Biometrics, Ownership and Privacy?

symbolic asks: "I just finished watching a small segment of World Business Review on PBS, where the topic of discussion the use of biometrics by employers to not only provide confirmation of identity, but as something to drive other parts of the operation - like tracking employee time. Briefly mentioned were face and iris scans, but as I was watching a picture of someone's iris, I realized that once an employer has captured a scan of your iris (or any biometric data), who has control over it? Does it become part of the cesspool of information trading that occurs between business and government entities? Will trading of someone's biometric information become as ubiquitous as their address or phone number. Is there any reason we should be concerned about this? I'd like to hear what others think about this." Ask Slashdot has previously approached the Biometrics topic for technical issues, but the privacy issue of such data has yet to be addressed. How do you feel about biometric data (or any data derived from your physical makeup, like your genome) being used as another commodity (like your address) in the corporate data exchange?

Database Nation

[sydney]

The book, Database Nation by Simson Garfinkle delves into this little considered topic. He asserts that biometric information is not owned by the individual, but by the organization that collects your information. Similar to the fact that you do not own your name, you do not own your retinal pattern information.

Quite scary, if you ask me.

John Anderton

[martyn+s]

In Minority Report, when Tom Cruise's character was running away, he was bombarded by ads that would scan his eyes.

"Hello, John Anderton, you look like you could use a Guinness right about now."

"John Anderton, wouldn't you rather be driving a Lexus?"

After a little bit, all you heard was "John Anderton" over and over in many different voices. Spooky.

re:biometrics

While there may be plenty of other reasons in the world to be concerned about privacy, iris scans and other biometrics DO have a baseline protection built in to the method by which they are implemented: Your actual iris image is NOT supposed to be stored and sent to some central computer. Instead, a code (like a hash function but usually referred to as a "template") is derived from your iris that is useless by itself and connot be inverted to produce an image of your iris. Therefore, you don't have to worry about your "biometric password" being compromised once and never being able to be used subsequently....

Re:What's really in a fingerprint?

[casio282]

Even if there is no data intrinsic to the metric, its potential to be a perfect, perpetual, and inescapable key to all the data that *is* known about an individual is rather frightening.

But even if it isn't so perfect, if, as was argued in the New Yorker a couple weeks back, fingerprints (for example) can in fact "lie", there are still some chilling possibilities. The article may be describing a failure of the method rather than the theory, but it has already ruined countless (and perhaps uncountable) lives...With newer biometric technology, especially in a mass-market implementation where the hardware might not be top quality, and operators might not be the most highly-skilled, there is plenty of room for error. With consequences that could range from the simply embarassing to the really rather awful...

Re:Yes!

[Relic+of+the+Future]

Just a nit-pick, but you can't reconstruct the patterns in a person's eyeball with their DNA, for the same reason that identical twins have different fingerprints. It's not something that's in the genes.