Revision of Privacy expectations around biometrics from Thu, 04/24/2008 - 04:43

Stephen Wilson's Babysteps

Ideas to demystify identity, privacy, authentication and safety online.

Here's one of the most bizarre lines I've ever seen in biometrics and national security:

 

Fingerprints 'not particularly private,' security czar says

Edmonton Sun, Thu 10 April 2008

http://www.edmontonsun.com/News/Canada/2008/04/10/5244996-sun.html

The U.S. homeland security czar says Canadians shouldn't fear plans to expand international sharing of biometric information such as fingerprints. Michael Chertoff says a person's fingerprints are like footprints.

"They're not particularly private," Chertoff said yesterday during a visit to Ottawa."Your fingerprint's hardly personal data, because you leave it on glasses and silverware and articles all over the world."

 

But so what if I leave my fingerprints lying around? Is there no room for a presumption of privacy on my part? If I try to have a quiet conversation in a park then I expect some privacy, even if my voice might be picked up by a sensitive microphone at a distance.

Then consider the legal status of something that is lost. In some jurisdictions, it is not simply a case of "finders keepers"; there is an offence called "theft by finding". If I accidentally drop a thousand bucks and someone picks it up, then it is still my money. So ... if I drop my personal diary and it's found by a stranger, I think I still have a right to privacy. And I should think that expectations for privacy of fingerprints left on glassware might similarly be entirely reasonable.

I also leave DNA all over the place. How soon before national security people say that's public too?

And even if fingerprints are left lying around in public, I have a strong sense that someone else going to the trouble of picking them up, scanning them, digitising them and running checks to track my whereabouts represents a continuum of privacy invasive secondary uses.

Finally and rather ironically, the reasons given for saying fingerprints are not private amount to an argument that they're really not much good for security.


Stephen.

Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards. Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy.

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I