Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do You Own Your Own Fingerprints? (bloomberg.com)

Posted by EditorDavid on from the unique-identifiers dept.

Slashdot reader schwit1 quotes an article from Bloomberg: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers -- voice, heartbeat, grip -- as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.

There's one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward... Under the Illinois law, companies must obtain written consent from customers before collecting their biometric data. They also must declare a point at which they'll destroy the data, and they must not sell it... "Social Security numbers, when compromised, can be changed," the law reads. "Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."

7 of 67 comments (clear)

  1. Of course you dont by Anonymous Coward · · Score: 4, Informative

    Once it's put into the system just assume everyone has access to it.

    Just because it's supposedly secure now doesn't mean someone wont in the future get in.

  2. Yes by Anonymous Coward · · Score: 5, Funny

    I'll give you my fingerprints when you pry them from my cold, dead hands.

  3. Depends on the country by prefec2 · · Score: 4, Informative

    In the EU the data is private and must be handled privately. It can also not been transported out of EU, except in other save countries. Surprisingly due to the PrivacyShield treaty the US is declared to be save. Unfortunately they have no such standards.

    1. Re:Depends on the country by Kindaian · · Score: 4, Informative

      Also, the EU regulations state that the data should be handled just to fulfull the requirements of the service rendered.

      Additionally, if the data is exported to the US it still needs to comply with all EU regulations. The fact that the data moved to a different country has no bearings on what the companies can do with it (they still need to apply the EU regulations).

      And if they use 3rd party services for some internal processes that have access to the data, those 3rd party also need to comply.

      It is not a "out-of-eu regulation" free card.

  4. Do you own your identity is the question? by Jack9 · · Score: 4, Interesting

    Currently, that appears to depend on where you live and the laws of that land.

    If a fingerprint is recorded as a pattern, can you own that pattern? The answer is no. Practically and legally in the US.
    Then an alternate pattern (approximation) will be used and so on...

    What about your DNA sequence? What about your hair after a haircut? The answer is no over a long enough time period. Nothing about you will be deemed to be owned by you until the state has ruled it so and then the state ignores that ruling anyway in the interest of convenience or justice or whatever reason dejour until the concept fades. Get used to it, make your money where you can in the meantime, copyright your fingerprints.

    --

    Often wrong but never in doubt.
    I am Jack9.
    Everyone knows me.
  5. Re: You don't own anything by ooloorie · · Score: 4, Informative

    Ownership of anything is defined by power, and unless you have more power than the government you live under, they can take anything from you at anytime.

    No, ownership is not "defined by power", it is defined by mutual agreement. The more you define ownership by power, the more totalitarian society becomes.

  6. Stop using them by markdavis · · Score: 4, Interesting

    >"Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."

    Which is why fingerprints should never be used for biometrics.

    Using fingerprints and allowing a third-party to have access to that data is unacceptable. Fingerprints are left everywhere and can be collected and accessed without your permission. Once collected, that data will NEVER be erased or restricted, regardless of claims or laws. They will like go or leak into huge databases and shared between various government agencies and used however they want for as long as they want. With every crime investigation, you will be searched without probable cause.

    There is only one safer and practical biometric I know of- that is deep vein palm scan. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of the biometric all over the place. When you go to use it, you know you are using it every time. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using.

    Example: http://www.m2sys.com/palm-vein...

    We all need to realize that IT IS NOT EVERYONE'S BUSINESS WHAT WE ALL DO. And you can't trust latent biometrics with security.