Every new technology has its share of naysayers. Trepidation over trying something new is a normal reaction, but it's often based upon misinformation or unfounded beliefs.
Biometric identity solutions are hardly new, but as they've become more commonplace in commercial-grade applications, public concerns persist regarding the technology's suitability for mainstream use. Although most of us don't think twice about using our thumbprint, iris, or face to unlock our smartphone, that comfort level doesn't always translate to other ways in which the technology is now being deployed.
Separating fact from fiction is a necessary step in winning over the public's trust. Here, we'll set the record straight over five of the most common concerns.
(This blog post is part of a series on the most common misconceptions about biometrics).
Concern #1: Biometrics are a threat to personal privacy
Fact: Biometrics can help protect privacy.
Our personal privacy is compromised every day. The internet, social media, unsecured personal devices, many mobile apps; all are culprits. Unfortunately, much of our personally identifiable information (PII), things like our social security number, phone number, email, birthdate, household income, spending patterns, are already out there, ready to be leveraged by marketers, or worse, stolen by bad actors. Connecting a unique, encrypted biometric identifier to our records makes it much harder for anyone to impersonate us and make unauthorized use of our data. For example, suppose credit card holders' biometric signatures were embedded within their cards, and a "match" was required to make a purchase. In that case, card-issuing banks would no longer need to track their customers' spending patterns to identify potentially fraudulent activity. This use of biometrics increases both security and privacy.
Some modalities ensure more privacy than others. The iris – unlike the face – cannot be identified by human operators without the help of technology and cannot be read from publicly available photos. Users must agree to enroll in such systems, and proprietary encryption algorithms prevent unauthorized entities from using this data.
Furthermore, privacy is a function of how PIIs (including biometric signatures) are managed and secured by the entities that deploy them. When biometrics are stored only by individual users instead of in a centralized database – as is done on our mobile devices and with certain European identity and residence cards – there is no risk that an enrolled population's biometric identities can be compromised.