What the biometrics industry says about privacy, surveillance

Declan McCullagh declan at well.com
Mon Feb 5 19:37:29 PST 2001 

**********
Background:
http://www.politechbot.com/p-01696.html
http://www.politechbot.com/cgi-bin/politech.cgi?name=biometric

Biometric-enabled laptop:
http://www.cnn.com/2001/TECH/computing/02/02/biometric.security.idg
Time magazine on "Welcome to the Snooper Bowl":
http://www.time.com/time/magazine/article/0,9171,98003,00.html

National Basketball Association vows no face-recog at All-Star Game:
http://www.nypost.com/technology/23123.htm
AP article on Utah officials considering face-recog for 2002 Olympics:
http://inq.philly.com/content/inquirer/2001/02/03/sports/OLY03.htm

**********

http://www.ibia.org/pressrelease19.htm

                           Biometrics and Privacy:
                    Industry Policy on Crowd Surveillance

    February 2, 2001, Washington, D.C. --- During last months Super Bowl
    game in Tampa, Florida, local officials conducted a trial that used
    software technology and video surveillance systems to compare fans
    entering the stadium against a database of suspected criminals and
    terrorists.  In view of these events, IBIA and its member companies
    believe it is appropriate to reiterate industry policy on the use of
    biometrics by government agencies, and to offer guidance to any
    entities that are considering the use of biometrics in public places.

    On March 24, 1999, IBIA adopted Privacy Principles that were intended
    to encourage biometric manufacturers, integrators and end users to
    ensure that biometric data cannot be misused.  In announcing the
    principles, Bill Wilson, Chairman of IBIA, said we are acutely
    conscious of the need to protect personal information in any biometric
    application. The industry is taking this step to promote
    self-regulation in the private sector, encourage clarity and
    transparency for users, and provide guidance on matters that may
    require legislative action in the public sector.

    The first IBIA Privacy Principle calls for safeguards that ensure
    biometric data is not misused to compromise any information, or
    released without personal consent or the authority of law.  Concerning
    the use of biometrics in the public sector, IBIA recommends in the
    third Privacy Principle that clear legal standards should be developed
    to carefully define and limit the conditions under which agencies of
    national security and law enforcement may acquire, access, store, and
    use biometric data. The full text of the IBIA Privacy Principles is
    available online at http://www.ibia.org/privacy.htm.

    IBIA members implement these principles by urging users to follow
    three practical steps, says Richard E. Norton, Executive Director of
    IBIA. Our companies recommend that clear signage or other means of
    notification be used to inform everyone that video imaging and facial
    recognition technology are being used in any public area. They also
    advise users that the images should be used only to make comparisons
    against known violators, and in no circumstance should nonmatching
    images be retained in a database once the comparison has been
    conducted. Finally, they remind users that all applications of
    biometric technology must comply with existing law governing the
    storage and use of data by public agencies, adds Norton.

    IBIA was formed in September 1998 and has 27 member companies, and is
    open to all biometric manufacturers, integrators, and end-users who
    agree to abide by the IBIA Statement of Principles and Code of Ethics.
    Biometric technology involves the automatic identification or identity
    verification of an individual based on physiological or behavioral
    characteristics. Such authentication is accomplished by using computer
    technology in a noninvasive way to match patterns of live individuals
    in real time against enrolled records. Examples include products that
    use face, iris, hand, fingerprint, signature and voice measurements in
    environments such as border control, information security, physical
    access control, financial transactions, time and attendance, law
    enforcement, and other civil and government applications.

    For further information please contact Mr. Norton, at phone (703)
    250-0206.

**********

http://www.ibia.org/privacy.htm

                           IBIA Privacy Principles
     1. Biometric data is electronic code that is separate and distinct
        from personal information, and provides an effective, secure
        barrier against unauthorized access to personal information.
        Beyond this inherent protection, IBIA recommends safeguards to
        ensure that biometric data is not misused to compromise any
        information, or released without personal consent or the authority
        of law.
     2. In the private sector, IBIA advocates the development of policies
        that clearly set forth how biometric data will be collected,
        stored, accessed, and used, and that preserve the rights of
        individuals to limit the distribution of the data beyond the
        stated purposes.
     3. In the public sector, IBIA believes that clear legal standards
        should be developed to carefully define and limit the conditions
        under which agencies of national security and law enforcement may
        acquire, access, store, and use biometric data.
     4. In both the public and private sectors, IBIA advocates the
        adoption of appropriate managerial and technical controls to
        protect the confidentiality and integrity of databases containing
        biometric data.

**********

More information about the cypherpunks-legacy mailing list