1997’s “Gattaca” has something of a cult following. The story is set in a futuristic society in which genetics determines destiny. The protagonist, of course, overcomes all obstacles through sheer will power, and by “borrowing” someone else’s DNA, in the form of blood, urine and hair samples. The security measures put in place to catch the “in-valids” failed in the face of someone determined to circumvent them.
Fast forward almost twenty years and relying on biometric data as a security measure is no longer fiction. In the U.S., the Department of Homeland Security intends to use fingerprints and iris scans to prevent fraudulent travel on a passport, and New York has had good luck using facial recognition software to combat identity theft. Consumers, too, have adapted to emerging technology, embracing the ability to lock their smartphones with fingerprints instead of hard-to-remember codes. What could possibly go wrong? From a privacy standpoint, quite a lot. Fingerprints are not actually kept “secret,” as we leave them everywhere we go, and a determined hacker just might be able to make suitable copies of your fingerprints using a printer. Moreover, there is nothing to preclude law enforcement agencies from drafting warrants that—if issued— would allow them to collect your fingerprint and use it to unlock your phone.
While the government’s use of biometric data will present new and interesting legal challenges, we will undoubtedly see a rise in civil suits too. To date, courts have had the most experience with claims under Illinois’s Biometric Information Privacy Act (BIPA).
- Snapchat has been accused of misusing facial recognition software. Its argument is that it uses object—not facial—recognition.
- After twice failing to get a BIPA claim dismissed, Facebook is arguing that the statute is unconstitutional because it restricts interstate commerce.
- Other defendants have settled cases in which it was alleged that they failed to comply with BIPA’s notice and consent provisions. Shutterfly settled for an undisclosed amount earlier this year. More recently, a tanning salon, L.A. Tan, agreed to a $1.5 million settlement after failing to get consent from its members regarding collecting, storing and using their fingerprint data.
Considering that Connecticut, Washington, Wisconsin, Texas and Massachusetts all have existing (or pending) legislation that explicitly addresses the use of biometric data, things are bound to get more and more interesting.
Follow me on Twitter: @sroberg_perez