UK govt warned over biometrics use by ex-GCHQ chief
28 November 2014 11:48 GMT

Attendees said new laws might be needed to tackle the increase usage of biometric technology.

Public acceptance of biometrics is on a “knife-edge” and the UK government should develop legislation on the issue before it is overtaken by rapidly evolving technology, a UK Science and Technology Committee heard today in London.

The committee, which launched an inquiry into the potential uses of biometric data in August, held the first of two evidence sessions on the subject on Wednesday. Witnesses drawn from academia, industry and business and civil liberties group told parliamentarians that data security, privacy and public trust were key issues.

“There has to be trust in the technology. There has to be trust in the application. There has to be trust in the procedures for transferring the data, which may be the weakest link in the chain,” said Professor Juliet Lodge, Professor Emeritus at the University of Leeds, who was representing the Biometrics Institute.

“Any breach in any of those areas is going to have an important impact on public trust. … It is also important to make sure people do not think that biometrics are fool-proof,” said Lodge.

When algorithms are being coded by mathematicians and physicists, they are candid about the risks - but these risks aren’t made clear when hardware solutions are presented to end users, warned Louise Amoore, professor of political geography at Durham University.

Attendees said new laws might be needed to tackle the rise of biometric technology.

“New legislation will possibly require a whole new outlook, because the role of biometrics in society is running away from our capability to manage it," said Professor Sue Black, director of the Centre for Anatomy and Human Identification at the University of Dundee.

“We are looking at physical identity and cyber identity, while we have the measure of these identities [in isolation], the barrier between is currently a no man’s land," said Black, adding: “The Internet of Things will require a step change in terms of legislation."

Black said there was a need for overarching international legislation to protect biometric data, because the Internet operates beyond country borders and the interaction is on a global scale.

Sir John Adye, chairman of UK firm Identity Assurance Systems, said that building public trust after the failed attempt to roll out ID cards in the UK would require a cautious, gradual approach.

The lack of established public trust is "the primary inhibitor” towards wider adoption of biometrics technologies in the UK, he said. “If we are going to rebuild or create public trust, we must have good examples of good systems, so that people can understand how their data is being used and can start to use biometric technology through convenience."

Adye warned that unsupervised authentication on mobile devices is an issue that will become increasingly important, both for users and relying parties.

“Internet use is a jungle. What happens to my personal data when I use it on a smartphone to prove my identity? Is another commercial company or even a hostile foreign government going to use it to target me? We need to properly organise this system."

The committee hearing ended with debate on how privacy can impact on biometrics, with witnesses warning again about the quick proliferation of technology without justification.

“Building privacy into design from the outset is very important," said Emma Carr, director of Big Brother Watch. “Many schools have in our view installed biometric technology simply because it was new and the most advanced thing to have, rather than actually being necessary."

Carr said a private sector ”arms race” to implement biometrics system was preventing guidance from being adhered to, and said harsher punishments were needed for any individual or corporate entities who violate privacy laws.

Related articles

UK to investigate current and future uses of biometric data and technologies