Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.
Visiting Fellow, Department of Computer Science, Australian National University
Prepared for presentation at the Baker & McKenzie Cyberspace Law & Policy Centre Conference on 'State Surveillance after September 11', Sydney, 8 September 2003
Draft of 25 August 2003
© Xamax Consultancy Pty Ltd, 2003
This document is at http://www.rogerclarke.com/DV/Biom030908.html
The accompanying slide-set is at http://www.rogerclarke.com/DV/Biom030908.ppt
This presentation explains why biometrics must be banned. It commences by explaining realities about biometrics and biometric technologies. Its potential uses are classified as being for identification, for identity authentication and for attribute authentication without disclosure of identity. The purposes to which it is put are then discussed, distinguishing overt from covert purposes.
The enormous challenges involved in its practical application are described, including subject knowledge, consent and willingness; information associated with the biometric measure; and supervision. This leads to an analysis of quality factors involving the reference measure, the test measure, result computation, and the spiralling complexity arising from measures, counter-measures and counter-counter-measures. The consequences are tolerance-ranges, and high rates of false-positives and false-negatives, which rebound on the subjects much more than on the scheme sponsors.
Because the extent of 'snake-oil' perpetrated by biometrics suppliers is higher than in many other technology-based industries, attention is drawn to a number of pervasive myths. An outline is provided of conventional applications design, and ways in which is could be applied in a privacy-sensitive manner.
As assessment is then conducted of the impacts and impositions involved in biometrics. These range from impositions and inconvenience for everyone, via the much more serious imposts on those people unfortunate enough to be treated as false positives, to invasions of many dimensions of privacy. Far from solving masquerade and identity theft, biometrics are actually part of the problem. And they lay the foundation for corporations and the State to extend their power over individuals to access denial and outright identity denial.
The protections that are needed against the ravages of biometrics are examined. They include legal frameworks, and laws; features built into technologies and products; process features in the design of biometrics applications; and regulatory measures over technological artefacts and the practices of corporations and government agencies.
It is striking that there is a complete absence of any such protections. There are no statutes in place. Such discussions as are being held are limited to industry associations like the Australian Biometrics 'Institute', whose interest in announcing a process to develop a Code is simply to hold off formal regulation. The public interest is relegated to the role of an onlooker.
Biometrics technologies are far too dangerous for their unregulated use to be permitted. A ban must be imposed on the application of biometrics technologies until and unless a comprehensive and legally enforced regulatory regime has been established.
Paradoxically, this might be the only means of saving an industry that has promised much for years and delivered very little. If the present practices continue, public revulsion will build up and explode, the mood will swing suddenly and substantially, and biometrics will be set back decades. By calling a halt, involving public interest advocates and representatives, and getting genuine controls into place before any further mis-fires are perpetrated, the industry might yet survive and prosper.
My primary working paper on this topic is Clarke (2002).
My working bibliography is available, in the following sections:
My other papers on biometrics are indexed here.
My papers on identity and anonymity are indexed here.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 25 August 2003 - Last Amended: 25 August 2003 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/Biom030908.html