THE MIDDLE PATH
The Middle Path

Matrix of Biometrics

Biometrics is the science of using physical (and behavioural) features for identification purposes. The most ubiquitous biometrics we encounter is 'the face'. Every individual has a distinct face, which is used by others to identify/ recognise him or her. Human beings also start recognising voices from the age of three months. Handwriting recognition is part of behavioural biometrics. The most versatile and reliable biometric data possibly comes from human genes. 

Fingerprints were used as signature as early as the 3rd century BC in China. It wasn't until late 17th century that Europeans learnt what the Chinese had known for centuries: fingerprints could be used for identification. In the subcontinent, British colonials demanded natives' fingerprints on documents as early as 1858. It was later adopted as a standard practice for document endorsement. In fact, Bangladeshi rural anecdotes and literature are rife with examples of swindled, poor people who were tricked into giving their fingerprints on deeds and documents they could not read. 

By the 18th century, it was known that thanks to unique physical features of humans, biometrics could provide a comprehensive identity management solution. In the nation state, community-based administration models were in decline, giving rise to the need to register and make searchable each and every citizen. French researcher Bertillion developed a short-lived method of identifying individuals through physical measurements. But his method was superseded by fingerprinting after a cousin of Charles Darwin wrote a full book about fingerprint techniques; and by the end of WW1, the science had been adopted by major militaries and law enforcement agencies of the developed world. 

Since 1969, US detectives have used an 'identikit' (a tool that uses photos of foreheads, eyes, noses, mouths and chins) to reconstruct a face with the help of an eye witness. Biometrics thus became central to the development of criminal history and databases. In 1974, the first commercial biometric device was released. At the 1996 Olympic Games, these devices were widely used for security purposes. Today, biometrics are widely used for identification and security in offices, labs, cultural venues, VIP residences, etc.

Over the decades, three things changed with biometric imprints. First, the types and forms of biometric information, methods of data management and reliability underwent a technological transformation. Today, computer-based fingerprinting, retina scans and voice-controlled electronics are virtually infallible. Facial recognition technology is being rolled out in law enforcement and social media alike. The Japanese company NEC is working to commercially produce a patented, ear scanning technology that could provide round-the-clock surveillance and data flow from wearers. 

The second change concerns the 'meaning' of a biometric imprint. What probably started as a personal signature gradually grew into a legal instrument and then to a mass identification and search tool. With the growing threats of cyber security and identity theft, biometric data has become at least as sensitive as our bank signatures. 

Notions about the 'ownership' of biometric data represent the third major change. With growing computing power dedicated to biometrics, many questions have arisen: who owns biometric data? Can it be obtained without one's knowledge or a warrant? Can it be freely replicated? Can it be used for sweeping surveillance? Can it be sold to corporations? In 2013, the USA saw a lawsuit that challenged people's right to own their own genetic information. This all points to the need for better understanding of biometric property rights, associated privacy norms and security threats.  

While it is quite foreseeable that a Bangladeshi biometrics database will become central to elections, taxation, public services, the legal process, law enforcement and health services – commerce, finances, travel and entertainment and geo-targeted advertising will not be too far behind. With biometrics-enabled, location-enabled smart devices, a steady stream of citizen data will be available to actors in the public and private sectors. 

With biometrics, it is the sensitive nature of the data that raises concerns. The technology links our biological data to computer programmes. Many argue that this opens the doors to Orwellian surveillance by turning our very organs into location and activity trackers. Another grave concern is that once imprinted one's biological features and identifiers stop belonging to him/her. Thirdly, modern technology can easily capture such imprints without the knowledge of people and there is no known safeguard against this. Fourthly, we have the issue of data security. The NSA whistleblowing incident revealed porous borders between government and corporate databases (in the case of Bangladesh, it will be going straight to corporate databases). How will these corporations use biometric data? What oversight will the government retain? What policies/directives will guide it? Given allegations of pilferage of customer data to advertisers, what safeguards have been put in place to ensure data security? How are hacking threats assessed and mitigated? 

Not two weeks ago, some 70 million citizens' fingerprints and passport information was hacked in the Philippines (BBC, April 11). The Bangladesh Bank heist also shed light on the risks of rapid digitalisation. As our commerce, our transactions, our culture, our romances and our entertainment move online, the risk of an attack will only get higher. Noting that a smart, biometric national identity card (NID) will soon be assigned to Bangladeshi citizens, one can conclude that the issue of biometric data in Bangladesh has not been resolved, it is only beginning. 

Owing to low literacy, low Internet penetration, lack of Bangla informational content and invisible control of ICT opinions, Bangladesh's digital journey is cheered on by little citizen enthusiasm. More needs to be done to inform and reassure citizens about regulation of online spaces, surveillance of social media, collection of biometric data and information security. It has also become incumbent upon corporate houses (and their regulators) to raise public awareness on how and to what end the collected data will be used. It is simply not enough and/or mature to claim that critics of biometrics or surveillance have something to hide, or are political rivals. It is high time that domestically, we expanded these discussions from the ICT sector into the mainstream. If a defense of privacy, security and online freedom is to be mounted, it has to start now. 

The writer is a strategy and communications consultant. 

Comments

The Middle Path

Matrix of Biometrics

Biometrics is the science of using physical (and behavioural) features for identification purposes. The most ubiquitous biometrics we encounter is 'the face'. Every individual has a distinct face, which is used by others to identify/ recognise him or her. Human beings also start recognising voices from the age of three months. Handwriting recognition is part of behavioural biometrics. The most versatile and reliable biometric data possibly comes from human genes. 

Fingerprints were used as signature as early as the 3rd century BC in China. It wasn't until late 17th century that Europeans learnt what the Chinese had known for centuries: fingerprints could be used for identification. In the subcontinent, British colonials demanded natives' fingerprints on documents as early as 1858. It was later adopted as a standard practice for document endorsement. In fact, Bangladeshi rural anecdotes and literature are rife with examples of swindled, poor people who were tricked into giving their fingerprints on deeds and documents they could not read. 

By the 18th century, it was known that thanks to unique physical features of humans, biometrics could provide a comprehensive identity management solution. In the nation state, community-based administration models were in decline, giving rise to the need to register and make searchable each and every citizen. French researcher Bertillion developed a short-lived method of identifying individuals through physical measurements. But his method was superseded by fingerprinting after a cousin of Charles Darwin wrote a full book about fingerprint techniques; and by the end of WW1, the science had been adopted by major militaries and law enforcement agencies of the developed world. 

Since 1969, US detectives have used an 'identikit' (a tool that uses photos of foreheads, eyes, noses, mouths and chins) to reconstruct a face with the help of an eye witness. Biometrics thus became central to the development of criminal history and databases. In 1974, the first commercial biometric device was released. At the 1996 Olympic Games, these devices were widely used for security purposes. Today, biometrics are widely used for identification and security in offices, labs, cultural venues, VIP residences, etc.

Over the decades, three things changed with biometric imprints. First, the types and forms of biometric information, methods of data management and reliability underwent a technological transformation. Today, computer-based fingerprinting, retina scans and voice-controlled electronics are virtually infallible. Facial recognition technology is being rolled out in law enforcement and social media alike. The Japanese company NEC is working to commercially produce a patented, ear scanning technology that could provide round-the-clock surveillance and data flow from wearers. 

The second change concerns the 'meaning' of a biometric imprint. What probably started as a personal signature gradually grew into a legal instrument and then to a mass identification and search tool. With the growing threats of cyber security and identity theft, biometric data has become at least as sensitive as our bank signatures. 

Notions about the 'ownership' of biometric data represent the third major change. With growing computing power dedicated to biometrics, many questions have arisen: who owns biometric data? Can it be obtained without one's knowledge or a warrant? Can it be freely replicated? Can it be used for sweeping surveillance? Can it be sold to corporations? In 2013, the USA saw a lawsuit that challenged people's right to own their own genetic information. This all points to the need for better understanding of biometric property rights, associated privacy norms and security threats.  

While it is quite foreseeable that a Bangladeshi biometrics database will become central to elections, taxation, public services, the legal process, law enforcement and health services – commerce, finances, travel and entertainment and geo-targeted advertising will not be too far behind. With biometrics-enabled, location-enabled smart devices, a steady stream of citizen data will be available to actors in the public and private sectors. 

With biometrics, it is the sensitive nature of the data that raises concerns. The technology links our biological data to computer programmes. Many argue that this opens the doors to Orwellian surveillance by turning our very organs into location and activity trackers. Another grave concern is that once imprinted one's biological features and identifiers stop belonging to him/her. Thirdly, modern technology can easily capture such imprints without the knowledge of people and there is no known safeguard against this. Fourthly, we have the issue of data security. The NSA whistleblowing incident revealed porous borders between government and corporate databases (in the case of Bangladesh, it will be going straight to corporate databases). How will these corporations use biometric data? What oversight will the government retain? What policies/directives will guide it? Given allegations of pilferage of customer data to advertisers, what safeguards have been put in place to ensure data security? How are hacking threats assessed and mitigated? 

Not two weeks ago, some 70 million citizens' fingerprints and passport information was hacked in the Philippines (BBC, April 11). The Bangladesh Bank heist also shed light on the risks of rapid digitalisation. As our commerce, our transactions, our culture, our romances and our entertainment move online, the risk of an attack will only get higher. Noting that a smart, biometric national identity card (NID) will soon be assigned to Bangladeshi citizens, one can conclude that the issue of biometric data in Bangladesh has not been resolved, it is only beginning. 

Owing to low literacy, low Internet penetration, lack of Bangla informational content and invisible control of ICT opinions, Bangladesh's digital journey is cheered on by little citizen enthusiasm. More needs to be done to inform and reassure citizens about regulation of online spaces, surveillance of social media, collection of biometric data and information security. It has also become incumbent upon corporate houses (and their regulators) to raise public awareness on how and to what end the collected data will be used. It is simply not enough and/or mature to claim that critics of biometrics or surveillance have something to hide, or are political rivals. It is high time that domestically, we expanded these discussions from the ICT sector into the mainstream. If a defense of privacy, security and online freedom is to be mounted, it has to start now. 

The writer is a strategy and communications consultant. 

Comments