Commentary: Clearing 3 sources of confusion over biometrics key to assessing costs and benefits of its usage

We've seen it happen with 5G, vaccination and nuclear power. And now, biometrics is becoming the next target of an increasingly biased public debate about new technology. 

These implicit biases, which draw beliefs about emerging technology due to its full capabilities being unknown, go on to influence our perceptions of everything from smartphone apps to flight instruments used to pilot an aircraft. 

As these technologies expand, we hear more radical and opposing views. They reject biometrics on the grounds that it may be used to oppress people, and by conveying dystopian examples we find in works of science fiction. 

Those arguments end any possibility of debate, even if biometrics actually cover a vast field of potential use cases. 

This then leads to a belief that new technology is better than current options, but risks favouring emerging technologies that are unproven, resulting in radical and poorly argued stances that divide public opinion and hack away at people's trust in scientific and technical progress. 

Many technologies can be used for the wrong reasons. However, that does not mean we should not use them — it means we need to have an objective appreciation of their benefits and proceed with a decision accompanied by full knowledge of circumstantial facts and limitations. 

Refusing to consider cost-benefit analysis would prevent our societies from advancing forward and leveraging the power of new technologies.

So how can we cool the heated debate and make a rational cost-benefit analysis of biometrics technologies that have proven applications to provide enhanced security and improved user experience in today’s fast-evolving, digital-first world? 

In my mind, the first thing to do is to clear up three sources of confusion. 

WHAT IS BIOMETRICS REALLY? 

First, we need to agree on the meaning of the word "biometrics", which is sadly starting to take on negative connotations and conjure up totalitarian images of mass surveillance. 

In fact, there's nothing inherently negative — or even particularly new — about recognising a person from their physical characteristics. Using thumbprints, fingerprints, iris, or other facial characteristics for identification has long been used by governments and institutions worldwide. 

In the second millennium BC, the ancient Babylonians pressed the tips of their fingers into clay to record business transactions, although it was not until the late 19th century that progress in forensic science would make fingerprinting a standard police practice around the world. 

There's no denying that the permanent and uniquely individual nature of biometric data puts it in a class of its own. But that doesn't automatically make it more sensitive than other types of personal information. 

Biometrics technology simply automates and enhances this process using advanced algorithms and measurements. 

You would probably be much more concerned about someone hacking your smartphone's GPS records or discovering the user ID and password for your bank account, than you would about revealing the shape of your face — which is probably all over the internet anyway. 

The real concerns are not about the nature of the biometric data itself, but about new ways of analysing that data and how those capabilities could be used or misused.

AUTHENTICATION VS IDENTIFICATION

This brings us to the second source of confusion. 

There are basically two uses of biometric data — authentication and identification — and they have little to do with one another. 

Authentication is about providing a secure way for an individual to prove their identity, and there are no particular concerns about that. Barely a voice was raised when biometric passports were introduced, and many of us are more than happy to use our faces or fingerprints to unlock our telephones. 

But biometric identification is another matter, and it’s distorting the public debate to such an extent that some people are starting to confuse the two. Identification is about identifying a person in a crowd, for example, without any action on their part, and in some cases without their consent. 

With ongoing Personal Data Protection Act (PDPA) or General Data Protection Regulation (GDPR) regulations, the potential misuse or mishandling of this data can infringe upon an individual’s privacy rights, and concerns regarding how the data is stored, who has access to it and how is used must be addressed to build trust with the community.   

As we know, misuse of these types of applications — both for identification and authentication purposes — comes with risks attached, such as invasion of privacy, disclosure of sensitive information and restriction of individual freedoms. 

But these risks are no more serious or unavoidable than the risk of misuse of many other technologies. It is crucial to establish strong legal and regulatory frameworks for the collection, storage, and use of biometric data. 

Transparency, informed consent, data protection measures, and regular audits are necessary to ensure that biometric identification is implemented responsibly and respects individuals' rights and privacy. 

There's a downside to cars or the internet or prescription drugs, but society chooses to limit the risks through a combination of regulation and technical improvements. 

The same should be true for biometrics. Technological progress, in areas such as data encryption, combined with tighter regulation can provide adequate safeguards to limit the risks of misuse. 

Another important way to ensure the responsible use of these tools is to support an ecosystem of trusted players which combines state-of-the-art biometrics know-how with a strong commitment to work within a clear and comprehensive ethical framework. 

Indeed, this is the thinking behind Transparent, Understandable and Ethical (TrUE) biometrics, an initiative officially launched by Thales that builds trust for both users and service providers as it continues to lay out our commitments to the development of TrUE biometrics technologies. 

Be it from validating payments via digital recognition to accessing a health monitoring system with biometric brain-computer interfaces, Thales continues to develop highly secure solutions whilst proving our capacity to offer both reliability and convenience. 

RISKS VS BENEFITS 

The third thing muddying the biometrics debate is confusion about new technologies in general. 

Public opinion, in certain countries at least, attaches disproportionate attention to the risks versus the potential benefits, thus preventing us from making a balanced assessment. 

One may say it’s a matter of precaution, but how prudent is it to stymie new efforts to protect millions of people from identity theft? 

How prudent is it to allow criminals to exclusively leverage new technologies and the potential of our digital societies, and to limit that same access to law enforcement simply because a risk exists — however small and however manageable that risk may be. 

Singapore has been at the forefront of leveraging biometric technology in various applications. 

The Immigration and Checkpoints Authority (ICA) has implemented an automated immigration clearance system that uses facial recognition to identify and authenticate travellers quickly and provides efficient and secure border control measures. 

Aside from that, Singapore’s National Digital Identity (NDI) system known as SingPass, incorporates biometric authentication such as fingerprints or facial recognition, to access a host of government services securely online. 

As always, trade-offs over the use of technology require a nuanced, balanced assessment based on facts as well as principles. 

ABOUT THE AUTHOR: 

Patrice Caine is the Chairman and CEO of Thales Group, a French engineering multinational corporation.