Privacy Objections To Biometrics

Barry Shaw

09/16/13 02:44pm

We're looking into adding Biometric Access Control products into our line, particularly fingerprint readers, and wondered if anyone had encountered issues regarding privacy concerns? Specifically objections from workers not wishing the company to hold employee fingerprints in a database. Any thoughts from the legal minds among us? It would help to anticipate any potential problems first.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | 09/16/13 02:58pm

Hello Barry:

It seems that many implementing biometrics sidestep legality concerns by making adoption "voluntary" vs. "compulsory".

For example at a local US Air Force base, an employee has the choice to use a fingerprint reader, OR they have the choice to ring a guard 30 minutes prior to a shift, wait for the guard to arrive, have credentials manually validated, and then they are escorted through the opening.

Obviously, the adoption of the biometric reader option is 100%.

John Honovich

IPVM | 09/16/13 03:39pm

24 Hour Fitness uses fingerprints for its ~3 million members and while a google search revealed a few internet complaints, it's been used for more than 3 years without any major problem / significant objection.

Barry Shaw

In reply to John Honovich | 09/16/13 03:42pm

Thanks John. I'm thinking more along the lines of Unions getting involved. Still ultimately that's up to the customer to sort out, I was just looking to see if any precedents had been set or court rulings made.

Thumbnail usa shield

Luis Carmona

IPVMU Certified | 09/16/13 05:45pm

It may be a matter of exactly how the fingerprint information is stored. We're an integrator who uses Facekey fingerprint products. According to Facekey, fingerprints are converted to an encrypted algorithm before they are stored in the database. The fingerprint itself is not at snap shot picture, and there's no way a fingerprint can reconstructed from the database, even if the encryption key was broken, since it's an algorithm and not a picture.

John Honovich

IPVM | In reply to Luis Carmona | 09/16/13 06:25pm

Pretty much every fingerprint provider I have ever seen claims to do the same thing (stored as encrypted pattern rather than image).

I am not as confident that there is 'no way a fingerprint can be reconstructed from the database'. If you knew the encryption type, key and method the fingerprint provider mapped the print, you should be able to recreate.

Thumbnail usa shield

Luis Carmona

IPVMU Certified | In reply to John Honovich | 09/16/13 06:57pm

May be a possibility, I'm not a mathematican or cryptologist, but I have a feeling it would not be any more insecure than your date of birth and social security number which is on file with your employer. I think those are at more risk than fingerprint data.

For example, and maybe a little off topic, but I feel maybe puts in perspective the risks to "private" information; when I worked in the mailroom of another business in my early work experiance, the business office would give us copies of the list of employees so we could sort incoming mail. We'd get a new list every now and then and throw the old one out. One day it occured to me that there were social security numbers along with names and departments people worked in. I mentioned it to someone and soon after the reports were generated without the social security numbers.

John Honovich

IPVM | In reply to Luis Carmona | 09/16/13 06:59pm

There are certainly many security risks. Indeed, I think that floating social security numbers and credit card info is a far more common, practical risk than anything related to access control.

Barry Shaw

09/16/13 06:46pm

Thanks for the responses. Interesting topic though right?

John Honovich

IPVM | In reply to Barry Shaw | 09/16/13 06:49pm

Interesting indeed. I suspect fingers are culturally less sensitive than faces or eyes/irises, which people tend to hold more personal than a fingertip. For example, I think a face reader would draw more privacy concerns. Indeed, the US FTC's recent best practices for facial recognition puts restrictions on its use.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Barry Shaw | 09/16/13 07:04pm

I believe it is going to be increasingly difficult for someone to 'conscientiously object' to biometric authentication.

In your example, a Labor Union may object to 'being forced' to have biometric details gathered/stored in a database, but how many of those Union members voluntarily use biometrics credentials elsewhere in life - like (John H mentions) at the gym, on cars, or on a personal smartphone/ laptop?

When there is willingness to use biometrics in one aspect of life, righteously objecting to others appears to be a slippery slope.

Top Comment Votes - Past 3 Months
  • 1. John Honovich - 1339
  • 2. Chris Dearing - 369
  • 3. Jon Dillabaugh - 354
  • 4. Sean Nelson - 352
  • 5. Brian Rhodes - 272
  • 6. Michael Miller - 221
  • 7. Greg Cortina - 201
  • 8. Marty Major - 193
  • 9. John Bazyk - 193
  • 10. Ethan Ace - 184
  • 11. Ari Erenthal - 160
  • 12. Brian Karas - 150
  • 13. Sean Patton - 138
  • 14. Michael Silva - 118
  • 15. Joshua Hendricks - 105
  • 16. Jay Hobdy - 92
  • 17. Michael Gonzalez - 85
  • 18. Ross Vanderklok - 82
  • 19. bashis mcw - 81
  • 20. Brandon Knutson - 72
Manufacturers
Tools

BestMatch

Camera Calculator

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact