Slashdot Mirror

← Back to Stories (view on slashdot.org)

Biometrics and User's Rights?

Posted by Cliff on from the protecting-your-bio-data dept.

cornjones asks: "Does anybody know anything about biometrics and user rights? I am supposed to give a handscan to my building for gym access. I don't really have a problem w/ this persay but I want some sort of assurance as to what the scans will be used for (and that they will be deleted fully when I leave). It may be a bit paranoid right now but these scans don't change over your life and the trend is towards these scans being used for more and more applications. I talked to the VP and he said he would sign a privacy doc if I could find one. I did a little searching and I haven't found anything good. Does anybody know of any groups or papers on protecting the use of biometric identifying information?"

3 of 31 comments (clear)

  1. Holy Shit by seigniory · · Score: 5, Insightful

    Dude, stop! Not everyone is out to get you. Not everyone wants the leftover DNA from your underpants. Your Thumbprint means nothing. If someone really REALLY wanted to fuck you over, they'd have done so already. Wait until they ask you for a universally accepted method of identification before freaking out. I've never had to sign a lease or car loan by thumbprint yet, so it obviously isn't binding yet. Fox Mulder does not exist. Scully is hot. Good night, you folks have been great.

    1. Re:Holy Shit by ShaunC · · Score: 5, Insightful
      Not everyone is out to get you. Not everyone wants the leftover DNA from your underpants. Your Thumbprint means nothing.
      As much as I wish I could believe this, I don't; depending on where you live, your thumbprint can mean a great deal and law enforcement is chomping at the bit to get it.

      No, I'm not some paranoid delusional. They've tried to pass a law here where anyone who buys or sells any item at a pawn shop would be required to provide their fingerprints to the pawn shop. The fingerprints would then be turned over to the police (who, no doubt, would put them into the NCIC database). Yes, that's right; private transactions between private companies and private individuals would require fingerprints turned over to the cops. We aren't talking guns here, we're talking CD players, cubic zirconia rings, gold necklaces, all the various stuff you find in pawn shops.

      The "logic" behind this proposal is that thieves often fence stolen goods at pawn shops; thus pawn shop customers often purchase stolen goods, either intentionally or unintentionally. By requiring that every pawn shop transaction be accompanied by fingerprints, stolen property and those responsible for its theft could supposedly be tracked down more easily. At the same time, the police could add to their fingerprint database of "persons of interest" - that eerily Doublespeak new category which means "they're not even a suspect but we're watching them anyway."

      Well, that's a grand idea at first glance. The problem is that pawn shops have plenty of legitimate customers as well - think eBayers - who aren't doing anything wrong and do not deserve to be treated like criminals. It would be easier to track down stolen property if every transaction required you to donate a blood sample. It would be easier to track down stolen property if a law was passed requiring a Lo-Jack device in every tangible good. Hell, it would be easier to track down stolen property by forbidding anyone but the government to sell things to the public. Just because something makes crimes easier to solve, doesn't mean it's a good idea!

      My point is that, at least in the USA, people are supposed to be innocent until proven guilty. We're supposed to be protected from unwarranted search and seizure. I'd certainly consider mandated fingerprints at the pawn shop to be unwarranted seizure of those fingerprints. Unfortunately there are a lot of people out there who believe that the ability to solve/prevent crime trumps all other rights. There are a lot of people who believe that outlawing guns will stop murder, or that making non-DRM-compliant computers illegal will stop piracy. You get the idea.

      Wait until they ask you for a universally accepted method of identification before freaking out.
      And then what? Either you provide that ID or you don't get hired? Either you provide that ID or you can't buy gas for your car to get to the job you don't have anyway? Either you provide that ID or the grocery store charges you more for food than they charge those who do provide that ID? Think fast: which one of those is already taking place? Who do you think is getting access to your purchase records from the grocery store? I'll save you the trouble, and quote from the article (emphasis mine):

      The saga began with a misguided fit of patriotism mere weeks after the World Trade Center and Pentagon attacks, when a corporate employee handed over the records--almost literally, the grocery lists--to federal investigators from three agencies that had never even requested them. In a flash, the most quotidian of exchanges became fodder for the Patriot Act.
      Still not concerned about private companies having your personal data? s/grocery store/your company/g and s/grocery lists/biometric information/g if you don't see the problem. Suppose one day someone in your company's HR department decides to "fight terrorism" by donating every employee's retina scan to the FBI - that's not a problem? It's going to happen sooner than later. Believe me, I never thought I'd see the day when grocery stores tracked individuals' purchases, much less the day when the entire database was willingly handed over to the government.

      Further, a lot of biometric devices (and even manual techniques like fingerprint dusting) are susceptible to forgery. Perhaps not as much as they used to be, but still plenty enough to make me nervous. As biometrics become more pervasive, what happens when the grocery store requires your thumbprint, or voiceprint, or retina scan, etc. in order to check out? Suddenly they have a copy of the very "key" that gets you into your office at work, disarms your home's security system, authenticates your bank transactions, and even puts you at the scene of a crime. Sorry, but I'll keep my thumbprint to myself.

      If someone really REALLY wanted to fuck you over, they'd have done so already.
      No, if someone really REALLY wants to fuck you over, you aren't going to know about it until it happens. If someone wants to try it on me, I'd prefer that they not have access to my fingerprints, my grocery bills, or anything else that's my own goddamn business.

      Shaun
      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  2. The problem with biometrics by Kj0n · · Score: 5, Insightful

    The biggest problem with biometrics - as I see it - is that you only have one set of biometric data. This means that when a handscan is used to identify you at both the gym and at the place you work, this data can be linked. It will be possible for two organisations to cooperate and see if they have any members in common. A big brother-like environment is not far away, when the government starts getting interested in the biometric data collected by various organisations.

    Of course, you have the same problem when you give your home address or phone number, but these things can be changed, while changing your handscan is not easy to do.