By David Franke
© 1999

WASHINGTON — Please, don’t even whisper the words “Big Brother” in
their presence. It gives these gentle folk heartburn.

They’re the officers of the International Biometric Industry
Association (IBIA), a spanking-new Washington, D.C.-based trade
association. They held a press conference yesterday to let you know they
exist, and to assure you they’ve got your best interests — your
convenience, your privacy — at heart.

Biometrics are all those new technologies that make sure you are who
you say you are, by scanning the iris of your eye (no poking allowed),
reading your palm (I see an FBI checkpoint in your future), or listening
to your voice (now tell it to the judge). If you watch “The X-Files,”
you know what I’m talking about.

As the new kids on the technology block, they don’t want to end up
like the nuclear power industry. Let’s face it, you meet a nuclear plant
technician today and all your eye sees is Homer Simpson. These IBIA guys
want some respect.

That’s why their first public campaign is a PR blitz announcing their
“IBIA Privacy Principles.” It reads like the Boy Scout oath, and it’s
vague enough and has enough loopholes so even Bill Clinton could sign
off on it.

Example — IBIA Privacy Principle #3: “In the public sector, IBIA
believes that clear legal standards should be developed to carefully
define and limit the conditions under which agencies of national
security and law enforcement may acquire, access, store, and use
biometric data.”

Bill Clinton: “But until those legal standards are developed,
I’m going to make sure that Janet Reno knows more about you than your

You can see the problem these IBIA guys face. Their technologies may
be every bit as wonderful as they say they are, but those technologies
are not being bought by saints in a monastery, but by government
agencies and big businessmen. And we live in an era when the head of the
government is a congenital liar, and his business friends tell us not to
worry that the Red Chinese now have the missile technology to destroy us
— they got a good deal, after all, and what’s good for Promiscuous
Missile Technology, Inc., is good for America.

Their Side of the Story …

OK, I’ve had my fun, and these IBIA guys are used to smart-aleck
journalists like me who resort to scare headlines (oops!) or
irreverently poke fun at them (double oops!). But they do have some
serious points to make, and we should consider their arguments, always
keeping in mind the obvious self-interest involved. If history teaches
us anything (a doubtful premise, I admit), it’s the difficulty —
really, the impossibility — of keeping new technology bottled up in a
Mason jar under the kitchen sink. Sooner or later, we have to face up to
the nitty-gritty problems posed by the new technology, and that’s when
the heavy negotiations start.

To begin with, the IBIA sees biometric technologies as less invasive
of your privacy than what we’ve got now — and a lot more convenient and

The core of your “identity” today is probably your driver’s license,
your Social Security number, and your credit cards and credit records.
Your Social Security number is probably implanted in your memory by now,
but the license and cards are in your billfold or purse. They go where
you go, and if you want to participate in the joys of modern life you
have to present them a number of times every day. Moreover, they’re
rather easily stolen by someone who doesn’t have your best interests at
heart. And if you think you have any privacy left today, with all
those numbers in circulation, hire a private eye to get the dirt on
someone you really hate.

The overwhelming majority of biometric applications, on the other
hand, are site specific — they don’t follow you around. You look into
the iris scanner, or put your hand palm-down on the machine, or speak
your name, and if you are who you say you are, you’re allowed to get
through the security checkpoint, or to access your financial records, or
to enter the members-only site on the Internet.

Since every iris, every palm, every voice is unique, you’ve
drastically reduced the chance of someone stealing your identity.

No more pin numbers, no more passwords and userwords to remember — a
BIG convenience.

Most importantly, the biometric device and technique you’re utilizing
is limited to storing just enough digitized data on you to prove your
identity so you can do what you want to do — whether it’s
performing your job, checking your bank records, or accessing your
favorite adults-only electronic site. The biometric device cannot take a
picture of you, it cannot “network” by sharing information about you
with other people in other locations, and the device cannot be
reconstructed, decrypted, or reverse engineered to do any of those

“Used this way,” says IBIA, “biometrics can be thought of as a very
secure key, but one that cannot be passed on to someone else. Unless
this biometric gate is unlocked by the proper bearer, no one can gain
access to that person’s information. Compared to other methods of
establishing who you are — producing a driver’s license, showing a
birth certificate, or revealing one’s family history — biometrics are
the only tools that can enhance personal privacy and still deliver
effective solutions in situations that require confirmation of

“We also see our role as working with the privacy
organizations,” IBIA executive director Richard E. Norton told me. “This
doesn’t have to be confrontational.” The first person listed on the
trade group’s “Independent Advisory Committee” is Simon Davies, director
of Privacy International and visiting fellow at the London School of
Economics. He’s described as a “leading advocate of privacy in

So far, so good — at least according to the gospel as presented by
IBIA (and I will be the first to admit that, at this point in time, my
knowledge of biometrics is limited to what I’ve seen on “The

So What’s the Problem?

Remember that the types of biometric uses I’ve presented above
represent the “overwhelming majority” of applications expected in the
future. But not all. Combine the site-specific technology with a
database, and it can be an entirely different ballgame.

“What happens if one of your members breaks your rules?” the IBIA
officers were asked at their press conference.

“These things are exceedingly difficult to enforce,” admitted IBIA
Vice Chairman John E. Siedlarz, who also is president and CEO of
IriScan, Inc. “Once our technology is in the hands of other parties,
there’s no way we can control them.”

“And remember,” he added, “we’re a very young trade group. We
haven’t set up an oversight committee yet.”

William W. Wilson, chairman of IBIA and managing director of
Recognition Systems, Inc., added his bit: “When somebody wants to join
us, we will require them to look at our principles and agree to them.”

That should keep the scoundrels out.

Joseph J. Atick, IBIA’s secretary as well as president and CEO of
Visionics Corporation, responded to my suspicion that some people in
government might not play by the Boy Scout rules presented by IBIA:
“Biometrics technology by itself — apart from databases — doesn’t give
you a means of invading someone’s privacy. And existing law prevents the
government from building databases of law-abiding citizens.”

Well, that certainly took care of my concerns. The government
flouts our motherboard — the U.S. Constitution — every day of the
year, but it wouldn’t dare violate that law. And certainly not with
watchdogs Bill Clinton and Janet Reno at the helm!

In an odd sort of way, the most comforting thing about the IBIA is
how very typical it is of business trade associations generically. Get
too close to a trade group’s spokesman and he’ll have his right hand
resting over his heart as he recites the Pledge to Free Enterprise —
and his left hand in your pocket.

Thus on page 4 of IBIA’s “Prospectus for Charter Members” we have
this paean to free trade: “Members are committed to the principles of
free trade and open competition in the worldwide biometric marketplace.”
Then, on the very next page, we read: “IBIA will undertake to persuade
governments to expand tax incentives, grants, and subsidies routinely
available to other high-tech industries. …”

They’re not after your privacy — just your tax dollars! Whew, what a

Note: Read our discussion guidelines before commenting.