Will we ever be able to trust biometric scanning? Part 2

In part one of this article, we explored the potential barriers to building trust in biometric technology, and looked at the role of standards in developing essential, trust-building regulation. In part two, we look at the different types of biometric technology, the potential advantages, and current calls for fresh legislation.

The different types of biometric technology

There is an important distinction to be made between biometric technology that is operated physically, for example by an individual presenting their face to be scanned, from that which operates remotely without an individual being aware of it.

To illustrate how the same biometric data can be used in a variety of ways, take the example of facial scanning. This technology might be used at passport control to verify the identity of a passport holder. The police might also use facial scanners to match persons of interest against a database – for instance, matching football hooligans in a crowd against known offenders.

Facial scanning may be used in educational settings to provide information about whether students are paying attention, for example when lessons are conducted by video link. In a more sinister application, facial recognition can identify members of a particular minority group so they can be tracked and monitored by an authoritarian regime.

Given the clear potential for misuse or overreach, earning and building trust is essential for any organisation looking to use biometric technology. Organisations looking to build consumer trust need to communicate clearly the advantages, while remaining open and transparent about how biometric data is used.

The potential benefits of biometric technology to consumers

People come to trust what they use regularly, as with biometric systems for unlocking smartphones and other devices. Organizations need to demonstrate the advantages for consumers in using biometric systems, for example:

1. Security. It can be very easy for fraudsters to steal log-in information. Introducing biometric authentication to a log-in process significantly reduces the potential for a data breach.

2. Speed. Placing a finger on a smart phone or keyboard is much quicker than typing out a username and password, resulting in reduced waiting times for administration processes, for example.

3. Improved user experience. Unlike passwords, biometric information can’t be lost or forgotten, which helps to remove friction from transactions.

While the benefits of the technology are potentially significant, robust legislation will be required to safeguard consumers.

A call for fresh legislation

The influential Ada Lovelace Institute recently proposed new legislation on biometric technology, following an independent legal review by Matthew Ryder QC and public engagement research. The institution proposes new primary legislation to address use of biometrics for identification and categorization, with a new regulatory function to oversee and enforce the legislation.

The regulatory body would oversee assessment of biometric technologies to ensure they meet scientifically-based and clearly-established standards of accuracy, reliability and validity and to assess whether their use is proportionate, where used in publicly-accessed spaces or used to make significant decisions about a person.

A regulator would also monitor the development of biometric technology, creating codes of practice and possibly bans and moratoria in some circumstances. Ada also calls for a moratorium on the use of biometric technology in publicly accessible spaces and for categorization in the public sector for public services until comprehensive legislation is passed.

What else could help improve trust in biometrics?

As Matthew Ryder QC’s review identified, the legislation that currently governs use of biometric technology is fragmented and out of date. This means that the legal framework is not able to prevent harms from taking place due to this technology and takes a reactive rather than a proactive approach.

If the public learns of biometric technology through news stories about it being used beyond the bounds of what is reasonable and proportionate, this will accentuate the sense of it being a technology that is inherently sneaky or intrusive. A debate about how the benefits that biometric technology can bring should be balanced with protecting individual freedoms would bring the key issues into the open and establish clarity about what is or is not accessible. Clear legislation would also introduce boundaries beyond which organizations would not be able to stray.

Alongside standards (discussed in part one of this article), this should help to establish the case for biometric technology in playing a positive role in people’s lives.

If you have questions about the standards relating to biometric technology, or any other area of interest, BSI members can get in touch with the Knowledge Centre’s information experts – just one of the advantages of BSI Membership.