31 March 2022: Biometrics Institute members, regulators and privacy advocates debated the question whether there is a case for licensing biometric systems in today’s On the Pulse Conversation, putting regulation, legislation and policy at the core of the debate.
“Are we facing the wild west of biometrics again due to a lack of regulation,” asked the Biometrics Institute’s Chief Executive, Isabelle Moeller, “Over the past 20 years we have seen so many positive uses of biometrics as outlined in our 20-year Anniversary Report.”
She gave the example the Boxing Day tsunami in Thailand in 2004 where more than 5,000 people died and nearly 3,000 were missing. In the two years after the event over 3,600 of the deceased had been positively identified by the Disaster Victim Identification (DVI) process using one or more of the primary biometric identifiers.
She went on to say: “We are now seeing a wide-range of biometric use cases evolving that are unregulated and potentially pose risks to our privacy and basic human rights which we need to address”.
The Conversation started with the presentation of two short and sharp viewpoints. Dan Bachenheimer of Accenture referred to existing guidance choosing the UK Surveillance Camera Code of Practice . He pointed to clause 2.4 about “suitably validated facial recognition” asking what that required.
The Institute’s Three Laws of Biometrics promote that you must know your algorithm. Dan highlighted: “It is essential that you do it yourself”. He referenced NIST IR 8280 saying: “Operational implementations usually employ a single face recognition algorithm. Given algorithm-specific variation, it is incumbent upon the system owner to know their algorithm. While publicly available test data from NIST and elsewhere can inform owners, it will usually be informative to specifically measure accuracy of the operational algorithm on the operational image data, perhaps employing a biometrics testing laboratory to assist.”
Pam Dixon from the World Privacy Forum followed asking what lessons we could learn from other industries that already use licensing and other controls before allowing states and organisations from introducing or developing facilities or services. She referred to the example of the global toxic chemical safety model as outlined in her paper Biometric ecosystem regulation.
Roger Baldwin, Advisory Council Member of the Biometrics Institute then moderated the conversation between the Southern hemisphere’s former Human Rights Commissioner Ed Santow, the UK Biometrics and Surveillance Camera Commissioner Fraser Sampson and United Nation Counter-terrorism Executive Directorate’s Anne-Maria Seesma.
The conversation started off by asking what the goal of regulation should be? Are we clear about the purpose? What are potential consequences of not putting regulation in place?
Could licensing help to address the current imbalance between the pace of technological innovation in biometrics and the lack of meaningful legislation in most countries?
The conversation referenced the House of Lords Justice and Home Affairs Committee 1st Report of Session 2021–22, Technology rules? The advent of new technologies in the justice system which had just been released.
Clause 44 was highlighted: “As part of rationalisation, the Government should establish a single national body to govern the use of new technologies for the application of the law. The new national body should be independent, established on a statutory basis, and have its own budget. The body would have several functions and responsibilities, which we detail in Chapter 5. It should draw on as wide as possible a range of expertise.” Clause 173 then adding: “Minimum scientific standards should be set centrally by the new national body we have recommended in paragraph 44. They should then be transposed into regulations through secondary legislation.”
So, is the genie already out of the bottle? The conversation concluded that we need a human rights-based focus rather than just a data protection focused approach as in some cases data protection will not be able to sufficiently address the risks.
The conversation has been recorded to allow access to an even wider community including decision-makers in government; regulators; and organisations in charge of or planning to implement biometrics.
The next online On the Pulse Conversations include:
- 3 May 2022: How to verify a face against a document
- 16 June 2022: Public perception of biometrics
- On demand: On the Pulse Conversation on consequences of biometrics
Notes to editors:
The Biometrics Institute is the independent and impartial international membership organisation for biometric users and other interested parties. It was established in 2001 to promote the responsible and ethical use of biometrics and has offices in London and Sydney.
The member register which represents a global and diverse multi-stakeholder community now lists over 200 membership organisations from 34 countries. It includes banks, airlines, government agencies, biometric experts, privacy experts, suppliers, academics and 10 Observers representing United Nations agencies, IGOs and European Union institution
The Biometrics Institute connects the global biometrics community. It shares knowledge with its members and key stakeholders and most importantly, develops good-practices and thought leadership for the responsible and ethical use of biometrics.
For more information, please email Isabelle Moeller: email@example.com