With America on full alert for the foreseeable future, interest in biometric scanners-devices that verify a person's identity by measuring unique features such as nasal curvature, iris patterns, or hand shape-has been booming. But civil liberties watchdogs, privacy advocates, and even some security gurus warn that the devices are less effective than advertised and that the personal data they generate could easily be misused.
Currently, biometric tools are primarily marketed as "smart locks" to prevent trespassers from entering restricted areas such as military bases. But industry observers foresee much broader applications, from fingerprint readers at atms to iris scanners in office elevators; already, a number of airports have announced plans to install facial scanners designed to identify criminals. By 2005, biometrics is projected to be a $3.5-billion industry.
"There was no single moment when we were all given email addresses," Samir Nanavati of the consulting firm International Biometric Group told the journal Computing in October. "It will be the same with biometrics. You won't even notice adoption over the next two to three years. It will just happen."
One problem with biometric devices, many security experts warn, is that they can only compare the features of individuals scanned with profiles stored in a database-and a database of potential evildoers worldwide is nearly impossible to assemble. Just two of the September 11 hijackers had previously been flagged by federal authorities. "Terrorists are unlikely to pose for photo shoots," notes Bruce Schneier, founder of San Jose-based Counterpane Internet Security and a longtime civil liberties advocate. "You might have a grainy picture taken five years ago from 1,000 yards away when he had a beard."
Then there's the matter of false alarms: Even a device with a 99.9 percent accuracy rate, far better than any of those now on the market, would generate 1,000 false positives for every 1 potential miscreant it ensnared. "The population of nonterrorists is so much larger than the number of terrorists, the test is useless," Schneier says. "It's a system that has enormous costsÑmoney to install, manpower to run, inconvenience to the millions of people incorrectly identified, successful lawsuits by some of those people, and a continued erosion of our civil liberties."
Other privacy advocates worry that the detailed nature of biometric data-which could reveal, for instance, how much time someone spends at a particular building-will tempt authorities and marketers to expand their use. "You're compiling a database that has three variables in it: time, space, and identity," says Jay Stanley of the American Civil Liberties Union. "And that's a very scary prospect." For the time being, though, few Americans seem troubled by such concerns. According to a Harris Poll released in October, 82 percent of those surveyed would allow their fingerprints to be scanned at the airport. "People are willing to do this right now," says Richard M. Smith, chief technology officer at the Privacy Foundation. "It's almost seen as patriotic."