The road to disastrous biometric data collection is paved with good intentions

There has been a rather fervent acceleration in planned biometric data collection in recent months. If you’re not worried about it, you should be.

In fact, silly as it sounds, try being more worried about it than seems normal. After all, for-profit biometric data collection has undergone an astounding degree of normalization in the last decade. The idea of Apple scanning your fingerprint on a daily basis once sounded startling. Now it’s how we unlock our banking app and our laptop — unless, of course, we do it with our face. It’s gone mainstream.

We embraced FaceID, thumbprint scanning and similar functions specifically because they are convenient. No passcode, no problem.

Corporations and businesses saw this, and now convenience is among the two biggest reasons typically given for the adoption of biometric data collection – the other is public safety, which we’ll get to later. Quick biometric scans, we’re told, make things faster and easier.

In a bid to save time, a number of primary schools throughout the U.K. recently implemented facial scanning for lunch payment. Several schools ended up suspending the program after data privacy experts and parents pushed back. They argued convenience was not exactly worth the price of the accumulation of an entire database of young children’s faces stored on a server somewhere. And they’re right.

Music for your ears, palm print for your ticket

This September, U.S. ticketing company AXS announced a flagship program to use Amazon One palm-print scanners at Red Rocks Amphitheater as an optional alternative to print or mobile concert tickets (with plans to expand into additional venues in the coming months). The decision was met with immediate resistance from both privacy experts and musicians, and it was hardly the first flashpoint over biometric data collection within the live music industry.

In 2019, major promoters LiveNation and AEG (which coordinates major festivals such as Coachella) stepped back from plans to invest in and implement facial recognition technology at concerts after public outcry from fans and artists.

But the fight over the use of biometric recognition during live entertainment is far from settled. When the coronavirus pandemic sent professional sports executives who depend on full stadiums back to the drawing board, their new plans often incorporated mass facial recognition. Faces would replace tickets, and this would ostensibly make everyone safer from the virus.

These executives are determined. The Dutch football team AFC Ajax is seeking to reinstall its pilot facial recognition program that was initially halted by data protection regulators. Henk van Raan, the chief innovation officer of Ajax’s home field, Amsterdam ArenA, was quoted in The Wall Street Journal as saying, “Hopefully we use this coronavirus pandemic to change rules. The coronavirus is a bigger enemy than [any threat to] privacy.”

This is terrible reasoning, as the risks posed to our privacy are in no way mitigated or lessened by our risk to a virus.

In the same article, Shaun Moore, CEO of facial-recognition supplier Trueface, described his conversations with professional sports executives as overwhelmingly concerned with touch points by sidestepping the handing over of credentials, citing the risk of virus transmission while scanning ticket barcodes.

This is a stretch, and you don’t need to be an epidemiologist to call it one. When the main event involves a big crowd of people yelling and cheering next to one another, it’s probably not the momentary masked interaction when an agent scans a ticket that is worth worrying about. As the safety argument falls apart, so does the convenience one. The simple fact is that our lives are not made exponentially and meaningfully better by the replacement of a mobile ticket with our palm print. Those extra five seconds are a moot point.

It’s interesting to see van Raan speak so directly about using the pandemic to override privacy protections and concerns. But his reasoning is frightening and flawed.

Yes, the coronavirus is a real threat, but it’s not an “enemy.” It’s not embodied, nor does it have a motive. It’s a virus. It is outside human control. In insurance terms, it’s an “act of God.” And it’s being used to justify something that is very much in human control: The huge uptick in biometric data collection under the guise of public safety or convenience.

Public safety and free societies

Public safety is often the cause upon which increased biometric surveillance is foisted. In August, U.S. lawmakers introduced a mandate that would require auto manufactures to include passive technology in new cars to prevent drunken drivers from starting vehicles. That “passive” tech could end up being anything from eye-scanning devices and breathalyzers to an infrared sensor that tests BAC levels through the skin.

Sure, this is a seemingly noble cause with a respectable motive. The U.S. National Highway Traffic Safety Administration estimates that drunken driving kills nearly 10,000 people per year; the European Commission lists a similar number for the EU.

But where is all that data going? Where is it being stored? Who is it being sold to, and what do they plan to do with it? The privacy risks are too great.

The pandemic obliterated many of the obstacles standing in the way of the adoption of mass biometric data collection, and the consequences will be disastrous for civil liberties if it’s allowed to continue in this manner. The intensity of surveillance is ramping up in record time, making governments and for-profit corporations privy to that most private minutiae of our lives and bodies.

A mobile ticket is surveillance enough – it announces to the system you’ve entered the venue at an exact time, after all. Don’t fix it if it’s not broken! And don’t add biometric data collection just because you can under the shaky guise of not spreading germs.

Give out as little biometric data as possible, period. It’s not enough to avoid giving your biometric data to Google or Amazon specifically, given those corporations’ abysmal records when it comes to, say, basic human rights and civil liberties.

A smaller company unaffiliated with your typical tech giant might feel like less of a threat, but don’t be fooled. The moment Amazon or Google acquires that company, they acquire your and everyone else’s biometric data with it. And we’re back where we started.

A safe society need not be a heavily surveilled society. We built increasingly safe and healthy societies for centuries without the use of a single video camera. And beyond safety, heavy surveillance that is this detailed and individualized is the death knell of a society that values civil liberties.

Maybe that’s what this all comes down to. A free and open society is not without its risks – this is, arguably, one of the major tenets of Western political thought since the Enlightenment. Those risks are far preferable to those of living in a heavily surveilled society.

In other words, there’s no getting off the biometric grid we’re heading toward. The time to stop the slide by regulating and eliminating unnecessary biometric data collection, particularly when for-profit corporations are involved, is now.