Abstract
The ethical and privacy implications of biometrics usage is a concern for individuals, companies, and almost anyone with an awareness of the concept of Protecting Personal Information (PPI). Although the present research paper article addresses biometrics as a whole, it briefly explains an ethics definition, before delving more deeply into the topic. This paper additionally discusses an overview of General IT behavior, serving as a segue into the larger discussion of biometrics. Several journal article, and peer-reviewed references help to round out the guidelines for understanding a wide range of biometric implications, environmental authentication climate, and privacy risks examples using electronic health records, and commentary on other social concerns, with possible solution.
Introduction
As the importance of habeas corpus is to legal functions in the court system, so is the imperative nature of biometrics as an information technology function is to every area of society. The age of information technology (IT) has ushered in myriad concerns and need for constraint in terms of privacy and risks. Privacy and ethics do not only entail identity theft in the form of personally identifiable information (PPI) protocols, but span every aspect of human activity in the age of electronically digitalized communications. For a broad example, consider the possibilities of social engineering, as arguably some would posit that Facebook may provide unwitting (or purposeful?) means of surveilling citizens activities and political opinions – as well as suspect of controlling content and advertising databases. See the problem? Despite the broad landscape of IT concepts and applications pertaining to privacy and ethics, this research paper focuses upon gaining a deeper understanding of how PPI and ethics meaningfully intersect with the use of biometrics.
General IT Behavior
So far, we know that due to the general nature of IT behavior, its use must include standards of advocacy and pedagogy in curbing unethical breaches of privacy. In other words, once an electronic footprint has been made in the cloud or via some kind of online routing (or data storage), the information is ‘out there’ so to speak. Corporations and all governments recognize this fact. It is no secret we live in an age of hackers, whom given the right set of circumstances and expertise, can find out launching codes of governmental weaponry. Obviously, the idea of identity theft rides along with this theory, endangering the banking and shopping privacy of any citizen so targeted. Although it seems biometrics usage would thwart some of this insalubrious behavior, mankind is inventive, and there will always be a chance for unauthorized access to data.
For an example of this generalized concern about PPI breaches and ethical behavior, consider the networking corporation of Cisco. The company manufactures networking equipment, and is quite well-known in the IT field. According to author George Reynolds (2015), when CEO John Chambers oversaw the firm he stated “At Cisco, we hold ourselves to the highest ethical standards, and we will not tolerate anything less” (p. 1). Briefly, to clarify what ethics is in the first place, the author provides a satisfactory definition. According to Reynolds (2015) ethics is about a “moral code by which society lives,” and basically is a “set of beliefs about right and wrong behavior” within a rubric of generally accepted norms (p. 3). Progressing on further to discuss biometrics, keep in mind that cloud computing and mobile devices have perpetuated even more complexity, in terms of privacy PPI protections, security, and IT-related ethical issues.
Biometrics
An understanding and perusal of the biometrics environmental and authentication climate is in order at this juncture. Fortunately, there are ways to help secure the biometrics environment in terms of its execution platform. According to technology researchers and expert Bhargav-Spantzel (2014) such an environment can “be leveraged effectively to provide trustworthy client-and-server-side biometric verification” (p. 162). The trusted platform he refers to as abbreviated is ‘TEE.’ One fascinating aspect of biometrics he considers is that biometrics, by its nature, is representative of an important class of what Bhargav-Spantzel (2014) calls “identity attributes” (p. 162). Obviously, the reader may guess where this explanation is going. Biometrics identification nearly works as uniquely pinpointing someone’s individual features such as iris/eyeball scanning or fingerprints. The comparison for positive identity has been used most often in crime data authentication. Nevertheless, the application of biometrics is clear.
The biometric data is used in conjunction with other security-enhanced apparatus such as passwords, pass codes, cryptographic digital inputs, and other location-based, or user-unique devices. One may ask, or wonder then: Why is there a security or privacy issue when the biometrics verification technology is based on such unique personal authentication? This is a great question. Yet Bhargav-Spantzel (2014) gives the straightforward, and simply reply that “storing biometric templates in repositories along with other personally identifiable information introduces security and privacy risks” (p. 163). If you really think about it, it makes perfect sense. Common sense dictates that while hardware and software precautions of security are in place, portability and mobility of cloud services may present opportunities for bypassing authorized authentication and access to PPI. In one European journal editorial, Friedewald and Pohoryles (2013) insist that biometrics has so many modern technological applications beyond “traditional industrial technologies,” and some of the issues raises, which coincide with privacy concerns, include “smart surveillance systems, body implants and neurotechnology, among others” (p. 3). A common example of privacy and ethical concerns for many have to do with medical recordkeeping.
Medical Health Records, As an Example
Nursing staff, above all others, is probably the key point of where advanced medical technologies in record keeping meets the possibilities for ethical or privacy compromises. Nurses face a challenging – yet often rewarding – field of professional expertise, in the face of enormous changes in emergent technologies. Huston (2013) states that biometrics is one of the components that “will change the practice of nursing in the coming decades” (“Impact of Emerging Technology on Nursing”). Also, given the factor that as elderly patients may become incapacitated, interventional figures will have access to their medical records and medications, and other personal data which has the potential of being abused. In terms of the electronic medical records themselves, Harman et al. (2015) write that “the key to preserving confidentiality” is ensuring only authorized persons gain access to information, and that many physicians are taking a “two-tier approach to authentication” by including biometrics (“Electronic Health Records: Privacy, Confidentiality”). Of course, biometrics is the larger field of which electronic health record are a part.
Electronic health records are a good example of the complexities that the use of biometrics represents. Some main reasons why involve the different pathways, and access of users involved in accessing a patient’s medical information. The physician has access, along with nursing staff attendants, and business and billing professionals. This is not to suggest that nobody in medical field can be trusted not to breach privacy standards and property, but it is a realistic concern. As aforementioned, there are caretakers and those with power of attorney who may be authorized access to patient records. It is easy then, to understand why some physicians are including biometric practices such as retinal eye scans, and palm, finger, or face recognition identifiers to their administrator systems of passwords.
Conclusion: Wider Social Concerns & Possible Solutions
Biometrics is obviously here to stay. There are those who believe that the greater threat does not come from the IT industry per se, but from Federal government snooping or other deleterious impacts not unlike social engineering concerns. One of the most profound sources of learning about digital rights in the world is EFF, or the Electronic Frontier Foundation. In a recent article on biometrics, EFF (2015) states that biometrics as typical “intrinsic physical” identifiers, inclusive of voice, DNA, and other bio-physical features, “can enhance our lives” according to private companies (“Biometrics”). Also, governments claim “biometric databases can be used for border security, to verify employment, to identify criminals,” and so on, but “the privacy risks that accompany biometrics databases are extreme” (“Biometrics,” EFF, 2015). The article claims that the ability for facial recognition can easily escalate to tracking and surveillance which could ‘become the norm.’ The publication advocates putting in protective privacy laws built into the front-end of biometrics technology, rather than wait until the technology has saturated society overall.
In conclusion, at the risk of appearing unpopular, the American fugitive and high-level IT expert Edward Snowden, insists upon the information technology sector creating barriers to privacy/ethical breaches. To this end, the best solutions may be technology-based after all. Despite the fact that technological knowledge is moving so quickly, Bayly et al. (2010) suggest that fractional biometrics is a way to safeguard privacy. Bayly et al. (2010) think that such a solution would effectively “mask” a portion, or “fraction of a person’s biometric image,” thereby constructing the possibility of a reduction in forgery and collusion (p. 69). The idea encompasses a technological solution, so that individuals’ privacy is not compromised or invaded by organizations (or governments) who may want to track our movements. One way to implement the concept, according to the authors, is by usage of error-correcting codes. It gets rather technical. However, this overview on biometrics has increased the knowledge of this observer, and helped as well in learning to correctly use Word tools and techniques to property format a research paper.
References
AMA (American Medical Association) Journal of Ethics. (2012). *{formerly Virtual Mentor}. Electronic health records: Privacy, confidentiality, and security [Data file]. Retrieved from http://journalofethics.ama-assn.org/2012/09/stas1-1209.html
Bayly, D., Castro, M., Arakala, A., Jeffers, J., & Horadam, K. (2010). Fractional biometrics: safeguarding privacy in biometric applications. International Journal of Information Security, 9(1), 69-82. doi:10.1007/s10207-009-0096-z
Bhargav-Spantzel, A. (2014). Trusted execution environment for privacy preserving biometric authentication. Intel Technology Journal, 18(4), 162-177.
EFF – Electronic Frontier Foundation. (2015). Biometrics [Data file]. Retrieved from https://www.eff.org/issues/biometrics
Friedewald, M., & Pohoryles, R.J. (2013). Technology and privacy. Innovation: The European Journal of Social Sciences, 26(1/2), 1-6. doi:10.1080/13511610.2013.768011
Huston, C. (2013). The impact of emerging technology on nursing care: Warp speed ahead. OJIN The Online Journal of Issues in Nursing, 18. Retrieved from http://www.nursingworld.org/MainMenuCategories/ANAMarketplace/ANAPeriodicals/OJIN/TableofContents/Vol-18-2013/No2-May-2013/Impact-of-Emerging-Technology.html
Reynolds, G.W. (2015). Ethics in information technology. Boston: Cengage Learning.