Emilio Mordini, MD (University of Rome La Sapienza) and MAPhil (Pontifical University S.Thoma)
18 December 2014 11:14 GMT

If questioned about the most recent trends on biometric privacy and ethics, my natural reaction would be to think of challenges posed by technological research and new applications. Resisting the science fiction-like allure of new technologies, I would like instead like to mention a minor event which was, however, one which has the power to summarize all key elements of an epoch.

On 3 November, a court in Virginia Beach (VA, US) ruled that a defendant can be forced to give up his fingerprint, but not his passcode, to allow police to unlock his mobile phone (Commonwealth of Virginia v. David Charles Baust – Docket No.: CR14-1439). As per the Virginia court decision, biometrics was not protected by the “privilege against self-incrimination”, which states that that accused persons cannot be compelled to incriminate themselves.

This principle, deeply rooted in most Western legal systems, would not apply to biometrics but applies to passcodes. There are several reasons of interest in this decision; unfortunately discussing them in depth would require much more room than the few paragraphs of this short note. My goal then is just to provide an outlook of the major issues revealed by this decision.

At the most basic level, this legal case shows that we are still far from understanding and foreseeing all the legal implications of biometrics. As biometrics penetrate several different contexts and enter common usage, we are going to discover that they are overturning most current legal and societal standards.

I expect that the most affected areas will be mobile biometrics, biometric payments, health care biometrics, and video analytic applications.  In all these areas, I expect that biometrics are going to oblige us to rethink standards and to reflect on current legal and privacy practices. 

At a deeper level, this case shows something which is still more important, ie, as biometrics are increasingly used for data securitization and  protection, we are going to be faced more and more with an inherent contradiction between the sensitiveness of biometric data and the need to make these data available for law enforcement and forensic purposes.

No society could afford a systerm whereby citizens generate their own private “codebooks”, which are unbreakable by authorities. It is easy to predict that forensic biometrics will be one of the main arenas, including the very complex and nuanced issue that concerns nature and reliability of biometric evidence in a court.

Finally, at the deepest level, the Virginia court decision is significant because of the argument used to differentiate between passcodes and biometrics.  According to the judge, “the defendant cannot be compelled to divulge through his mental processes the passcode for entry. The fingerprint, like a key, however, does not require the witness to divulge anything through his mental processes”.  

What is protected by law - stated the court - is the right to conceal mental contents, and consequently not to make a testimonial statement against oneself, while biometrics are equaled to a key held by the individual. Interestingly enough, this decision clears up an old misunderstanding according to which biometrics are identifiers based on what one is.

“Being” and “identity” are very highly metaphysical, and problematic, concepts and we’d better to avoid using them. According to the ISO standards (ISO/IEC JTC SC37), there is no need to make any reference to “what one is”, which is a question worthy of a theologian more than an engineer.

If policy makers and legislators (including those who are currently writing the new European directive on privacy and data protection) thought of biometrics in more “lay” and pragmatic terms, this would surely help to solve many current privacy and ethical controversies, including those raised by emerging cognitive and behavioral biometrics. 

Return to the index ….. Or read the next review