Looking at a recent article on SmartMetric, a fingerprint activated ID card provider, it mentions briefly "storing a wide variety of personal information while protecting you against identity theft and fraud," however from there it doesn't elaborate in the slightest as to HOW.
Even on the company's webpage, privacy is implied, but never explained. After extensively searching the site, I find a statement seemingly regarding privacy, saying "all your personal information is stored on the card, not on a central database. You are protected from hacking and unauthorized accesses because only you can unlock the information" by passing in your fingerprint. My main questions now are: what happens to that information once it is transmitted? and what happens if that card falls into the wrong hands?
The question of what happens if the card is lost or stolen isn't addressed throughout the entirety of the company's website. Now I expect that there are various protections against users without matching fingerprints getting data off the card, it might be possible for criminals to breach the card's security if they can physically get their hands on it. If that were possible, they would seemingly have stolen the user's identity, money, intellectual property and history. By consolidating all this information into one handy card, it also increases the cost if the card is lost or stolen. Now in all likelihood, technological masterminds aren't going to go around beating up businessmen for identity cards, however it is enough to make someone nervous. It is like Britain consolidating its tax histories on one disk, it increases the penalty if the card is lost.
Regarding the information once it is submitted, there is no hint of explanation and it is harder to suppose answers because of the number of available solutions. Perhaps the data is encrypted and sent to the receiver of the biometric data (in most cases an employer or the other party in a funds transfer). But without any information on the website, how would a consumer of this technology know? To the best of their knowledge, this device could be 100% secure up until the moment your fingerprint was scanned and suddenly *bloop* your personal, biometric, financial, locational, and corporate information was just sent to the receiver, but 84 other people in the surrounding area with RFID readers also got a copy.
It may be "one of the most advanced portable identity authentication solutions in the world today," however not only are it's privacy protections unarticulated, but it is bound to the same control issues as other technologies I have mentioned before. SmartMetric supports itself, stating "the company believes that the transmission security offered through its SmartCard and integrated biometric technologies are superior to that of automated teller machines." However again, no mention of how. Further, the company brightly chirps "perfect for keeping track of the population within a given space for government or corporate use." Enabling employers to track and control their employees, that is a good thing? Well perhaps in balance with security it is, however giving that control to the government by putting the passes in passports, drivers licenses, or health insurance cards allows the government to perform "tracking of an individual within a building" or "location of persons electronically." It sounds now like this technology is designed specifically to help employers become "masters".
It may be "one of the most advanced portable identity authentication solutions in the world today," however not only are it's privacy protections unarticulated, but it is bound to the same control issues as other technologies I have mentioned before. SmartMetric supports itself, stating "the company believes that the transmission security offered through its SmartCard and integrated biometric technologies are superior to that of automated teller machines." However again, no mention of how. Further, the company brightly chirps "perfect for keeping track of the population within a given space for government or corporate use." Enabling employers to track and control their employees, that is a good thing? Well perhaps in balance with security it is, however giving that control to the government by putting the passes in passports, drivers licenses, or health insurance cards allows the government to perform "tracking of an individual within a building" or "location of persons electronically." It sounds now like this technology is designed specifically to help employers become "masters".
Given the unarticulated privacy protections and worrisome suggested uses, this technology embodies the consumer's worries about location-based technologies. Without better protection from both interception of data and misuses of the technology, this technology will find no audience with privacy concerned consumers. On a higher level, it is the duty of good reporting to provide information of concern to the audience, and the protection of our fundamental right to privacy is certainly of concern to consumers.
Sources:
http://money.cnn.com/news/newsfeeds/articles/marketwire/0556805.htm
Sources:
http://money.cnn.com/news/newsfeeds/articles/marketwire/0556805.htm
You raise an interesting point about what information companies feel is relevant to provide to consumers. What kinds of information should it be standard to provide? Presumably people aren’t equipped to handle lots of technical details about encryption schemes, etc., so how could this be put into something like nutrition labeling that gets the most important and relevant facts in an understandable form?
ReplyDelete