recog for 2002 Olympics:
http://inq.philly.com/content/inquirer/2001/02/03/sports/OLY03.htm
**********
http://www.ibia.org/pressrelease19.htm
Biometrics and Privacy:
Industry Policy on Crowd Surveillance
February 2, 2001, Washington, D.C. --- During last months Super Bowl
game in Tampa, Florida, local officials conducted a trial that used
software technology and video surveillance systems to compare fans
entering the stadium against a database of suspected criminals and
terrorists. In view of these events, IBIA and its member companies
believe it is appropriate to reiterate industry policy on the use of
biometrics by government agencies, and to offer guidance to any
entities that are considering the use of biometrics in public places.
On March 24, 1999, IBIA adopted Privacy Principles that were intended
to encourage biometric manufacturers, integrators and end users to
ensure that biometric data cannot be misused. In announcing the
principles, Bill Wilson, Chairman of IBIA, said we are acutely
conscious of the need to protect personal information in any biometric
application. The industry is taking this step to promote
self-regulation in the private sector, encourage clarity and
transparency for users, and provide guidance on matters that may
require legislative action in the public sector.
The first IBIA Privacy Principle calls for safeguards that ensure
biometric data is not misused to compromise any information, or
released without personal consent or the authority of law. Concerning
the use of biometrics in the public sector, IBIA recommends in the
third Privacy Principle that clear legal standards should be developed
to carefully define and limit the conditions under which agencies of
national security and law enforcement may acquire, access, store, and
use biometric data. The full text of the IBIA Privacy Principles is
available online at http://www.ibia.org/privacy.htm.
IBIA members implement these principles by urging users to follow
three practical steps, says Richard E. Norton, Executive Director of
IBIA. Our companies recommend that clear signage or other means of
notification be used to inform everyone that video imaging and facial
recognition technology are being used in any public area. They also
advise users that the images should be used only to make comparisons
against known violators, and in no circumstance should nonmatching
images be retained in a database once the comparison has been
conducted. Finally, they remind users that all applications of
biometric technology must comply with existing law governing the
storage and use of data by public agencies, adds Norton.
IBIA was formed in September 1998 and has 27 member companies, and is
open to all biometric manufacturers, integrators, and end-users who
agree to abide by the IBIA Statement of Principles and Code of Ethics.
Biometric technology involves the automatic identification or identity
verification of an individual based on physiological or behavioral
characteristics. Such authentication is accomplished by using computer
technology in a noninvasive way to match patterns of live individuals
in real time against enrolled records. Examples include products that
use face, iris, hand, fingerprint, signature and voice measurements in
environments such as border control, information security, physical
access control, financial transactions, time and attendance, law
enforcement, and other civil and government applications.
For further information please contact Mr. Norton, at phone (703)
250-0206.
**********
http://www.ibia.org/privacy.htm
IBIA Privacy Principles
1. Biometric data is electronic code that is separate and distinct
from personal information, and provides an effective, secure
barrier against unauthorized access to personal information.
Beyond this inherent protection, IBIA recommends safeguards to
ensure that biometric data is not misused to compromise any
information, or released without personal consent or the authority
of law.
2. In the private sector, IBIA advocates the development of policies
that clearly set forth how biometric data will be collected,
stored, accessed, and used, and that preserve the rights of
individuals to limit the distribution of the data beyond the
stated purposes.
3. In the public sector, IBIA believes that clear legal standards
should be developed to carefully define and limit the conditions
under which agencies of national security and law enforcement may
acquire, access, store, and use biometric data.
4. In both the public and private sectors, IBIA advocates the
adoption of appropriate managerial and technical controls to
protect the confidentiality and integrity of databases containing
biometric data.
**********
More information about the cypherpunks-legacy
mailing list