The Science and Technology Committee of parliament have issued an inquiry into the current and future uses of biometric data and technologies. The IMPRINTS research outcomes contain ample information that is relevant to the committee, and Professor Liesbet van Zoonen submitted this evidence to the committee yesterday.
BIOMETRICS: CONCERNS AND NEEDS AMONG THE BRITISH PUBLIC
Written evidence submitted by IMPRINTS, an EPSRC funded research project in the Global Uncertainties agenda (EP/J005037/1) conducted by Loughborough University, University of Essex, Northumbria University and the University of Dundee. The research team has examined public attitudes towards new identification and authentication technologies, among which biometrics. This memorandum is written by Professor Liesbet van Zoonen of Loughborough University. IMPRINTS has no ties with any social, political or commercial organisation that have a stake in biometric data and technologies. www.imprintsfutures.org
- For the British public, biometrics are the most controversial and worrying of all means of authentication (cards, passwords, pincodes, etcetera);
- The experience with biometrics that the UK public have is mostly limited to air travel (to the US in particular);
- The combination of little direct experience with considerable worry leads to an easily ignited public opinion;
- Concerns about biometrics as a technology is connected to a more general need for appropriate procedures for the management of personal data, expressed in particular as a need for:
a. Legitimacy (people want protection against function creep and data leakage)
b. Control (people want to know which data are collected, where they are kept and how they can be corrected)
c. Choice (informed consent, opt-in choice for sensitive data, general opt-out choice)
d. Trust (engendered by transparent procedures)
e. Free privacy (people are concerned about privacy becoming a luxury item)
f. Personal responsibility (people feel they need to do more themselves as well)
- These concerns combine into four distinct attitudes towards biometrics, i.e.
a. Privacy advocates (biometrics has a high risk of privacy breaches)
b. Conservative techies (biometrics is efficient for security purposes)
c. Safety champions (biometrics is a safe option for personal identity management)
d. Casual adopters (people shouldn’t worry so much)
- Given that biometrics is a controversial technology, transparency of procedures, mechanisms of user control and opt-in/out alternatives are key to the implementation of potentially beneficial biometrics schemes.
The IMPRINTS research has examined a diversity of current and future identification technologies and assessed that the general worry is usually not with the particular kind of technology, but rather with the personal data that people exchange with public and private organisations, with other people, and increasingly with ‘things’ (phone, tablet, laptop, car, etc.). The exception to this rule is biometrics, towards which people feel a double concern, namely with the technology itself, and with the personal data it produces. In this memorandum we address both issues, on the basis of the research we conducted in 2013 and 2014 among members of the British public. The research is particularly suited to answer the questions of the committee regarding the key challenges in developing, implementing and regulating new technologies that rely on biometric data and regarding the effectivity of current legislation.
3. Current experiences with biometrics
According to the national representative survey conducted by IMPRINTS in 2013, the majority of UK citizens has no direct experience with using biometrics for authentication yet. One third of the population has been exposed to biometrics, predominantly at airports, where people go through body scans or have their iris scanned. Travel to the US was mentioned specifically as a situation where one is subject to biometric authentication.
Our research furthermore shows that of all the different identification and authentication technologies that people use, biometrics is the only type that causes a distinct set of concerns: some people strongly associate fingerprint technology and face recognition with crime contexts and therefore don’t like the usage of these forms of biometrics in their own situations. Other people strongly feel that remote biometrics in particular are used without knowledge and consent of the people subjected to associate biometrics with state control and surveillance (face and gait recognition through CCTV for instance).
The combination of relatively minimal direct usage of biometrics and strong cultural associations produce an undercurrent of concern among members of the public that is easily triggered by concrete cases of abuse or failure of biometric authentication, and by the introduction of biometrics in context where it is thought inappropriate (e.g. schools, the home) or unnecessary (e.g. leisure). In combination with popular images and stories of biometrics as offering infallible surveillance and control opportunities, public opinion in this area easily turns into anxiety and reluctance.
4. Concerns and needs for the future
With regard to future developments, we asked people about concerns and need for governance and regulation of biometrics and other forms of identity management. Their views can be summarized in terms of legitimacy, control, choice, trust, monetization and personal responsibility.
4.1 Legitimacy - People are concerned whether their personal data is acquired and stored at the right level and whether appropriate data segregation and ‘contextual integrity’ is arranged. Such concerns speak most strongly in association with biometrics, which for some is particularly associated with state power and control, crime and terrorism prevention and civil liberties infringements. Many of our respondents wanted separate data systems for separate purposes, with access limited according to purpose and consent. Nevertheless there is also a considerable group who think that people who had nothing to hide ha d nothing to fear either.
4.2 Control - The desire for more control over one’s own personal data speaks throughout our research; people would like so which information about them is available online, and they would want to give active consent to the usage of their data. Some people feel that this is particularly relevant for biometrics, where it seems that each new development in remote biometric technologies takes away control from people, in terms of knowing when, where and why data are taken from them and used.
4.3 Choice - In our different conversations with our research participants, it became clear that choice of identity technologies was an important dimension in their taboos and desires for the future. Many new functions were considered acceptable or desirable, provided people would be given a choice to adopt them. Compulsory functions were met with resistance. Informed consent and opt-out strategies were considered crucial for the future. In addition, choice should not be contingent on physical resources; people would argue against compulsory fingerprinting, for instance, that not everybody has fingers, or even hands. Likewise, IM functions that requires a considerable financial investment of their users were met with reluctance; in fact, one of the main fears about future developments of IM was that they would come with considerable costs.
4.4 Trust - our research participants regularly recounted incidents in which data were lost or abused; such stories referred to both government and large corporations. The fear of identity fraud was strong, and it was considered one of the main crimes of the future that need stronger policing. A number of organisations were discussed as being untrustworthy, including the UK government and social network sites such as Facebook. Sometimes an organisation was trusted, but participants still believe disclosing information to them was risky, or perhaps their employees might not be trusted. Rather than citing specific groups who they would be comfortable sharing information with, people talked about the general importance of who would get to see their identity data.
4.5 Free privacy - There was general concern that the secure and safe management of personal data would become dependent on one’s financial resources; people expected that internet services, for instance, would become even more subject to advertising and that their control over their personal data would only be possible if they would pay for it. More than two-third of the survey respondents, for instance, agreed with the statement: “The way things are going, we’re going to have to pay to retain any privacy on the internet in the future.”
4.6 Personal responsibility - People also felt they had a level of personal responsibility to be more careful with their own data, perhaps to counteract the lack of control they sometimes experience with new forms and functions of, especially, biometrics. Such sensible management made people feel more secure; some of our participants thought people who did not act cautiously invited their own data abuse.
5. Attitudes towards biometrics
We found, furthermore, that people combines these overall concerns and needs in four different ways, leading to four specific attitudes:
5.1 Privacy advocates
“With each new development in biometric technologies, users are getting less control over their data, in terms of knowing when, where and why it is used. People can now be identified without their consent, and quite often, without their knowledge. Remote biometrics, like face and gait recognition, intensify this lack of control on behalf of citizens raising concerns on bodily integrity too. It seems that privacy, as we know it, is coming to an end . People are caught in a world where nothing is forgotten as personal data can now be linked irrevocably to their owners. For this, when it comes to identity management, the body should not be seen as a natural password. On the contrary, people should be in control of how their data is collected, stored and used. Most importantly, they must have the right to opt-out from services they do not wish to collect their personal information. Intrusive uses like biometric time clocks in industry or face recognition in social media affecting individual freedom should also be avoided. To counterbalance state surveillance, citizens need to be more active. They have the right to record police action on their smartphones to circulate it on social media afterwards. They should also use any device, such as privacy visors, that could protect them from unauthorized identification while on public spaces. Finally, government arguments in favour of biometrics for efficiency and convenience purposes need to be carefully scrutinized. The promotion of more individualistic models of social life, as all devices will be bound to their owner, undermines community and paves the way for increased monitoring of the population.”
5.2 Conservative techies
“Our bodies are like natural passwords or identity cards that we all carry with us at all times. To this end, biometrics can be a better alternative to the growing number of identification paraphernalia, such as PIN’s or passwords, that people need to memorise. This opens up several possibilities in the use of biometric technologies although not all are desirable. Biometrics seem to be a great way to safeguard personal devices (e.g. mobile phones) from loss or theft. Moreover, they can be used in time clocks to allow companies to have better control of their labour force. However, people should be wary of the possibility of extensive profiling. It is for this reason that biometrics should not be used in domestic settings since they have the potential to disclose sensitive information about their users’ habits. The same applies for the use of face recognition software in mobile devices and social media. On the contrary, biometrics seem a particularly promising technology for security purposes. They are not infallible, since they involve a range of human decisions. However, they do help governments to effectively lock foreign nationals into their identity. To this end, citizens should be supportive instead of jeopardizing biometric technologies by recording police action during demonstrations or altering their facial features with headwear. Biometrics are not about state surveillance. There is strong legislation against linking personal data from different databases for unrelated purposes. As such, negative connotations accompanying certain biometrics (e.g. iris vs. fingerprints) or concerns over community life should not become an obstacle for more efficient applications.”
5.3 Safety champions
“Biometrics can be useful as long as personal data is well protected. They strengthen safety and promote convenience in several contexts. To this end, their use should be embraced instead of thinking that biometrics spell an end on individual privacy for contemporary society. This is a widespread view that needs to be contested since it is also highly inaccurate. Biometrics are used to securely identify individuals. This is particularly important in border control. As a result, digital passports will need to include more biometric information for identification purposes. At the same time, people should be willing to have their person al data shared internationally in an effort to speed up immigration processing in an increasingly globalised world. Data sharing among governments does not mean that states lose control over citizens’ data neither that the process is insecure as it involves human decision-making too. However, people need to be alert to the possibility of having their personal data linked for unrelated purposes. Governments need to be accountable too. For this reason, it is a good thing that protesters can record police action during demonstrations and post the videos in social network sites. It endows citizens with a sense of empowerment over state operations. Biometrics can also be used in domestic settings as the provide solutions to several safety concerns involving children and the elderly. Crucially, biometrics can help improving authentication in social networking sites and increase safety on the Internet. To promote such uses of biometrics, fears over bodily integrity and loss of consent should be addressed. Biometrics should not be seen as tracking mechanisms reducing privacy and undermining community but as technologies for increasing security in a changing world.”
5.4 Casual adopters
“People worry more about convenience and security of transactions than issues of privacy. This does not mean that biometrics jeopardize privacy. This is quite an inaccurate view which is unfortunately widely held. Biometrics are technological solutions to a number of identification problems. For example, a swipe of the hand may be the answer for faster and more secure identification procedures since asking people to remember multiple passwords rarely works. In this vein, biometrics help governments to securely identify mobile and versatile populations. Linking people irreversibly to their identities is crucial in a globalised world. To this end, biometric resident permits can be an answer to immigration problems (26). In tandem with border security, biometrics provide efficient solutions to problems pertaining to identity theft and fraud in financial transactions. It follows that people should be willing to use their fingerprints or face to identify themselves in institutional actors such as banks. Finally, biometrics can be fun too. Face recognition software in mobile devices can be quite useful in several social settings. People should embrace such innovations instead of worrying about their impact on their careers, credit, health and families. Biometrics is a reliable technology which endows people with more control over their personal data. Contrary to popular understandings, it safeguards individual identity without undermining community. “
On the basis of the IMPRINTS research we developed a series of recommendations for design, governance and further research around future means of identity management (see IMPRINTS, 2014). With respect to biometrics we need to acknowledge that it is a controversial set of technologies that evoke different kinds of responses, attitudes and feelings. In addition, particular biometrics may not be suited for people with specific physical features. Ideally, and this goes for all identification and authentication systems, users should be given the choice through which technology they want to share their persona data. While the widespread suspicion of biometric technology cannot be easily resolved, the handling of personal data that results from it can. Our key recommendations for the latter are:
- Encourage providers of identification and authentication schemes to adopt transparent procedures and give users access to and control over their own data;
- Develop an identity management quality label that shows that the identification and authentication schemes follows secure, user-centric and transparent procedures;
- Inform and educate the public about general and specific issues around identification and authentication, leading to more data literacy and secure practices among the public;
- Identify and provide additional services for groups that are vulnerable in terms of (biometric identification and authentication (e.g. elderly, refugees, homeless).
IMPRINTS (2014). What do users want from their future means of identity management? End report, available from www.imprintsfutures.org
 This part of the study was led by Professor Aletta Norval of Essex University.