Subscribe | UPI Odd Newsletter Subscribe WASHINGTON, Dec. 18 (UPI) -- Emerging technologies that identify people by their physical characteristics -- long feared as intrusive by civil libertarians -- actually have the potential to secure the privacy of the individual, said the owner of a Dublin-based "biometrics" company. But an official of the American Civil Liberties Union, while declining to comment on any particular biometric system, said "it's a fact of life" that data bases and "privacy-invading technology" inevitably are used for new purposes and inevitably are abused. Advertisement Networks that ID individuals by fingerprint, the iris of the eye, facial features, or voice "enable the ethical user to assert his identity in multiple applications and protect privacy at the same time," Oliver Tattan told United Press International in a phone interview from Dublin. "Voice is the least accurate so far," he said. "Iris is quite good, but there aren't as many vendors and not as much experience with it. Finger is the most mature technology. " Advertisement Tattan is CEO of Daon, which means "human being" in Gaelic. His company, which also has offices in New York and London, provides "biometric infrastructures." The technologically challenged reporter asked what this means. "We have lots of servers. That's it," Tattan replied. He said if one's identity is enrolled into the system -- for instance, through fingerprints -- "you can assert that identity and interact with any application that also supports our technology." Airport deployment is one of the better examples. He sketched a scenario in which a passenger is enrolled by the U.S. Transportation Security Administration. "After that, you just tell them who you are at the check-in counter, touch a little device, and up pops your e-ticket. Same with the boarding pass. It shows that, yes, this person is supposed to be on the plane at this time, and you're allowed through." But many biometric "deployments" start with staff rather than consumers, he said, such as the one at London's City Airport. Employees there use a Daon security system to get through doors and log on to computers. Operators of baggage scanning machines use the system to "authenticate themselves." Tattan said biometrics enable one to put a digital signature on electronic documents and feel safe that it hasn't been tampered with afterward. "It leaves your stamp. The signature is locked and encrypted and can be proved in a court of law." Advertisement Clinicians concerned about the security of medical patients, especially if data are sent over the Internet, can use biometrics to lock files, Tattan said. What about the American concern for civil liberties, the right to anonymity, and the right to be free from scrutiny by the authorities? "In Europe, privacy is far more rigidly protected than in the United States," Tattan replied. "Every European state has a privacy commissioner. Specific European directives protect privacy. In the United States, there is no actual right to privacy. It's implicit. But in Europe it's explicit." However, the German requirement to register with the authorities when moving from town to town would be anathema for Americans. Also, in the United States the presumption is you have the right to be somewhere unless prohibited. A policeman can't simply come up and demand to see your identification and make you state your business, as he can in Europe. "You've got a very good point," Tattan said. "In a way I suppose there are different definitions of privacy." The countries of continental Europe have national ID cards. "But government departments in Europe are not allowed to share information about you among themselves. ... The rule is that information can only be used for the purpose for which it was originally gathered." Advertisement Tattan said the European Commission has come to the conclusion that biometrics have the potential to protect privacy. "Privacy is about keeping your data to yourself. We can enhance privacy by protecting data in a better way, either keeping it to yourself or creating a record of who looked at it." What about a stolen biometric identity? "We have architected our solution so it is impossible to do that," he said. "There are no systems administrators or super-users." Identity templates are encrypted in military-grade, hardware-security formats, the executive said. "It can't be got at. The only way your identity can be pulled out of the data base and asserted to an application is by you actually being there and, for example, putting your finger on a device." Tattan addressed the issue of the consolidation of citizens' data for homeland security. Privacy can be safeguarded in that kind of environment by protecting one's consolidated file biometrically, he said. "If someone from the FBI, the INS, or the IRS looks at your file, biometrics leaves an ineradicable audit trial behind them" identifying the individuals. "Indeed, you yourself can access your own file -- let's say via the Internet -- biometrically, let's say you've got a little reader, and only you can look at it." One can make sure the file correct and see who's been in it. Advertisement "Security and privacy are not necessarily opposed. If systems are properly architected, they can be the same thing," Tattan said. Barry Steinhardt, director of the ACLU's Technology and Liberty Program, said his organization supports the right biometrics for the right purpose, especially in high-security locations. But the generalized use of biometrics can be abused," he told UPI. "If you put a fingerprint on a driver's license, then everybody from the 7-Eleven to your landlord to your employer is going to begin to demand that you present your finger, and it will become a way of tracking you." He said there is talk of installing biometric access to a housing complex in New York City. "Ultimately, there will be a great demand for that information," Steinhardt said, and he cautioned that the data could be made available "to the local shopkeepers, the police -- you name it." Steinhardt said a one-to-one match is less invasive of privacy than a one-to-many match. "For example, you could issue a card that had a finger scan on it to your tenants to get into the building. But the template is not sitting in a centralized database which can be transferred to third party. Businesses do this all the time in high-security locations. ... You've got a finger scan on a card, you present the card and present your finger to the scanner, and if there's a match you're let in. That's very different from the company or the government maintaining a centralized database with biometric templates that can be made available to third parties for unrelated purposes. Advertisement "The history of data bases in this country is function creep," Steinhardt said. "The prime example of that is the Social Security number. "Databases and privacy-invading technology inevitably are used for new purposes and inevitably are abused. It's a fact of life," he said.
