The use of biometric data is the latest suggested improvement in securing our identities and transactions. It’s used for example with our passports when travelling outside of Australia, by the ATO and Services Australia (CentreLink), as a feature on many mobile devices, and to access laptops/PC’s.
The biometrics in common use include voice recognition, finger print scanning, and facial recognition, (FR). In difference to a pin or pass phrase which can be changed, biometric data which also includes DNA are fixed.
The OVIC (Office of the Victorian Information Commissioner) has released a discussion paper on the use of biometrics. It suggests there are legislative gaps considering how biometric data is saved and potentially used. In particular FR data which can be acquired and used without agreement of the owner. Further comment includes once a biometric identifier is compromised it cannot be reset like a pin or pass phrase.
How do others see the use of biometrics for ID?
- as an improvement to security of personal information,
- of greater benefit to third parties than the individual,
- more convenient than a pass phrase or pin
- still dependant on digital security, IE only as secure as the systems that store the biometrics and capture the biometrics
Several of the examples of how biometrics are now being used include instances where opting out is not practical or possible. Choice took on concerns with the use of FR by several large retail chains. It’s just one example that asks whether the use of personal biometric data is adequately regulated and controlled in other consumer settings.