Biometric data poses grave risks to privacy


Around the world, governments are succumbing to the allure of biometric identification systems. To some extent, this may be inevitable, given the demands and expectations placed on modern states. But no one should underestimate the risks these technologies pose.

Biometric identification systems use individuals’ unique intrinsic physical characteristics — fingerprints or handprints, facial patterns, voices, irises, vein maps or even brain waves — to verify their identity. Governments have applied the technology to verify passports and visas, identify and track security threats and, more recently, to ensure that public benefits are correctly distributed.

Private companies, too, have embraced biometric identification systems. Smartphones use fingerprints and facial recognition to determine when to “unlock.” Rather than entering different passwords for different services — including financial services — users simply place their finger on a button on their phone or gaze into its camera lens.

It is certainly convenient. And, at first glance, it might seem more secure: someone might be able to find out your password, but how could they replicate your essential biological features? But, as with so many other convenient technologies, we tend to underestimate the risks associated with biometric identification systems. India has learned about them the hard way, as it has expanded its scheme to issue residents a “unique identification number,” or Aadhaar, linked to their biometrics.

The Aadhaar programme’s primary goal was to manage government benefits and eliminate “ghost beneficiaries” of public subsidies. But it has now been expanded to many spheres: everything from opening a bank account and enrolling children in school to admission to a hospital now requires an Aadhaar. More than 90% of India’s population has enrolled in the programme. In India, the government wanted to enrol a lot of people quickly in the Aadhaar programme, so data collection was outsourced to small companies with mobile machines.

But serious vulnerabilities have emerged. Biometric verification may seem like the ultimate tech solution, but human error creates significant risks, especially when data-collection procedures are not adequately established or implemented. If a fingerprint or iris scan is even slightly tilted or otherwise wrongly positioned, it may not match future verification scans. Moreover, bodies can change over time — for example, daily manual labour may alter fingerprints — creating discrepancies with the recorded data. And that does not even cover the most basic of mistakes such as misspelling names and addresses.

Correcting such errors can be a complicated, drawn-out process. That is a serious problem when one’s ability to collect benefits or carry out financial transactions depends on it. India has had multiple cases of lost entitlements, such as food rations and wages for public-works programmes, as a result of biometric mismatches.

If honest mistakes can do that much harm, imagine the damage that can be caused by fraud. Police in Gujarat recently found more than 1 [Thin space] 100 casts of beneficiary fingerprints made on a silicone-like material, which were used for illicit withdrawals of food rations from the public distribution system. Because we leave fingerprints on everything we touch, we are all vulnerable to such replication.

Manual replication is the tip of the iceberg. Researchers have created synthetic master prints that enabled them to achieve a frighteningly high number of “imposter matches”.

Further risks arise during the transmission and storage of biometric data. Once collected, biometric data are usually moved to a central database for storage. They have to be encrypted while in transit, but the encryptions can be — and have been — hacked. Nor are they necessarily safe once they arrive in local, foreign, or cloud servers.

A French security researcher accused two Indian government websites of leaking thousands of IDs, including Aadhaar cards. That leak has now reportedly been plugged. But, given how many public and private agencies have access to the Aadhaar database, such episodes underscore how risky a supposedly secure system can be.

Of course, such vulnerabilities exist with all personal data. But exposure of someone’s biometric information is far more dangerous than exposure of, say, a password or credit card number, because it cannot be undone. We cannot, after all, get new irises.

The risk is compounded by efforts to use collected biometric data for monitoring and surveillance, as is occurring in China and elsewhere. In this sense, the large-scale collection and storage of people’s biometric data pose an unprecedented threat to privacy. And few countries have anything close to adequate laws to protect their residents.

In India, revelations of the Aadhaar programme’s weaknesses have largely been met with official denials, rather than efforts to protect users. Worse, other developing countries, such as Brazil, now risk replicating these mistakes as they rush to adopt biometric technology. Given the large-scale data breaches that have occurred in the developed world, these countries’ citizens are not safe, either.

Biometric identification systems are permeating every facet of our lives. Unless and until citizens and policymakers recognize and address the complex security risks they entail, no one should feel safe. — © Project Syndicate

Jayati Ghosh is professor of economics at Jawaharlal Nehru University in New Delhi, executive secretary of International Development Economics Associates and a member of the Independent Commission for the Reform of International Corporate Taxation

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Jayati Ghosh
Jayati Ghosh
Jayati Ghosh is one of the world's leading economists. She is professor of economics at Jawaharlal Nehru university, New Delhi, and the executive secretary of International Development Economics Associates (Ideas). She is a regular columnist for several Indian journals and newspapers, a member of the National Knowledge Commission advising the prime minister of India, and is closely involved with a range of progressive organisations and social movements. She is co-recipient of the International Labour Organisation's 2010 Decent Work Research prize

Related stories

Durban city manager says NPA erred in his bail conditions

The corruption-fraught metro is coming to grips with having a municipal manager who is on bail for graft, yet has returned to work

Hawks swoop down with more arrests in R1.4-billion corruption blitz

The spate of arrests for corruption continues apace in Gauteng and the Eastern Cape.

Ailing Far East Rand hospital purchases ‘vanity’ furniture

Dr Zacharia Mathaba, who purchased the furniture, is a suspected overtime fraudster and was appointed as Gauteng hospital chief executive despite facing serious disciplinary charges

Why crooks are shivering in their boots

Ace Magashule’s anxiety has to do with the array of arrests of high-profile people facing fraud and corruption charges

Union calls on top cop to act ‘swiftly’ against his deputy in R191m ‘blue-lights’ fraud case

Deputy police commissioner Bonanga Mgwenya allegedly received gifts, including payments towards her BMW X5, from the firm that won a lucrative police contract

Vincent Smith the first to head to court after blitz of Hawks arrests

Former ANC MP Vincent Smith has appeared in the specialised commercial crimes court on charges of corruption and fraud

Subscribers only

Toxic power struggle hits public works

With infighting and allegations of corruption and poor planning, the department’s top management looks like a scene from ‘Survivor’

Free State branches gun for Ace

Parts of the provincial ANC will target their former premier, Magashule, and the Free State PEC in a rolling mass action campaign

More top stories

Malawi court judges win global prize

Members of the small African country’s judiciary took a stand for democracy to international approval

Durban city manager says NPA erred in his bail conditions

The corruption-fraught metro is coming to grips with having a municipal manager who is on bail for graft, yet has returned to work

Why anti-corruption campaigns are bad for democracy

Such campaigns can draw attention to the widespread presence of the very behaviour they are trying to stamp out — and subconsciously encourage people to view it as appropriate

Tax, wage bill, debt, pandemic: Mboweni’s tightrope budget policy statement

The finance minister has to close the jaws of the hippo and he’s likely to do this by tightening the country’s belt, again.

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday