Biometrics, Ownership and Privacy?

symbolic asks: "I just finished watching a small segment of World Business Review on PBS, where the topic of discussion the use of biometrics by employers to not only provide confirmation of identity, but as something to drive other parts of the operation - like tracking employee time. Briefly mentioned were face and iris scans, but as I was watching a picture of someone's iris, I realized that once an employer has captured a scan of your iris (or any biometric data), who has control over it? Does it become part of the cesspool of information trading that occurs between business and government entities? Will trading of someone's biometric information become as ubiquitous as their address or phone number. Is there any reason we should be concerned about this? I'd like to hear what others think about this." Ask Slashdot has previously approached the Biometrics topic for technical issues, but the privacy issue of such data has yet to be addressed. How do you feel about biometric data (or any data derived from your physical makeup, like your genome) being used as another commodity (like your address) in the corporate data exchange?

Sharing of biometric data

[Todd+Knarr]

Myself, I wouldn't like it. But the company should like it even less. Think about something here: what's your company's policy on employees giving out the keys to restricted areas? It's probably a termination offense. Now, suppose the company uses biometric data to control access to restricted areas. Isn't giving out that data exactly giving out the keys to those restricted areas?

And if that biometric data is also required by law to be used for things like controlling access to bank accounts, where there's legal penalties for third parties who mishandle the access-control information, the company could face some nasty legal LARTs from employees if the company gives out access-control information for their bank accounts, Social Security accounts, driver's license records and such.

This should give the company legal people migraines for a while. :)

Already done with fingerprints.

[slashkitty]

I work at a bank. They take your fingerprints and share them with the FBI. They do tell you this before they take them, so if your uncomfortable with that, you shouldn't work at a bank. I see no reason why they wouldn't start doing this with other biometric data when it becomes more standard.

I for one feel safer knowing that all the people working at my bank have at least been through a fingerprint check with the FBI. And if a vault is broken into, and they find someones fingerprints, they have a bunch to check.

Now, I certainly hope they don't start selling the information for profit. That seems like it'd be a little harder to do with employee information. However, maybe a customer of a big store? Maybe a window shopper? It certainly has potential to be exploited in other areas.

Your Eye, Their Data

[Saxerman]

Same principles apply as if someone snapped a photo of you. Does the photographer or the model own the rights to the created image? The photograph is owned by the artist. The image of the model belongs to the model, and the photographer must get permission to publish. Permission is usually, "I wave all rights in regards to my image in this photo for the some quantity of cash." Once such permisssion is granted, the photographer is free to do as they like with the photo.

Hold Firm

[OYAHHH]

If you give anything out without legal guarantees to it's dissemination you can bet it will be distributed.

Even with legal guarantees they have to be on your terms otherwise they will just change the rules on you, i.e. Yahoo and your privacy settings...

Just give a retinal scan to your bank with their standard contract for a checking account and the next time you try to fly on a plane using a retinal scan you can bet with almost 100 percent certainty that you will be bombarded with offers especially tailored to how much cash (and or credit line available, etc.) you have in your checking.

The only way to get around this crap is for everyone to draw a line in the sand and refuse to give it.

Mankind has survived thousands of years without the need for this invasive type of "security" and I hope I never see this biometrics thing happen in my lifetime because I certainly feel as though my privacy has already been abused to no end.

I don't need another ad for another of ACME Inc.s crap.

The solution - get a lawyer to draft an NDA

[B.D.Mills]

Disclaimer: IANAL, but I do take the trouble to read all the fine print.

NDA means "Non-Disclosure Agreement". These are common when corporations do business with each other, but rarely used by individuals. So far. We should change that.

What you can put in it is an agreement where the corporation agrees that all your personal information - name, address, biometric info, the details of the business you choose to do with the corporation, the name of your dog, etc. - explicitly remains your property. You can also say that the corporation has no right to sell, trade or otherwise disclose this information to any third party without your prior written consent except where such disclosure is required by law.

So what happens if the corporation breaches this agreement? Here's where your lawyer can get really nasty. You can set penalties in the agreement. You can set the minimum amount of money they must pay you as damages - $10,000 to $25,000 is a good figure - and stipulate that if actual damages are higher they must pay the higher figure. You can require the corporation to undo the damage at their expense, with more penalties if they don't comply within a certain fixed time. You know how hard it is to get off a list once you're on it? Make it THEIR problem - they do the damage, they fix it.

Muhahaha.

To save on legal bills, get your lawyer to draft a single standard agreement that you can use everywhere - your employer, the bank, anywhere you do business. Take back control of your personal information.

Of course, there's no guarantee that this will work - corporations think they have the right to sell your personal information for whatever they can get for it - but there's no harm trying. You might even make some money off it.

Re:Missed the mark by a mile

[cosmosis]

You're attributing way, way too much power to the office of the President. There are many levels and layers of government. In fact, the United States government was designed to insure that it didn't all hinge on one man or one single body of men.

Have you been paying attention to the news lately? The precious seperation of powers you speak of no longer exist in any meaningful degree since our war on terrorism begun. The executive branch has made the largest power grab in American history. Already the executive branch no longer requires the oversight of the judicial branch it carrying out many of its policely duties. The 4th ammendent has already been nullified by the Patriot Act, no longer requiring a warrant or criminal investigation for you to be searched without notification. The first ammendement has come under increasing attack, people are being held (and even tortured) without due process, habeus corpus has been suspended, military tribunals are a reality, the army is now involved in domestic policing (against the law only 1 year ago), biometrics are being used to search and suspect us with out cause prior to the fact (facial recognition), and now the Bush Administration has called to combine 88 seperate agencies in the government into one large single "secret" domestic spying and policing force - a Super Gestapo.

What am I missing? hmm. What are you missing?

Hope springs eternal

Of course they will use it otherwise. Your bank
will get your biometric data which includes your
DNA and that will be shared with their insurance
co "for a better rate". They might already have
your DNA; were you in the military?

Sooner or later, they will check
it BEFORE you get hired. Sorry, you don't fit
the profile for the "benefit package".

Your data will be in the big Homeland Security
engines. See here, it says your are a terrorist
and this is YOUR eye scan. No, they won't be
able to cross reference it to your email, cc
purchases and cell phone locator. Where did
I put that swamp?

Or maybe your local supermarket will start using
it for checkout. Now your local police can pull
up a list of people who bought beer and cross
reference it with accidents that day. It's all
good, right?

Re:The biggest problem with biometrics.

[Cognitive+Dissident]

See, you can change your credit card number, or your email address. You can even move someplace else. But you can't change your biometrics. Hopefully movies like Minority Report will provide some Good FUD about biometrics, so people realize that this information should be kept as private and closely-guarded as their own life.

Warning:
The biggest problem with biometrics is this: While it is true that you cannot change your biometric data at will that is not the same thing as saying that it cannot change. Retinal scans use the pattern of blood vessels in your eye for example. THIS CAN CHANGE. No shit. Major physical changs in your body, like going on a major health bender and training (getting a lot of exercise), or for women just getting pregnant, can cause blood vessels to move aorund in your body. Hands (used by some biometric systems), eyes (used by rtinal scans)... anywhere. Of all the current biometric systems I think only fingerprints are known to be farily constant over a lifetime. The layperson thinks their body is in a 'static' state once they reach maturity but this is just not true. Ask medical professionals. All of these biometric technologies are headed for trouble as people start to rely on them for years and the natural changes in their bodies start to occur. One day you'll show up for work after a few weeks vacation at a health spa and your retinal scan will not work. It'll be a real-life version of 'The Net' I guess.