Once so expensive that it was used only by the military or high-tech companies, biometric technology has become so commonplace that even some schools and hospitals are using it. Its adoption could make sensitive information more secure than conventional identification cards or passwords, which can be easily forgotten, lost or hacked. But it also has the potential to undermine privacy, which has been greatly compromised by recent revelations about government surveillance of phone and Internet communications.
In fact, biometrics are not as safe as is often thought. A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy. For example, people leave their fingerprints on everything they touch, which makes those fingerprints available to any determined spy or law enforcement agent. Experts have shown that fingerprints and other markers can be copied, giving hackers and thieves access to private information. And once compromised, fingerprints cannot be reset, like passwords, or replaced, like passports.
If proper safeguards are not put in place, the use of some biometrics, like facial-recognition technology, can also be used to conduct intrusive surveillance of individuals or groups of people by governments and private companies. Using facial-recognition software to match databases of photos with images from security cameras in public spaces and private buildings can help law enforcement agencies spot and track dangerous criminals. But the same technology can just as easily be abused to target political activists or protesters. Retailers could use such systems to snoop on their customers’ shopping behavior so that they could later target specific ads and offers to those customers. Facebook already uses software to determine whether photos that users upload to the site contain the images of their friends, though the company does let users opt out of the system.
Even as the use of such technology has expanded rapidly, there has been little public debate about its use. Most federal and state laws do not directly address the collection and use of biological markers by businesses and the government. Some lawmakers, like Senator Al Franken, Democrat of Minnesota, have asked government agencies and companies like Apple and Facebook to explain how they use biometrics. But Congress must do more by enacting legislation that governs how this technology is used, to make sure it does not compromise privacy rights.
This article has been revised to reflect the following correction:
Correction: September 21, 2013
An earlier version of this editorial misidentified the government agency that is developing facial recognition technology to use in crowds of people. It is the Department of Homeland Security, not the Federal Bureau of Investigation.