In the last several years, biometrics have developed a reputation for being "creepy," with many privacy concerns and legal issues surrounding them.
The core problem here is consent. Facial recognition, for example, has received a lot of criticism from privacy advocates because it allows surveillance cameras to automatically identify you from a distance — without ever having asked your permission to do so.
This creepy and invasive technology is the reason for all the recent controversy regarding biometrics.
In Europe, biometrics are highly regulated. The GDPR has a strict set of rules that companies must adhere to, or they risk facing massive fines. The main rule here is that the user must give their explicit consent in order for their biometric data to be collected — making it illegal for facial recognition systems to automatically identify you without your permission.
But in the US, there is still no comprehensive federal privacy law regulating biometrics, and in most states, automatic face recognition is still legal.
As part of their "Privacy Project" campaign, the New York Times recently did an experiment where they created a fully-functional facial recognition system — 100% legally — for about $60. They were able to easily identify people using only photos of them found on the internet.
Pretty creepy, right?
And while facial recognition is the most extreme example, this is true for all external biometrics.
Fingerprint, for example, has one major flaw: you leave your fingerprints on everything you touch. Law enforcement has used this for decades to identify suspects at the scene of a crime, but your fingerprint can also be easily collected by criminals in order to forge your print and fool fingerprint scanners.
Iris scan has similar vulnerabilities. This biometric has already been deployed in various airports around the US, allowing travelers to avoid the long security lines by scanning their eyes. However, despite it being considered secure enough to be used for airport security, iris scan isn't foolproof. Hackers have found ways to fool iris scanners just by using pictures found online.
This paints a bad picture of biometric technologies, but to be fair, they have many advantages as well. Biometrics essentially use your own body to create a code that is unique to you. This allows you to identify yourself quickly and easily without needing anything other than your own body.
The problem is that most biometrics are external to your body. This means that your biometric code is exposed for the entire world to see, making it possible for it to be captured and used without your consent.