ISO/IEC report clarifies issues related to biometrics for identification
FEBRUARY 20, 2009--Societal, cultural, and ethical issues related to the use of biometrics in security systems for identifying people are clarified in a new technical report by ISO and the IEC, two of the world's principal developers of international standards.
Biometric technologies are currently required in many public- and private-sector applications worldwide to authenticate an individual's identity, secure national borders, and restrict access to secure sites including buildings and computer networks. ISO/IEC TR 24714-1:2008, Information technology - Biometrics - Jurisdictional and societal considerations for commercial applications - Part 1: General guidance, offers guidance on the design of systems that use biometric technologies to capture, process, and record biometric information.
Fernando Podio, chairman of the ISO/IEC Joint Technical Committee 1, Information technology, subcommittee 37, Biometrics, that developed the report, says, "For decades, biometric technologies were primarily used in law enforcement applications. Currently, they are increasingly being required in multiple applications worldwide. These technologies provide the opportunity for deployment of significantly better security for physical and logical access control. ISO/IEC TR 24714-1 will help biometric-based system users, writers of system specifications, and decision makers in the context of cross-jurisdictional and societal considerations for commercial applications of biometrics."
The technical report gives generic recommendations providing principles, guidelines, and considerations for the design and implementation of biometric systems, including the following:
- Jurisdictional issues related to privacy and protection of personal information
- Health and safety issues
It also addresses conditions of the physical environment that may affect the operation, accessibility, and usability of a biometric system and continues with the societal, cultural, and ethical aspects of biometrics; it also discusses acceptance of the use of biometric characteristics. The report does not address specification and assessment of government policy.
ISO/IEC TR 24714-1:2008 covers the following:
- The capture and design of initial requirements, including legal frameworks
- Development and deployment
- Operations, including enrollment and subsequent usage
- Inter-relationships with other systems
- Related data storage and security of data
- Data updates and maintenance
- Training and awareness
- System evaluation and audit
- Controlled system expiration
Some of the benefits to be gained by the primary stakeholders of ISO/IEC TR 24714-1:2008 (designers, implementers, and system operators of biometric systems) by following the recommendations and guidelines of the standard are:
- Enhanced acceptance of systems using biometrics by subjects
- Improved public perception and understanding of well-designed systems
- Smoother introduction and operation of these systems
- Potential long-term cost reduction (whole life costs)
- Increased awareness of the range of accessibility-related issues
- Adoption of commonly approved good privacy practice