RFID, GPS Technology and Electronic Surveillance

New Hampshire Seeks to Outlaw Biometric IDs

February 16, 2010

Infosecurity - A bill being considered by the New Hampshire House of Representatives would ban the use of biometric data for either state or privately issued IDs. The legislation would forbid the use of biometric data coupled with IDs as a condition to obtain services from businesses or government agencies. The lone exception to the ban would include employee identification cards.

The bill – HB1409 – would bar private businesses and government agencies from taking biometric data as a means to verify a person’s identity. According to draft legislation, it would include the following forms of biometric data: fingerprints, palm prints, or other measurements of ridge patterns or fingertip characteristics; facial feature patterns; handwritten signature characteristics; speech recognition data; iris recognition data; keystroke dynamics; hand geometry; retinal scans; and DNA/RNA. Infosecurity notes that New Hampshire has previously banned the use of biometric data and RFID in driver’s licenses and license plates.

State Representative Neal Kurk, co-sponsor of the bill, told Infosecurity that biometrics can be useful in certain situations, but he does not think the time has come to implement these systems in New Hampshire without first addressing personal privacy concerns.

“Biometrics serves and will increasingly serve important functions in our lives, but at this time for most folks they are new, perhaps a bit strange and, indeed, often frightening”, he said. “Fingerprints, for example, are associated with criminality, and so one may feel that a business or government asking for fingerprints perceives [them] in that light.”

The New Hampshire legislator takes issue with how biometric data will be used by agencies other than those originally slated to collect and employ the data.

“Will some biometrics be used to create government- or privately controlled dossiers and databases containing personal information about one that may be used in ways of which [the person] is neither aware nor approves?”

Kurk acknowledges that biometrics can be used for legitimate purposes but is leery of potential biometric information sharing between government agencies, especially in the absence of specific guidelines governing their use in a particular situation.

“HB1409 was introduced to provide privacy protection to New Hampshire citizens,” he commented. “As people learn more about the benefits of particular systems in particular applications and are comfortable with any privacy trade-offs involved, I would expect the legislature to amend the statute accordingly.”

Not surprisingly, Walter Hamilton does not believe that the use of biometrics for identification is a violation of personal privacy. Hamilton is the chairman of the International Biometric Industry Association (IBIA), a Washington DC-based trade group that advocates for biometrics in both the private and public sectors.

“The technology is privacy neutral,” he told Infosecurity, “It’s the application of the technology that poses privacy concerns to some.”

While Hamilton concedes the ‘criminal-like’ stigma of certain biometric measures, he notes that states have the option to prohibit, via legislation, the sharing of this information with other agencies. He points out that social services agencies in states like Connecticut actively use fingerprints to verify identity, and the state passed a law that prevents distributing this information to other government entities.

“They have not thought through all the unintended consequences of the legislation, all the beneficial aspects of biometric verification,” said Hamilton in reference to HB1409. “They should narrow the focus of the legislation to focus on specific concerns.”

Smart Electricty Grid Could Lead to Privacy Stupidity, Warns Commissioner

November 19, 2009

Infosecurity - A smart electricity grid could lead to some stupid privacy decisions, according to a report issued by the Information and Privacy Commissioner of Ontario, Canada.

The Commissioner, Anne Cavoukian, issued the report along with the Future of Privacy Forum (FPF). Entitled Smart Privacy for the Smart Grid, the report warns that as electricity companies collect more information about customers' energy usage, they could put their privacy at risk.

Smart grid technology works by using two-way meters that communicate information about a customer's energy usage back to the utility. In many cases, they also enable the utility to control the customer's power consumption throughout the day, and regulate load across the grid more efficiently.

"While this is beneficial and supports valuable efforts to curb greenhouse gas emissions and reduce consumers’ energy bills, it introduces the possibility of collecting detailed information on individual energy consumption use and patterns within the most private of places — our homes," the report said.

Cavoukian worries that companies will be able to infer private information about the lifestyle of a household's residence such as the number of occupants, when they are at home, and when they sleep -- which leads to privacy issues.

"For many, these will resonate as a 'sanctity of the home' issue, where such intimate details of daily life should not be accessible," it said.

The news comes just days after Microsoft signed XCel Energy as a partner for Microsoft Hohm, a smart grid service that enables residential users in the US to profile the energy usage and share it with other users in their geographical area.

The smart grid service, which takes a social networking approach to achieving energy efficiency, lets the customers of partner utilities automatically upload information about the energy usage. Customers who don't deal with utilities partnering with Hohm can enter details about their households themselves, including some of the parameters that Cavoukian worries about.

"We must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform", said the report. "Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy."