Fingerprints. Iris scans. Blood samples. Faceprints. These types of data, referred to as biometric identifiers, are some of the most sensitive forms of identification in existence. Unlike Tom Cruise in Minority Report, you can’t just swap out your eyes in order to evade detection. Most of us aren’t likely to sand off our fingertips. Biometric identifiers are almost exclusively permanent; if an unauthorized party gains access to that data, it can’t be changed with the ease of a credit card number or even an email address. Once biometric data is breached, improperly shared, or used for tracking, it’s very difficult for an individual to regain control and prevent misuse.
We believe that collection of biometric data should be extremely limited.
Regulatory proposals that require the collection of biometric samples need to be re-evaluated in an era in which such data is collected from many more individuals — and in which that data is much more vulnerable. A proposal in Austin to require ridesharing companies to have their drivers fingerprinted has good intentions: the city wants to protect the safety of its citizens by insuring that all companies operate under the same regulatory obligations, which includes driver fingerprinting. All companies — whether longstanding or new entrants — should be subject to the same regulatory requirements to promote fairness. But in the modern era, some regulations may not be the most effective, least intrusive way of promoting safety.
We believe that collection of biometric data should be extremely limited. In many states, government agencies collect fingerprint data they may not need, such as from state bar associations to educational institutions to massage therapists. While fingerprinting requirements may serve valuable government purposes like promoting public safety, the electronic storage and transmission of biometric data in the modern era raises new questions. Fifty years ago, a fingerprint sample would be taken with an inkpad and paper and stored in a file cabinet. Now, it can be read and stored digitally (no pun intended) —increasing efficiency, but also increasing the likelihood of unauthorized access or misuse.
Promoting safety through means that don’t require the collection of new data would likely do a better job of threading the needle between individual privacy and public safety.
If the issue in Austin and other jurisdictions is to promote public safety by insuring that all drivers pass a background check, then all drivers should need to comply with local regulations. Yet the resultant increase of data means that the government should adopt the least privacy-invasive method, using a procedure that is proportionate to the risk being mitigated. Background requests don’t need to include fingerprints to be effective. Promoting safety through means that don’t require the collection of new data (such as comprehensive background checks or interviews) would likely do a better job of threading the needle between individual privacy and public safety.
In general, given the sensitivity of data and the potentially wide-ranging results of attacks on government data centers, we believe that governments should attempt to promote their goals through regulations that collect a minimal amount of data. Our guidance on how governments should strike this balance provides multiple examples of how to craft privacy protective regulatory and legislative proposals; we hope that policymakers take this guidance into consideration when designing programs that implicate individual privacy and security.