Biometrics are the automated recognition of an individual based on their characteristics.
There are many different types of biometric information commonly split into two categories:
- Biological biometrics refer to parts of the body that are unique for example our fingerprints, face, irises, hand geometry and even body odour.
- Behavioural biometrics involve human activities including keystroke patterns, signatures, speech patterns and how a person walks.
As biometric information is unique to an individual, it is a more effective and reliable method of identifying and verifying an individual.
Regardless of how biometric information is used, it is personal information and requires protection.
Types of Biometrics
Biometrics are generally used to confirm a person’s identity. However, there are multiple uses for biometrics. Broadly these are:
| Verification (one-to-one matching) | This involves comparing an individual’s biometric characteristics to data already held in a system about the individual to confirm the identity of that person (for example, using a fingerprint or facial recognition to access a computer or smart phone). For one-to-one matching, generally the individual has previously provided their biometric data for future verification. In some instances, verification can occur manually, for example a passport photograph can be compared to the actual face of an individual, rather than needing to access a database. Verification can also occur without the individual having to actively take part in the process. For example, using voice recognition to verify an individual, thus streamlining customer service processes by avoiding traditional security methods like answering questions to security questions. |
Identification (one-to-many) | This involves comparing an individual’s biometric characteristics to similarly categorised data held in a database to determine the identity of an unknown individual. The aim of a one-to-many system is to identify a person by producing a match from the database. There are limitations to one-to-many systems as a specific individual’s biometric data may or may not be in the database at all. Law enforcement heavily rely on the one-to-many system when identifying a suspect through a fingerprint or DNA sample in their criminal databases. |
Categorisation, profiling or monitoring | This involves interrogating biometric information to gain insights about individuals or groups. |
How do Biometric Systems work?
Most biometric systems have three steps:
- Enrolment - this involves using hardware and sensors to record an individual’s biometric characteristics to enrol in a database. The initial registration of data creates a biometric template which then becomes the reference for future use.
- Storage - this involves using biometric system databases to retain the enrolled information.
- Comparison - this involves using software to compare biometric templates. The software analyses the biometric characteristics, turns the information into a data point (for example a graph or code), and performs comparisons.
Benefits of Biometrics
The use of biometrics has its advantages:
| Better user experience | The user experience is easier and more streamlined without having to remember passwords or answers to security questions. Their fingerprint or face is scanned and access is granted by verifying their biological biometric data. |
| Improved security | Biometrics provide increased levels of security and assurance for both the user and the provider. As the data is the user’s biological data, it is hard to lose it or share it, safeguarding access only to the individual. For the provider, using biometrics data verifies the individual is a real person, not a robot. |
| Non-transferable | As biometric data is unique to an individual, it cannot be transferred or shared. |
| Non-invasive technology | From a verification perspective, using biometrics is relatively non-invasive. After the initial enrolment of data, the verification happens in the systems background. It takes next to no time and effort for the user. |
| Reduced risk of data imitation | As biometric data is unique to an individual it is very difficult to replicate, fake or steal. |
Disadvantages of Biometrics
Despite the advantages, the use of biometrics also has some disadvantages.
| Data breaches | Data breaches can still occur. Therefore, businesses and governments that collect, use and store biometric information need to protect against data breaches. As biometric data is unique and hard to replace, it needs to be treated with increased security and caution. |
| False Results | Biometric verification and identification systems are not perfect and errors can occur. Biometrics can produce false match and non-match results. A false match is where an individual can be wrongly identified or wrongly denied access to an account or system. This can have considerable implications. There are also risks that biometric technologies can be less accurate for some demographics. |
| Costs | Biometric data systems can be costly to implement. Significant investments in technological infrastructure and devices that support biometric information are required to accommodate the use of biometric data. |
| Tracking | A permanent digital record can be left by a user when biometric information is converted into data and stored. These records can be used for tracking purposes. |
Privacy concerns
There are some privacy concerns with the use of biometrics. Fundamentally, people have a right to be left alone to do their own thing or keep their actions, discussions, movements and information free from public knowledge. This may not be possible with the use of biometrics in society.
Understandably, people have concerns that the use of biometrics, will invade their privacy. For example, the use of facial recognition technology can create risks of mass surveillance and profiling individuals. This privacy concern is compounded when biometric information is collected without consent and without the individual’s knowledge or authorisation.
To alleviate the concerns of the public, businesses and governments need to consider whether unvetted use of biometrics is required to fulfil its operations. If so, how will that biometric information be protected?
Alternatively, individual’s ability to exercise choice and control is removed if they are unable to interact with an agency or access a service without agreeing to biometric identity verification. Additional protocols should be considered to ensure services are diversly accessible.