Exclusive: Responsible biometrics are a matter of choice

Alex Zarrabi, departing CEO of Touchless Biometric Systems calls for manufacturers to take a responsible approach to biometrics.

Biometrics are the only way to truly identify a person. Everything else (passwords, cards, mobile phones) can be passed onto another person and can’t guarantee the bearer for sure. There is no alternative to certify identity, which protects against its theft. Yet a major 2020 study confirmed large public caution on biometrics adoption. Why is there a debate? What are the responsible answers? What should the role of manufacturers and organisations be?

Fear, a powerful feeling

Emotions tend to run high, some accuse biometrics of threatening our privacy and way of life, often pointing at face recognition as an enabler of mass surveillance. Interestingly, the same people may gladly use biometrics on their phones day in, day out; or at immigration gates, for the comfort and convenience it offers. It matters to understand the base of fears and to propose responsible answers that satisfy all stakeholders.

Uneven legal landscape

Fast-evolving technologies are ahead of the legal framework. Biometrics are no exception. Where empowered, the civil society may influence the laws, yet it takes years for rules to be ratified and enacted. Additionally, different cultures have a different perception of what is intrusive. For both reasons, we find today diverging public acceptance and governance around the usage, collection, or storage of biometric data. Where China advertises mass face recognition, Europe and multiple US jurisdictions have banned it in public areas. Others have not taken a strong legal position.

Two pillars for successful biometrics

As users of biometrics, we all agree on the convenience of being identified without carrying a token or memorising a password. Hygiene of touchless biometrics is equally appreciated and in increasing demand. The key objections to biometrics are twofold. First, users don’t like being identified against their consent. Second, they fear that their immutable biological identifiers – in the wrong hands – could be used to impersonate them. Whenever these concerns are solved, biometrics are quickly adopted, as evidenced by their spread on mobile phones or for home access applications. Hence, organisations must ensure that the consent-based and safe storage aspirations are met.

Proportionality concept

France’s CNIL has pioneered data privacy regulations since 1978 and serves as a global regulatory reference. The proportionality concept it advanced has influenced the wider European data privacy approach. It restricts the public use of biometrics to critical applications, with a strong emphasis on user consent. In my opinion, the core rational is that the risk of compromising citizens’ immutable biological identifiers in case of data breach is too high to adopt biometrics in common applications. A pendant is avoiding latent traces during capture. Gladly technology has evolved and brings answers.

Avoiding identity theft

Touchless capture not only avoids forgery from latent fingerprints, but is also more hygienic. The captured immutable biometric is converted to encrypted data derived from it in an irreversible process, just before being imperatively disposed of. Such a solution contains only revocable data, not the user’s actual biometric picture. If compromised, this data will not allow to reverse engineer the original finger or iris picture and can be easily revoked or discarded. The key point is that the original capture is never stored.

Ensuring consent

Traditional palm, iris or fingerprint biometrics require user’s consent. Wide area fingerprint sensors and high-resolution optical methods capturing the face or the iris at an ever-increasing distance, make it possible to identify users without their awareness. Face recognition on cameras usually identifies quite indiscriminately, which fuels the passionate debate around it.

There is no way around these concerns, but to only deploy consent-based capture methods. It is further recommended to offer an alternative option, such as an RFID card, for those still not willing to enrol in a biometrics device. In our experience, the convenience of the safe technology rapidly increases its adoption rate.

A fundamentally ethical question

Depending on where you operate, one could easily find lucrative markets and eager customers keen on unleashing the power of biometrics to debatable ends. The question is not about opportunity, but about what kind of society we want to enable for our fellow citizens and our children and how to implement solutions that support that vision. The argument that technology is agnostic, that the application makes it good or bad does not hold in my eyes. I believe that responsibility starts at the design board.

Responsible by choice

At TBS, we took a fundamental stance: create technology to make lives better, not to restrain citizens’ freedom. We call it Responsible Biometrics. We choose to operate in an inclusive way, to benefit the wider community. Under this ethical principle, decision-making becomes very straightforward, which is precious to any innovation-centric venture like ours. The framework guides everything we do: from product design to data collection, storage, management, working principles, packaging and more.

We never store pictures of actual biometrics, do not allow transfer of clear pictures to other systems, provide tools for GDPR compliance, use advanced encryption and more to guarantee privacy. The choice of responsibility influences not just the technology but everything. For instance, we implemented remote work and reduced our commute footprint many years ago, or cut the plastic content of our packaging by 99%. It pushes to be creative and is today in our DNA.

Responsibility is a differentiator

Here is a fascinating story. Years ago, we looked into on-the-fly identification. The only viable solution was face recognition on CCTV cameras, easy to develop and still legal. To enable privacy, we chose to invent a consent-based alternative. It looked out of reach, but we set our minds on giving the control back to the users. In January 2022, TBS launched the 3D FLY, the world’s only consent-based true on-the-fly biometrics.

Nowadays, a growing number of jurisdictions restrict or ban public face recognition, which makes the 3D FLY a uniquely compliant solution. It puts TBS in an incredibly differentiated position and is a testimony that doing the responsible thing for the society has many rewards. It is a moral story in a way.

We are proudly responsible, by choice!

For more information, visit: tbs-biometrics.com

This article was originally published in the March 2022 edition of International Security Journal. Pick up your FREE digital edition here.