There has been a lot of concern lately about privacy as it relates to biometrics. The recent ICE facial recognition incident is a good example of what can happen when government agencies are given carte blanche with this technology.
In case you haven't heard, US Immigration and Customs Enforcement (ICE) was recently the target of major criticism after being found harvesting US driver's license photos from DMV databases and using them in their facial recognition systems to target and deport undocumented immigrants.
This is the danger of facial recognition technology. It's an incredibly powerful identification tool that, without proper regulations in place, has the potential to virtually destroy privacy in the physical world.
To see where this can lead, look at China. Virtually every one of China's 1.4 billion citizens is enrolled in the government's extensive facial recognition database, allowing the country's 200 million surveillance cameras to automatically identify and track citizens anywhere they go.
The Chinese government is using this surveillance network to profile ethnic minorities in the country, who have been under persecution for decades. In this case, facial recognition has created a major violation of personal freedom and is a terrifying example of what can happen if we allow such technology to go unregulated.
Facial recognition: tracking made easy
The biggest danger of facial recognition is that, unlike other biometrics (which require a dedicated biometric scanner to identify you), facial recognition software can be implemented in virtually any run-of-the-mill surveillance camera.
For example, the New York Times did an experiment where they took standard surveillance cameras and turned them into facial recognition tracking devices for under $100, and it was completely legal.
Additionally, once a camera is equipped with facial recognition software, all it needs is a picture of you to identify and track you. ICE used driver's license photos that they got from DMV databases, but the NYT simply used photos of people they found on the internet.
This is the risk facial recognition creates: since our faces are always exposed — and pictures of our faces very easy to get a hold of — they can be easily captured and uploaded into facial recognition databases without our consent.
The need for biometric privacy laws
This is why we need regulations preventing governments and corporations from taking our biometric data without our consent. Because without such regulations, they can automatically identify and track us everywhere we go. And that is a risk to the core tenants of a free society.
Fortunately, there are various major privacy regulations popping up around the world that protect biometric data. Chief among these is the GDPR, which covers biometric data extensively.
But in the US, there is no federal privacy law, and biometric data is still largely unprotected in most states. This is the point the New York Times was trying to prove with their experiment: since most states don’t have laws protecting biometric data, virtually anyone can use this technology to legally track you in public. And that's just creepy.
Certain states, however, are pioneering data protection in the US. Illinois, for example, was the first state to enact a biometric privacy law — the Biometric Information Privacy Act, or BIPA for short. Out of several states that ICE requested driver's license information from, Illinois was the only state that turned them down.
(Keyo is headquartered in Illinois, and as a privacy-focused biometric, is fully BIPA-compliant.)
However, biometric data is still largely unprotected in most states, and as facial recognition technology rapidly evolves and becomes more widespread, the need for a federal privacy law becomes increasingly important.
The pros and cons of biometrics
What makes biometrics potentially dangerous is the same thing that makes them useful: they are unique to you, and they are relatively permanent.
Biometrics use your own body to identify you, which makes them very secure and convenient. Unlike keys, cards, fobs, or passwords, your biometric code is always with you, so you never have to worry about losing or forgetting it.
The downside is that you can never change your biometric code. If someone gets ahold of your password, you can simply change it. But if someone uploads your picture into a facial recognition database, you can't simply change your face.
This is why it's critical that no one else is able to access your biometric code in the first place. That said, counting on perfectly secure systems is not a reasonable way to go about life. If your biometric data is taken without your consent, from a photo or otherwise, it should not be able to be repurposed into a surveillance tool.
This is the core differentiator between facial recognition and a privacy-focused biometric such as palm vein. With Keyo, even if someone had perfect, medical-grade imagery of your hand, a biometric surveillance system would still not be able to identify you as you walk down the street, as it can with facial recognition.
Palm vein: the biometric only you can access
There are two different types of biometrics: internal and external.
Most biometrics fit under the "external" category since they use an identifier that is on the outside of your body. Fingerprint, facial recognition, and iris scan all fit under this category.
The problem with external biometrics is that, since they're exposed to the outside world, it's easy for them to be captured without your consent.
This is why, at Keyo, we use an internal biometric: your palm-vein pattern. Unlike other biometrics, this pattern is concealed inside your body, and can only be captured when you deliberately scan your palm at a Keyo terminal. This is why palm-vein is uniquely privacy by design.
And since Keyo has explicit consent built-in, our use of palm vein technology is in line with privacy regulations around the world, making it the safer choice for both users and businesses.