On the Ethics of Biometric Systems
A biometric system is a system that allows the recognition of a certain characteristic of an individual using mathematical algorithms and biometric data. Biometric data are physical or behavioral human characteristics that can be used to digitally identify a person to grant access to systems, devices, or software. Some examples of biometric systems are Face ID facial recognition software on Apple devices or the plethora of fingerprint scanner systems on other smartphones.
Biometric systems allow for lots of benefits for users most notably ease of use in authentication of devices. Many ethical dilemmas exist in the realm of biometric data.
For example, how should biometric data be stored?
One line of thinking would be to store biometric data like other forms of data, on a central database or server. The problem with this idea is that by storing many people's biometric data in one place, that server/database becomes a large target for malicious actors. Another way to store biometric data is to store it on the user's own device. This is how Apple’s Face ID stores its biometric data. On a very high level, the biometric data is stored separately from the operating system. This increases security as the only system that has access to the biometric data is the Face ID application itself. Also, there is no longer a large central target as users' biometric data is stored on an individual basis. Another way to store biometric data is the idea of distributed data storage. In this method parts of the data are stored on local devices and the rest is stored on a server. This increases users’ security as in order to authenticate a user multi-location verification services must take place.
Another example, how should a person's biometric data be collected and used?
Suppose there is a wanted criminal in your city. In an effort to catch the criminal the local police have started a new initiative where all traffic cameras in the city have facial recognition software running on them allowing for the identification of all who drive past a traffic camera. This initiative is successful and the criminal was arrested, but now the police have a surveillance system collecting biometric data on unknowing citizens. The police could use this system to hand out 20% more tickets as they are able to identify people speeding or see when they're on their phone driving. Is it ethical to collect this data and use it against a person without the knowledge and consent of the user? Another part of this dilemma how long should the police keep this data? Their initial goal was to catch the criminal, once that is accomplished should the system and data collection ceases to exist?
As technology and biometric sensors wearable devices continue to improve, the collection of biometric data will only increase. How we use this data must be based on ethical decision-making in order to use biometric data responsibly.
