Privacy, biometrics, and legislation . . . .
The New York Times has a piece on how computers already identify themselves to networks, a la Intel's new chip. The main point, it seems, is that the battle may already be lost and, one side is saying: "You already have zero privacy -- get over it." (Scott McNealy, the head of Sun Microsystems).
From our point of view, this is a fight that is larger than just biometrics. From the article:
"Privacy groups argue fiercely that the merger of
computers and the Internet has brought the specter of a
new surveillance society in which it will be difficult to
find any device that cannot be traced to the user when it is
used. But a growing alliance of computer industry
executives, engineers, law enforcement officials and
scholars contend that absolute anonymity is not only
increasingly difficult to obtain technically, but is also a
potential threat to democratic order because of the
possibility of electronic crime and terrorism."
You may also have noticed the recent post that the IBIA (the biometric industry association representatives) have achieved full lobbying status. Just in time, apparently.
I think that because Internet biometrics authenticates, rather than identifies, and because the information provided is so inherently personal, it can be handled separately in the debate -- either through seperate legislation, or under special rules in umbrella legislation. Biometric laws can be privacy friendly without infringing on the value that biometric devices bring to electronic communications. That is a harder proposition in the identification field.
For example, Congress could legislate (subject only to certain appropriate exceptions like law enforcement or medical uses) that no raw biometric data (i.e., images) could be used; that no one could have biometrically-derived data taken (i.e., templates) without actively and knowingly providing it; and, that no one can use a biometric template for other than the purpose for which it was given by the individual (i.e., no selling of biometric template data banks to marketers, etc.). Disobey these rules and face criminal and civil penalties. Better that the industry get behind this now -- in concert with the privacy lobby -- than face public rejection later. This has to be done at the national level; the facts of the Internet overwhelm any chance for effective State legislation.
_______________
One more item from the NY Times piece, one that could be commercially ominous: "We're going to start building security architecture into our chips, and this is the first step," said Pat Gelsinger, Intel vice president and general manager of desktop products. "The discouraging part of this is our objective is to accomplish privacy." If Intel wants to build biometric algorithms into future chips, IDX and the its competitors will have a lot less software to sell. |
