The Hidden Dangers: Unveiling the Security and Privacy Risks Lurking in Biometric Authentication

2.2 Facial recognition 

Facial recognition was a revolution in the biometric technology. Especially, in the last 10 years it become a popular topic. Since 2001 September 11, there has been a strong movement to integrate face Recognition techniques into national security plans. This technology can be used in monitoring activities, it has the ability to access large databases of images obtained during identification processing. This technology can be considered an easy to implement. Most of the cameras included in laptops and other portable devices are capable, with the right software, of capturing a passable facial image. Face recognition algorithms are varied, like  PCA (Principal Component Analysis), ICA (Independent Component Analysis), LDA (Linear Discriminant Analysis), EP (Evolutionary Pursuit), EBGM (Elastic Bunch  Graph  Matching),  Trace  Transform  Radon,  Hidden  Markov  Model, Eigenfaces  Model, Fisher Model,  AAM  (Active  Appearance Model),  Artificial Neural Networks, 3D Morphable Model, 3D Face Recognition are frequently used algorithms. Recently,  face recognition algorithms have been developed by using machine learning. 

In  2D  facial recognition techniques take recordings with a single camera and convert it to numerical value by using the algorithm that it uses. However, this may even be affected by the user’s facial expressions, environmental light, and the face. Some algorithms implement color and light normalization, but this process can extend the time for verifying the identity of the user, also increasing false negatives and false positives.  Receiving more than one reference face information for a user can also fill the storage area.  In addition,  2-dimensional validations can be fooled easily with a passport photo. 

In 3D face recognition, optical scanners map the surface it scan. Because it requires more than one camera, it increases the cost. On the other hand, color, light, and perspective have no effect on 3D techniques. Because it performs multiple 2-dimensional analysis, it provides a more accurate authentication than a single two-dimensional image.

The effectiveness of all these systems can be measured. FAR (False  Acceptance Rate) is the rate of false detections caused by the system’s mapping of information to a person who is not present in the database and matching it to another person in the database. False Rejection Rate (FRR) is the rate at which the system cannot find the existing person in the database. The smaller the FAR and FRR values, the closer the system is to the ideal. There is an inverse ratio between FAR and FRR. Where the FAR and FRR are equal or (the area under which the FAR and  FRR curves are equal) is called EER (Equal Error Rate). The lower the EER value, the better the system.

3 Risk Factors Associated with Biometric Identification 

Most of the biometrics systems store the  user’s data  without  any  encryption  or hashing in order to be able to access them quickly. Furthermore, those systems can be rendered ineffective due to problems caused by it, or by intentional attacks, such as a product with a high FAR due to the poor quality of the parts used can verify the wrong person or a manipulation to the sensor or database, can add a person who should not be verified. At the same time, a data of a user previously registered to the system may be copied and presented to the system in different ways. Like using the passport-size photograph of the person in 2-dimensional face recognition. 

Due to problems with the Face ID technology of new iPhone devices, there have been instances where the phone can be opened by children or twins. Where physical access  to  the  device  is  possible,  malicious  users  may  modify  the  sensor  to authenticate it.  In the channels that provide  communication between  the system components, it can be performed covertly, the data can be manipulated by Man-in-the-middle attacks, brute-force attacks can be performed, the captured data can be authenticated using again and also artificial data can be generated for matching.

In the case of access to the database, the confidentiality and integrity of the data in particular are compromised. Reading unencrypted data can also mean access to personal data. Similarly, the attacker can read the data, access the templates, add his own information, or change data  for someone else.  By altering the link between identity and biometric, it can lead to an inability to authenticate. If access to decision and matching mechanisms is available, the degree of matching of the entered value can be changed, the previously entered value can be entered again or match results can be  tested and brute attack  attacks can be carried out.  In addition, biometric identification systems with automatic and unattended registration are always open and misleading identity. Any incorrect  information to be entered at the time of registration may result in misuse or may be matched with an accurate biometric, false identification. 

Despite these attacks, the first important security measure is to ensure the physical security of the system. At the same time, the information in the database must be stored or encrypted. In order to solve the problems in the channels, it should  be preferred that the  inter-component traffic flows. Unfortunately, all these features will  interfere  with the  performance of  the device  (or  system).  Each encryption processing  can  extend  the  time  during authentication,  even  at  machine  speed. However, such measures should be taken where security and identity certainty are necessary. In addition, it is recommended that biometric verification should be used as a secondary method rather than alone, because of such problems in biometric authentication. 

4. Risk Assessment and Reduction Methods 

In any technological intelligent systems, the risk assessment is extremely important in order to solve problems. The purpose of the risk assessment is to minimize the potential risks  by calculating the probability and  severity. In biometric systems, threat  sources  are  adversarial  (hackers)  and  non-adversarial  (human  errors, structural failures, or natural disasters).  It is possible to determine the probability and severity of the potential attacks by considering the result of figure 5.  

The risk of the given process should be known correctly to make a reliable decision. In Pokorádi article, a study on fuzzy logic based risk assessment is presented which can be used in the modern complex engineering system. In the article, the author classified  the  risk  possibilities  into  two  categories  according  to  their  severity (catastrophic, critical, moderate, and negligible) and probability (frequent, likely, occasional, seldom, unlikely). Table 1 shows the level of risk determination from the article. 

Many methods can be followed to ensure using biometrics effectively and minimize the risk of using it.  

The  first method,  encrypt templates  stored in  databases  and protect  them from attackers. Therefore, digital scales can be used as a key to encrypt data until they are used.  

The security and  authentication can  be performed using the watermark method, which  adds  some  additional information  to  the security  object.  This  extra bits addition provides security to the source object. On the other hand, the source object also causes some distortion. The watermarking method includes more information to the  database (data source, data  destination etc.)  within the  data itself (image, sound etc.) this inclusion may be apparent or invisible. The purpose of using the watermark in biometrics is to confirm the data source plus detection of any change may occur. 

The combination of several models, several sensors and multiple biotechnologies such as fingerprints and iris can significantly reduce risks. In addition, the use of more than  one biometric  image sample will  minimize the  validation process by doing more calculations. 

Conclusions 

In this paper, the authors present a brief overview of the hidden risks of biometric techniques, some  risk reduction  methods and  two of the most popular biometric technology fingerprint and face recognition technologies are discussed.  Biometric systems face many  security challenges  such as system  security itself, integrity, and reliability. There is a need for an information security research that addresses the specific problems of biometric systems, such as prevention of attacks based on the provision of false biometrics, reuse of previously captured biometric samples and the development of technologies.

References 

[1]  Rashid,  Rozeha  A., Nur  Hija  Mahalin,  Mohd  Adib  Sarijari,  and Ahmad Aizuddin Abdul Aziz: Security system using biometric technology: Design and implementation of Voice Recognition System (VRS), In Computer and Communication Engineering, 2008, ICCCE 2008, International Conference on, IEEE, 2008, pp. 898-902. 

[2]  A Jain, Anil K., Arun Ross, and Salil Prabhakar: An introduction to biometric recognition, IEEE Transactions on circuits and systems for video technology, Jan 4, 2004, pp. 4-20.  

[3]  Yager, Neil, and  Adnan Amin:  Fingerprint verification  based on  minutiae features: a review, Apr 1, 2004, pp. 94-113.  

[4]  Maltoni, Davide, Dario Maio, Anil K. Jain, and Salil Prabhaka: Handbook of fingerprint recognition, Springer Science & Business Media, Apr 21, 2009.  

[5]  Ballantyne, Michael, Robert S. Boyer, and Larry Hines: Woody bledsoe: His life and legacy, AI magazine, Mar 15, 1996, pp. 7-7.  

[6]  Jain,  Anil  K.,  and  Ajay  Kumar:  Biometric  recognition:  an  overview,  in Second generation biometrics: The ethical, legal and social context, Springer, 2012, pp. 49-79. 

[7]  Jain,  Anil  K.,  Arun  Ross,  and  Sharath  Pankanti:  Biometrics:  a  tool  for information  security,  IEEE  transactions  on  information  forensics  and security, 2006, pp. 125-143.  

[8]  El-Bakry, Hazem M., and Nikos Mastoraki: Personal identification through biometric technology, in 9th WSEAS International Conference on Applied Informatics and Communications (AIC09), Moscow, Russia, Aug 20, 2009, pp. 325-340. 

[9]  Sun,  Yunlian,  Man  Zhang,  Zhenan  Sun,  and  Tieniu  Tan:  Demographic analysis from biometric data: Achievements, challenges, and new frontiers, IEEE transactions on pattern analysis and machine intelligence, Feb 1, 2018, pp. 332-351.  

[10]  “Assured  enterprises:  Biometric  technology  cybersecurity,”  Biometric Technology  Now  at  Assured,  2018.  [Online].  Available: https://www.assured.enterprises/cyber-products/biometric-technology-cybersecurity/. [Accessed 11 12 2018].

Governmental Control and Citizen Rights:

Misuse of biometrics by governments can lead to the creation of a surveillance state, where individuals’ movements and activities are continuously monitored, compromising personal freedom and civil liberties. While biometric technologies can be effective in enhancing security, excessive governmental control and monitoring can erode trust, breed fear, and suppress dissent. The misuse of biometrics can allow governments to intrusively track individuals, stifling fundamental democratic principles.

Discrimination and Targeted Surveillance

Another significant concern related to the misuse of biometrics is the potential for discrimination and targeted surveillance. Biometric data, when inappropriately used, can contribute to the profiling of certain individuals or groups based on race, ethnicity, religion, or other characteristics. This can result in unfair treatment, social exclusion, and exacerbation of existing inequalities. It is crucial to ensure that biometric systems are implemented and regulated in a manner that safeguards against discrimination and protects the rights and dignity of all individuals.

Striking a Balance: Regulation and Transparency

Implementing Strict Legislative Frameworks

To mitigate the risks associated with the misuse of biometrics by governments, it is essential to establish robust regulatory frameworks that govern the collection, storage, and access to biometric data. Legislative measures should include clear guidelines on data retention periods, consent requirements, and limitations on the use of biometric information. These regulations should also address issues of transparency, accountability, and oversight to prevent abuse of power.

Public Awareness and Engagement

To mitigate the risks associated with the misuse of biometrics by governments, it is essential to establish robust regulatory frameworks that govern the collection, storage, and access to biometric data. Legislative measures should include clear guidelines on data retention periods, consent requirements, and limitations on the use of biometric information. These regulations should also address issues of transparency, accountability, and oversight to prevent abuse of power.

Discrimination and Targeted Surveillance

Another significant concern related to the misuse of biometrics is the potential for discrimination and targeted surveillance. Biometric data, when inappropriately used, can contribute to the profiling of certain individuals or groups based on race, ethnicity, religion, or other characteristics. This can result in unfair treatment, social exclusion, and exacerbation of existing inequalities. It is crucial to ensure that biometric systems are implemented and regulated in a manner that safeguards against discrimination and protects the rights and dignity of all individuals.

The potential misuse of biometrics by governments raises significant concerns regarding privacy, civil liberties, and discrimination. It is imperative to strike a delicate balance between security and individual rights by implementing comprehensive regulatory frameworks and promoting transparency. By doing so, societies can harness the benefits of biometric technology while safeguarding the essential principles that underpin democratic societies.

Biometrics Risk: What Could Possibly Go Wrong?

Biometrics technology has undoubtedly revolutionized the way we identify and authenticate individuals. However, like any other technology, it is not without its risks. So what are the potential risks associated with the use of biometrics, and how can we mitigate them?

Unauthorized Access and Data Breaches

One of the primary concerns when it comes to biometrics is the risk of unauthorized access and potential data breaches. Since biometric data is unique to each individual, a breach of this information can have severe implications. Unlike passwords or PINs, which can be changed, biometric data is permanent and cannot be easily modified. This means that if a hacker gains access to your biometric data, it could be compromised indefinitely.
To mitigate this risk, organizations implementing biometrics need to ensure robust security measures are in place. This includes encrypting biometric data during transmission and storage, implementing multi-factor authentication, and regularly updating security protocols to stay ahead of potential threats.

False Positives and False Negatives

Another risk associated with biometrics is the occurrence of false positives and false negatives. False positives occur when a system incorrectly identifies an individual as someone else, while false negatives happen when an individual is not recognized by the system despite being a legitimate user. Both scenarios can result in inconvenience and potentially compromise security.
To minimize these risks, biometric systems need to continuously improve their accuracy. This can be achieved through constant refining of algorithms and regular updates to adapt to various environmental conditions or changes in an individual’s physical characteristics.

Facial Recognition and Privacy Concerns

Facial recognition technology has gained significant traction in recent years, particularly in areas such as surveillance and law enforcement. While it offers countless benefits, the use of facial recognition also raises significant privacy concerns. This technology has the potential to track individuals’ movements without their consent, leading to mass surveillance and the violation of personal privacy.
To address these concerns, it is crucial to establish clear regulations and guidelines governing the use of facial recognition technology. Limitations on data retention, consent requirements, and transparency in how facial recognition data is collected and used can help strike a balance between security and privacy.

Imitation and Impersonation

Biometric data, such as fingerprints or voice patterns, can be imitated or manipulated. This opens the door to potential impersonation and fraudulent activities. As biometric data becomes more widely adopted for authentication purposes, the risk of individuals mimicking or altering someone’s biometric characteristics to gain unauthorized access also increases.
To combat this risk, biometric systems need to incorporate advanced anti-spoofing measures. These include liveness detection techniques to ensure that the presented biometric sample is from a live person and not a spoofed or manipulated source.

( https://www.infosecurity-magazine.com/news/nearly-90-of-firms-will-use/ )

Biometrics have traditionally been thought of as safer than other authentication methods, leading many businesses and organizations to move away from traditional options like passwords or adopt biometrics as a component of multi-factor authentication (MFA) protocols. However, treating biometric authentication as a cure-all for security woes poses significant concerns. Biometrics aren’t immune to attack and theft, and businesses seeking to incorporate this form of access control into their security strategies must consider the potential security and privacy risks of biometric authentication.

Compromised Enrollment

Accurate collection of biometric data is essential for its security as a method of authentication. From a practical standpoint, incorrectly capturing data can result in access problems down the line. If the original template is incomplete or conditions during use differ significantly from the conditions under which biometrics are collected, legitimate users may find themselves unable to access systems and resources.

The cybersecurity risk comes when hackers either commit fraud at the time of data collection or replace collected data with their own at a later time. This creates a scenario in which hackers can override the security of biometrics to access accounts with less risk of detection. 

Storage Risks

The act of storing biometric data puts it at risk, and although security protocols offer some level of protection, the thousands of data breaches occurring in the first half of 2019 clearly show many businesses and organizations don’t have a strong enough security place. Of the 3,813 incidents reported during this time, 149 were the result of “misconfigured databases and services.” Over 3.2 billion records were exposed in these breaches alone.

Ref: https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/?sh=13765082bd54

For hackers, finding an unsecured database is somewhat like being a kid in a candy store. If the database happens to be a central storage point for biometric identifiers, the results for users can be devastating. Sixty-three percent of IT professionals agree more transparency about how vendors collect biometric data is necessary so that users can be informed about the potential risks.

Privacy Problems

Biometrics collected for the purpose of authentication should, in theory, only be used to identify and verify the logins of legitimate users within a network. However, neither collection nor storage of biometrics is yet subject to strict regulation outside of the consent required by the GDPR, and not all organizations collecting such data are scrupulous in their actions.

Misuse of biometrics may include the unauthorized or unlawful sharing of information between third parties for use in marketing strategies or to determine specific personal details about individuals. This is especially concerning in the area of DNA profiles, which can reveal a significant amount of private information. Compromised DNA data could theoretically be used in a discriminatory manner unbeknownst to its owner.

Without strong regulations in place, there’s little to stop these troubling exploitations of biometric data, and users may not have legal recourse if they discover their information has been misused.

Potential Fixes for Security Concerns

What can businesses do to protect biometric data? One solution already being implemented is to store information on user-controlled devices. When users want to log into a system, they present their credentials through an app on a smartphone or tablet, which then authenticates the login and grants access. However, the potential for device theft or loss continues to represent a major flaw in this method.

Cancellable biometrics may offer an alternative and address concerns associated with the permanence of biometric data. In this method, identifiers are altered using complex mathematics into forms hackers can’t reverse. Should information become compromised during a breach, the altered biometric templates can be deleted and replaced. The algorithms can transform users’ biometrics in different ways to prevent the irreversible compromise of unique traits.

Despite an increased reliance on biometrics in business and personal use cases, 90% of business owners doubt the efficacy of these authenticators as a standalone security measure. Biometrics aren’t likely to push passwords into obsolescence any time soon, either. Only 23% of IT professionals say they think biometrics will completely replace passwords for authentication in the next two or three years, which means businesses must still seek robust security solutions for the near future.

No single authentication method can serve as a magic bullet to solve all security problems. As biometrics mature and authentication protocols become more sophisticated, hackers’ techniques are likely to continue to evolve in response. Businesses and organizations must look beyond the promise of a one-size-fits-all solution and create customized security plans incorporating strong authentication protocols and monitoring to ensure the highest level of protection for critical systems and data.

In cataloging the immutable physical characteristics of a person—finger and palm prints, iris scans, facial imagery, and DNA—biometric identification systems combine multiple identifiers to produce a more complete, accurate database of identity. U.S. forces began use of biometric identification systems in Kosovo in 2001, with the BAT, or the Biometric Automated Toolset. This device combined a laptop computer, fingerprint scanner, iris reader, and digital camera used in a sit-down setting. The immediate problem BAT attempted to solve was to verify the identity of local hires, to make sure someone deemed a bad hire at one base was kept out of other bases. 

HIIDES was first introduced in 2005, and in 2006 HIIDES-maker Viisage won a $10 million contract from the Department of Defense for the hand-held device, on the premise that it would collect multiple kinds of biometric information in one unit, and could do so in the field. The company touted the device “for mobile identification of individuals on the battlefield, at border checkpoints, in airports, in detention centers, and for checking individuals against known watch lists.”

By 2007, the device was in the hands of U.S. forces in Iraq, used to register and check the identities of candidates for police training. Individuals in the HIIDES database would be coded as green or red—green for friendly, red for a potential threat. Individuals could be enrolled in the database in a number of ways, as part of a job application, like with the Iraqi police, or by just passing through a checkpoint where soldiers were ID’ing people with HIIDES. The device could be used by soldiers on patrol, who found it more effective than asking for an identification card. In the chaos of post-invasion Iraq, HIIDES allowed the U.S. military to create from scratch a national identification system—one that could not be deceived by forged paperwork or stolen uniforms. Concerned that bases might be breached by hostile forces obtaining access as local workers, the U.S. military turned to HIIDES to ensure that only authorized and vetted people were allowed access. 

As the war on terror marched on, biometrics would play a key role in its administration. Once deployed in Afghanistan, HIIDES was used to confirm whether soldiers on the payroll of the Afghan National Defense Forces were showing up for duty—an effort to eliminate so-called “ghost soldiers.”

The use of biometric data in a national database sits at the center of a scathing look by the MIT Technology Review into the dangers of building such a database, and then having it fall into the hands of a victorious enemy. Building such a database would prove risky. As early as 2016, the Taliban used the government’s biometric system to identify members of Afghan security forces traveling on buses hijacked by the rebel group. When the Taliban took over last year, the database had only grown to include “details on the individuals’ military specialty and career trajectory, as well as sensitive relational data such as the names of their father, uncles, and grandfathers, as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment,” the MIT Technology Review reported.

In using biometrics to identify their enemies, the Taliban had ripped a page straight from the U.S. military’s playbook. “Knowing who belongs in a village—who they are, what they do, to whom they are related, and where they live — all helps to separate the locals from the insurgents.” The Commander’s Guide to Biometrics in Afghanistan, published in April 2011, observes. “Targeting is enhanced through the use of biometrics by positive identification of the target.” 

This is the crux of biometric data. In building a tool and a database that can permanently identify every person in that database, the risk lies entirely in how the group in possession of the database uses it. 

Knock-on consequences of biometric data collection 

The risks specific to the HIIDES device stems from its design requirements. Each HIIDES unit had finite memory capacity, with the data uploaded over secure internet connections to a central database. Storing many identities locally was an adaptation to unreliable or irregular access to internet infrastructure, making the tool useful in the field even when not online. Keeping the threshold for access below the level of classification and mandatory encryption meant that soldiers in the field could input data easily and that data could be combined with other entries without obstacle. It also meant that when the HIIDES unit and its database fell into enemy hands, there was little inherent in the technology to prevent access to the data.

When the use of biometric technologies in the war on terror was being debated, there was little recognition of its risks. “Biometric identifiers are the most secure and convenient way to authenticate and identify people because they cannot be borrowed, stolen, forgotten, or forged,” Sen. Dianne Feinstein said during a November 2001 hearing. “If government does not get involved to provide some order and structure,” Feinstein continued, “then the market will result in a gradual and uneven adoption of biometric identifiers that will continue to leave our country vulnerable to terrorist attack.”

The fail state, as the senator understood it 20 years ago, was not that the collected data would be used to cause harm, but that the implementation would be incomplete and harm would happen anyway. In the intervening two decades, the understanding of harm has instead shifted to what happens once the data is collected, and what rights to privacy people have regarding the collection and use of their biometric data.

Recognizing these harms, localities, nations, and international organizations have moved to restrict biometric data collection, retention, and uses. The European Union’s General Data Protection Regulation, which went into effect in May 2018, prohibits the processing of biometric data for the purpose of uniquely identifying an individual, except for in certain circumstances. The act, which also includes provisions regarding data storage and security, does not prevent companies or governments from collecting biometric data and using it. Instead, it mandates rules for how that data collection can take place, while still preserving the rights of an individual, and mitigating harm to those individuals from any lost or breached data. In 2008, Illinois passed the Biometric Information Privacy Act, becoming the first state to regulate biometric data. The act sets out three principles of biometric data collection: consent from individuals in the collection of the data, the destruction of biometric identifiers in a timely manner, and the secure storage of biometric data while held by companies.

The recent history of biometric identification systems has left most privacy activists convinced that the best way to prevent the harms of such systems is to not collect data in the first place. “Better protections on information and its uses can only go so far,” writes Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation. “In many instances, the only way to ensure that people are not made vulnerable by the misuse of private information is to limit, wherever possible, how much of it is collected in the first place.”

For the United States, a reliance on HIIDES-like systems, or biometrics in general, compounds the risk to allies and local partners in future counterinsurgency wars. Building a database to ensure the fixed identity of allies means creating a future weapon that can be used against them should the United States leave. Yet the benefits HIIDES offered for targeting and security purposes suggest that the military is likely to continue using such technology.

Threats common during counterinsurgency warfare, like attacks disguised as coming from local allies, erode trust between U.S. and local forces and make counterinsurgency operations untenable. Biometrics can mitigate such risks while the United States is still actively involved in the country, but collecting the data and failing to secure it creates a future vulnerability for local allies. Encrypting data in biometric identification devices and systems might make unintended uses of such data more difficult, but encrypting data is ultimately only one aspect of the data-protection regimes required to secure such sensitive data. 

Biometric data collection in war zones is designed as an expediency, meeting immediate security needs with the tools at hand. Yet the data collected in the name of an immediate security concern can endure beyond the war, and even decades-long conflicts eventually end. Policymakers looking to mitigate the harm from data collection tools in the future would be wise to look at the existing record of how captured data has been contributed to harm and mandate safeguards.

As such, she told the Hackney Foodbank that “as biometric data becomes increasingly valuable, the repercussions of your users’ biometric data being lost or stolen could be catastrophic.” That’s because she said that biometric data can’t be reset or changed like a password after the data is breached and stolen.

“It is for this reason that the legal threshold for processing biometric data must meet the strict requirement of necessity rather than of convenience,” Carlo added.

Biometrics, the method of using an individual’s unique physical or behavioral characteristics to verify their identity, meanwhile, is rapidly becoming a popular means of authentication. While biometric authentication offers several advantages over traditional password-based authentication, such as convenience, accuracy, and security, it also poses significant privacy risks.

One of the main privacy concerns associated with biometrics is the possibility of data breaches. In recent years, there have been numerous high-profile data breaches that have resulted in the theft of personal information, including biometric data. Unlike passwords, as Carlo pointed out, biometric data cannot be changed if compromised, making it a valuable target for cybercriminals. Once a person’s biometric data is stolen, it could potentially be used to impersonate them, gain access to sensitive information, or commit identity theft.

Another privacy risk associated with biometrics is the potential for surveillance and tracking. Biometric data can be used to track an individual’s movements, behavior, and activities, raising concerns about government or corporate surveillance. Moreover, biometric data could be used to create profiles of individuals, potentially leading to discrimination based on factors such as race, gender, or ethnicity.

Additionally, there are concerns about the accuracy of biometric systems, particularly when it comes to recognizing certain groups of people. For example, facial recognition technology has been shown to be less accurate when identifying people with darker skin tones or women, raising concerns about bias and discrimination. Inaccurate biometric systems could lead to false positives or false negatives, potentially causing harm to individuals who are wrongly identified or denied access to certain services.

Furthermore, there are concerns about the lack of regulation and standardization when it comes to biometric data collection and storage. Unlike other forms of personal data, there are no universal standards for biometric data, making it difficult to ensure that the data is being collected and stored securely. Additionally, there are no clear guidelines on how long biometric data should be stored or who should have access to it, raising concerns about the potential for misuse or abuse.

Technological advancements are one thing, but using them to control citizens or change their behaviors is unacceptable.

Source: Identity Management Institute, Newstarget, Brookings, Researchgate, 100percentfedup, FoxNews, Wiley online library, Thewire, Armstrong economics, Youtube, Linkedin, Twitter, Wikipedia