Privacy concerns over ‘biometric information’ like facial recognition fuel debate

  • Voice prints like these are one of the pieces of "biometric" data useful for identifying people that would be covered by the state's consumer protection laws under a proposed law. National Institute of Standards and Technology—courtesy

  • In this photo taken Sept. 15, 2014, Benoit Fauve, a speech scientist with a voice recognition technology company ValidSoft, points to a screen displaying the voice biometric features of a telephone call during a demonstration at the company’s office in central London. An Associated Press investigation has found that two of America's biggest retail banks, Chase and Wells Fargo, are quietly taking some callers' voiceprints to fight fraud. (AP Photo/Lefteris Pitarakis) Lefteris Pitarakis

Monitor staff
Published: 4/30/2019 4:26:28 PM

Thanks to technology, it is becoming possible to identify individuals through recordings of the way they walk, the pattern of blood vessels on the back of their eyes, even the way in which they strike a keyboard while typing, not to mention the vast trove of unique information available from genetic testing.

How much control should people have over this information after it is gathered? That’s the question behind a bill that would place “biometric information” inside the state’s Consumer Protection Act, allowing the attorney general’s office to investigate and people to sue if they think businesses used that information “for any purpose other than that which the individual reasonably expects.”

The protection is needed, argues the bill’s main sponsor, Rep. David Luneau, D-Hopkinton, because identifying data linked to your biology is radically different that other identifying data like a drivers’ license or Social Security Number. 

“You can change those, break the association. You can’t with biometric information. Your DNA is your DNA, you can’t unlink it from your identity,” Luneau said during a hearing Tuesday before the Senate Commerce Committee.

The issue of biometric privacy is being debated around the county. Earlier this year the Illinois Supreme Court, for example, struck down an attempt to dilute decade-old state legislation which requires consent from customers before companies collect “biometric markers,” including fingerprints and facial recognition models. Among other things that law has been opposed by companies like Google and Facebook that use facial recognition as a photo-sorting tool.

The New Hampshire bill, HB536, which has passed the House, mostly drew opposition at Tuesday’s hearing, although several opponents said they supported its aims.

“Our quarrel is not with the intent,” said Andrew Kingman, an attorney representing the Privacy and Security Coalition.

Kingman argued that the bill was too sweeping and vague. He presented a scenario in which a consumer would have different, but unspoken, assumptions about the way a clothing company dealt with its security camera footage as compared to the way the adjoining technology store dealt with similar footage.

He also argued that targeting “biometric information” rather than “biometric markers,” the term used in Illinois, is a problem because it could cover such things as messages left on company answering machines, which could be used to generate uniquely identified digital voice prints.

Similar arguments were made by a representative of the Business and Industry Association and one representing the Internet Association, a trade group of companies that sell and do business online. 

Brandon Garod, an assistant attorney general who will soon take over the consumer protection division, took no position on the bill but warned senators that it might swamp the four attorneys in the division, who currently handle about 3,000 complaints a year.

“We don’t know how this will affect the number of consumer complaints. If there were an enormous influx – say another 1,000 a year –  we would need additional resources,” Garod said. “We are at capacity.”

Not surprisingly, the bill was supported in testimony from Neal Kurk, a former representative from Weare who was well known for his support of personal privacy. He helped write a previous bill that created a study committee, which led to the current proposal.

Kurk said that placing the issue of biometric information under the Consumer Protection Act would not affect internal business applications, such as using iris scans to identify employees. 

“A reasonable person should have reasonable expectations of what should be done with his information,” said Kurk. “You’re locked in with whatever others are doing with that information … There’s no going back. You can’t get a new face, can’t change your DNA.” 

Under the proposed bill, “biometric information” is defined as “an individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity.” It includes, the bill says, “imagery of the iris, retina, fingerprint, face, hand, palm, and vein patterns, and voice recordings, from which an identifier template, such as a face-print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.”

(David Brooks can be reached at 369-3313 or dbrooks@cmonitor.com or on Twitter @GraniteGeek.)

 




Concord Monitor Office

1 Monitor Drive
Concord,NH 03301
603-224-5301

 

© 2020 Concord Monitor
Terms & Conditions - Privacy Policy