Biometrics Bandwagon Outpacing Privacy Safeguards

Computerworld - Governments and corporations increasingly see biometrics as the primary way they'll identify people in the future. In an age of terrorism and fraud, they hope fingerprint and eye scanning will become the cheapest and most reliable means of verifying that people are who they say they are. But are we ready for this convergence of computers with our flesh and bones? I don't think so. This significant intrusion into our personal space needs a heightened level of privacy protection that most organizations have only just started to envision.

Biometric technologies have long attracted the imaginations of screenwriters and science fiction authors. Brave New World, the James Bond movies, 2001: A Space Odyssey and Minority Report all feature fantastic scenarios of biometric tracking and verification. But high costs and accuracy problems have kept biometrics from leaving this realm of fantasy.

That is, until 9/11.

The terrorist attacks on the U.S. prompted governments around the world to start seeking better ways of monitoring the flow of people across their borders. All eyes quickly turned to biometric authentication as the solution. Now, more than 20 countries are building digital fingerprints and facial patterns into their new passports and driver's licenses (see story).

Businesses are jumping on the government's biometric bandwagon. Private industry has long sought a better way than passwords to authenticate return customers. This is because passwords are costly to reset, and users often choose weak, crackable passwords. As a result, IMS Research predicts that the biometrics market will grow 68% per year through 2010. The dawn of the age of biometrics seems to be upon us.

But there's a problem: The public may not be ready for it. The most common reaction people have toward biometrics—once the "cool factor" has worn off—is a reluctance to allow this level of intrusion into their personal space.

It's one thing to be asked to volunteer a password. It's quite another to allow your body to be scanned and have the results be recorded and used by complete strangers. For those of us who haven't been on a reality show, our natural reaction to these scanners is one of self-protection and modesty.

I have a deeper misgiving about biometrics. Because they promise to be much more cost-effective and reliable than traditional authentication methods, I expect businesses will want to adopt biometrics-only authentication, discarding expensive traditional methods.

But would you want to live in a biometrics-only world? Imagine if you needed a fingerprint scan to board a plane, access your bank account, receive medical care or check out at the grocery store. Three types of system failures could make your life miserable: a failed match, a mistaken match and stolen biometrics.