In the Uma Thurman vehicle Gattaca, Big Brother relies on biometric data to practice an insidious form of eugenics. The lead character steals human DNA to unlock the doors to career and success.
We're not there yet, and we may never be. But the potential misuse of biometric data has long captured the public's imagination.
On Friday, the International Biometric Industry Association recommended a standardized set of "privacy principles" aimed at keeping tight reins on that most personal of consumer data: retina scans, voice recognition files, fingerprint files, and DNA information.
"We recognize the need for regulation in this industry, in both the private and public sectors," said spokesman Richard Norton.
Biometric privacy is not an issue on the average consumer's radar, partly because it is most widely used in sealed corporate environments or prisons.
But information kept about consumers on the Net and elsewhere is becoming an increasingly hot issue in Washington. So far, the political tide is pointing to self-regulation, a scenario in which the industry would police itself.
In setting out its privacy principles, the biometrics industry welcomed government regulation. Norton called for laws governing the use and storage of machine-readable human biological data.
In California, at least a dozen bills in development cover biometric privacy. State Assemblywoman Liz Figueroa (D-Fremont) has introduced a bill that would slap a US$10,000 fine on insurance companies, HMOs, and pharmaceutical benefit processors who knowingly sell or share medical information -- including biometric data -- for commerical use, without an consumer consent.
Norton also called on the biometric industry to implement strong user control and access rules.
"The IBIA believes the private sector should set forth clear policies on how biometric data will be stored and used and collected, and that individuals have the right to know when data is being collected, and they should have the right to limit distribution of that data," he said.
But the IBIA has not come up with specific recommendations on how these goals may be accomplished, because, Norton said, "there are too many different scenarios, and right now we just want to offer a broad policy."
But very fact that there are so many different scenarios is the problem, said Simon Davies, who is an instructor on privacy and data protection at the London School of Economics.
"We've learned from experiences around the world, like, say with closed-circuit television, that such attempts at regulation are ineffective," he said.
"The point is that once biometric data has been collected, and used on a public system, it is impossible to stop it completely from spreading, being used for other purposes," said Davies, who is also the founder of the watchdog group, Privacy International.
Alex Fowler of the Electronic Freedom Foundation said that his group approves of creating regulations. But he cautions that situations will inevitably arise that the biometric industry will have a hard time anticipating.
"For example, in Silicon Valley, every week there is the merger of these companies, or the acquisition of that company. Or a company may go bankrupt. What happens if these collapsed companies have stored biometric data?" Fowler said.
But Norton remains confident that the potential perils of biometric data collection and storage are manageable.
"With proper industry transparency, and compartmentalization of data," principles of privacy can be maintained."
