Current Event: California IDs to have biometrics? The DMV hopes so!
It seems that in addition to the recently released biometric IDs in the UK, the California Department of Motor Vehicles seems to have recently tried to set up biometric IDs as well. In an otherwise innocuous vendor contract, the DMV included a proposal to create a new governmental database containing facial and fingerprint data. This situation is apparently worsened in light of the fact that the California legislature has not looked highly upon biometrics in the past, so it seems the DMV may have been trying to bypass the legislature entirely.
This event is a byproduct of the conflict between rising popularity of biometric identification and rising concerns for the security of such information. Biometric IDs present a variety of potential benefits, including resistance to fraud, a reduction in errors when verifying the cardholder, etc. But this technology is rising much faster than legislation has been able to keep up with, and the security of these IDs, this database, and this system have not been verified. The DMV clearly should have opened up the system to security professionals, and allow the system to be voted on by the public, if it was determined to proceed with biometric identification. It is not clear that biometric identification is needed in this situation, and if it is not needed, it is probably wise to avoid it. The DMV should recognize that it is treading on thin ice and take the issue to the legislature. It, and the California public, should thoroughly weigh the benefits of biometric identification with the privacy risks of such a system. It may be the case that this gets passed, but it should at least be with the consent of those it’s going to affect.
This is just one more development in the overall issue of biometric identification. The problem is that the security key in the system is no longer just a number or string which can easily be changed, if the data falls into the wrong hands the victim has no reasonable recourse. The technology is tempting because it can be automated, computerized, and archived, but we may find in the coming years that this new culture of archival is something we wish we had not created. The era of anonymity (or some reasonable approximation) on the internet is drawing to a close, and it seems like biometrics are the the beginning of the end for the real world. It may be soon that every person’s fingerprints, facial features, and entire genome are known by the state. The problem is that fingerprints, facial recognition, and DNA are viewed as absolute determiners which are able to distinguish perfectly. Is the suspect guilty? Is the card-holder the card-owner? But until we accept that this information may be just one more useful factor in helping answer these questions (and one that requires quite a sacrifice of privacy), biometric identification will continue to be the center of an ongoing debate: How much privacy should we sacrifice for security?