FC: What the biometrics industry says about privacy, surveillance

[Declan McCullagh <declan () well com>]

**********
Background:
http://www.politechbot.com/p-01696.html
http://www.politechbot.com/cgi-bin/politech.cgi?name=biometric

Biometric-enabled laptop:
http://www.cnn.com/2001/TECH/computing/02/02/biometric.security.idg
Time magazine on "Welcome to the Snooper Bowl":
http://www.time.com/time/magazine/article/0,9171,98003,00.html

National Basketball Association vows no face-recog at All-Star Game:
http://www.nypost.com/technology/23123.htm
AP article on Utah officials considering face-recog for 2002 Olympics:
http://inq.philly.com/content/inquirer/2001/02/03/sports/OLY03.htm

**********

http://www.ibia.org/pressrelease19.htm

                          Biometrics and Privacy:
                   Industry Policy on Crowd Surveillance

   February 2, 2001, Washington, D.C. --- During last months Super Bowl
   game in Tampa, Florida, local officials conducted a trial that used
   software technology and video surveillance systems to compare fans
   entering the stadium against a database of suspected criminals and
   terrorists.  In view of these events, IBIA and its member companies
   believe it is appropriate to reiterate industry policy on the use of
   biometrics by government agencies, and to offer guidance to any
   entities that are considering the use of biometrics in public places.

   On March 24, 1999, IBIA adopted Privacy Principles that were intended
   to encourage biometric manufacturers, integrators and end users to
   ensure that biometric data cannot be misused.  In announcing the
   principles, Bill Wilson, Chairman of IBIA, said we are acutely
   conscious of the need to protect personal information in any biometric
   application. The industry is taking this step to promote
   self-regulation in the private sector, encourage clarity and
   transparency for users, and provide guidance on matters that may
   require legislative action in the public sector.

   The first IBIA Privacy Principle calls for safeguards that ensure
   biometric data is not misused to compromise any information, or
   released without personal consent or the authority of law.  Concerning
   the use of biometrics in the public sector, IBIA recommends in the
   third Privacy Principle that clear legal standards should be developed
   to carefully define and limit the conditions under which agencies of
   national security and law enforcement may acquire, access, store, and
   use biometric data. The full text of the IBIA Privacy Principles is
   available online at http://www.ibia.org/privacy.htm.

   IBIA members implement these principles by urging users to follow
   three practical steps, says Richard E. Norton, Executive Director of
   IBIA. Our companies recommend that clear signage or other means of
   notification be used to inform everyone that video imaging and facial
   recognition technology are being used in any public area. They also
   advise users that the images should be used only to make comparisons
   against known violators, and in no circumstance should nonmatching
   images be retained in a database once the comparison has been
   conducted. Finally, they remind users that all applications of
   biometric technology must comply with existing law governing the
   storage and use of data by public agencies, adds Norton.

   IBIA was formed in September 1998 and has 27 member companies, and is
   open to all biometric manufacturers, integrators, and end-users who
   agree to abide by the IBIA Statement of Principles and Code of Ethics.
   Biometric technology involves the automatic identification or identity
   verification of an individual based on physiological or behavioral
   characteristics. Such authentication is accomplished by using computer
   technology in a noninvasive way to match patterns of live individuals
   in real time against enrolled records. Examples include products that
   use face, iris, hand, fingerprint, signature and voice measurements in
   environments such as border control, information security, physical
   access control, financial transactions, time and attendance, law
   enforcement, and other civil and government applications.

   For further information please contact Mr. Norton, at phone (703)
   250-0206.

**********

http://www.ibia.org/privacy.htm

                          IBIA Privacy Principles
    1. Biometric data is electronic code that is separate and distinct
       from personal information, and provides an effective, secure
       barrier against unauthorized access to personal information.
       Beyond this inherent protection, IBIA recommends safeguards to
       ensure that biometric data is not misused to compromise any
       information, or released without personal consent or the authority
       of law.
    2. In the private sector, IBIA advocates the development of policies
       that clearly set forth how biometric data will be collected,
       stored, accessed, and used, and that preserve the rights of
       individuals to limit the distribution of the data beyond the
       stated purposes.
    3. In the public sector, IBIA believes that clear legal standards
       should be developed to carefully define and limit the conditions
       under which agencies of national security and law enforcement may
       acquire, access, store, and use biometric data.
    4. In both the public and private sectors, IBIA advocates the
       adoption of appropriate managerial and technical controls to
       protect the confidentiality and integrity of databases containing
       biometric data.

**********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------