Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security The Courts

Do You Own Your Own Fingerprints? (bloomberg.com) 67

Slashdot reader schwit1 quotes an article from Bloomberg: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers -- voice, heartbeat, grip -- as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.

There's one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward... Under the Illinois law, companies must obtain written consent from customers before collecting their biometric data. They also must declare a point at which they'll destroy the data, and they must not sell it... "Social Security numbers, when compromised, can be changed," the law reads. "Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."

This discussion has been archived. No new comments can be posted.

Do You Own Your Own Fingerprints?

Comments Filter:
  • by Anonymous Coward

    The government can take your things, your land, and your life rather easily. You are just a pawn.

  • Of course you dont (Score:4, Informative)

    by Anonymous Coward on Saturday July 09, 2016 @11:46AM (#52478167)

    Once it's put into the system just assume everyone has access to it.

    Just because it's supposedly secure now doesn't mean someone wont in the future get in.

    • Access by hackers wasn't the issue at hand. Learn to read.
      • While that may not be the main point, that the law forbids companies from selling the data to others is meaningless due to hackers. I'm sure they'll use the latest security technology to protect the information, just as they with our passwords and credit cards.

  • Yes (Score:5, Funny)

    by Anonymous Coward on Saturday July 09, 2016 @11:46AM (#52478169)

    I'll give you my fingerprints when you pry them from my cold, dead hands.

    • The way to do biometrics right is to leave an actual piece of your hand, say a fingertip. Then when you go to the bank, they can match it to the stump.

  • Do café's need to get permission to take your entry glasses? Do photographers need permission to photograph a person's face and eyes?

    • i, a non expert, do not see much of a difficulty here is separating various kinds of data.

      restrictions on use depends on definition of biometric data.
      in this context data that allows verification of identity is meant. seems lawyers would have not much trouble in coming up with a workable definition.

      i suppose even use of an identity photo in proper context (inside card or passport) should indeed need permission.

      --
      btw i do think use of biometric data to versify identity is, and always will be, hig

    • by Threni ( 635302 )

      > Do cafÃf©'s need to get permission to take your entry glasses?

      When you're on their planet, yes.

  • But unfortunately there was a "breach" the other night, and it's all gone*..

    The check is in the mail :-)

    *Same MO for weapons transfers in the middle east to the "rebels".

  • They'll accuse you of stealing your own identity.
  • by prefec2 ( 875483 ) on Saturday July 09, 2016 @12:06PM (#52478269)

    In the EU the data is private and must be handled privately. It can also not been transported out of EU, except in other save countries. Surprisingly due to the PrivacyShield treaty the US is declared to be save. Unfortunately they have no such standards.

    • by Kindaian ( 577374 ) on Saturday July 09, 2016 @12:41PM (#52478373) Homepage

      Also, the EU regulations state that the data should be handled just to fulfull the requirements of the service rendered.

      Additionally, if the data is exported to the US it still needs to comply with all EU regulations. The fact that the data moved to a different country has no bearings on what the companies can do with it (they still need to apply the EU regulations).

      And if they use 3rd party services for some internal processes that have access to the data, those 3rd party also need to comply.

      It is not a "out-of-eu regulation" free card.

  • by Jack9 ( 11421 ) on Saturday July 09, 2016 @12:09PM (#52478273)

    Currently, that appears to depend on where you live and the laws of that land.

    If a fingerprint is recorded as a pattern, can you own that pattern? The answer is no. Practically and legally in the US.
    Then an alternate pattern (approximation) will be used and so on...

    What about your DNA sequence? What about your hair after a haircut? The answer is no over a long enough time period. Nothing about you will be deemed to be owned by you until the state has ruled it so and then the state ignores that ruling anyway in the interest of convenience or justice or whatever reason dejour until the concept fades. Get used to it, make your money where you can in the meantime, copyright your fingerprints.

    • If a fingerprint is recorded as a pattern, can you own that pattern? The answer is no. Practically and legally in the US. Then an alternate pattern (approximation) will be used and so on...

      Actually you can own a pattern, apply for a trademark using the print pattern. Then legally defend the hell out of it. Even the approximation of your pattern can be considered infringement on likeness of your trademark. IANAL

      • Trademarks allow you to identify your products. It is only "infringing" if people use your trademark to identifying other goods. Beyond that, you have no control over how your trademark is copied or stored.

    • In the US at least the state can demand you to give your fingerprints to them: http://www.androidcentral.com/... [androidcentral.com]
      That doesn't mean you don't own if of course. But what is owning?

  • your fingerprints AND your DNA are subject to collection/confiscation/confinement.
  • Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.

    Well, it is entirely clear what rights people have to protect their scans of their retinas or the contours of their face from cataloging by the public sector: none right now.

  • The FBI certainly has no intent to limit their access to just your fingerprints. See for instance https://privacysos.org/blog/fb... [privacysos.org].
    Got that link from this interview here http://scotthorton.org/intervi... [scotthorton.org] .
    So I don't know what currently happens to the fingerprint you're using to log in but I'm pretty sure it's soon all going into a central database - and from there to other databases of people with nothing but the best intentions.

  • Authentication tools? If company X has your fingerprint data to "secure" your data (and does so poorly) - what happens when they get hacked and that data is used against company Y and Z? You can't request new fingerprint or biometric data
  • Fingerprints should never be shared with any other party unless mandate by the law, like after being convicted of felony and being jailed.

    Actually, this whole race for biometrics security is flawn. What parties want, is a way to make sure you are who you claim you are. For that purpose, they do not need to store your actual fingerprints to compare and match. They just need a digital signature which you can conveniently produce from your fingerprints without sending the fingerprints or features of your finge

  • Stop using them (Score:5, Interesting)

    by markdavis ( 642305 ) on Saturday July 09, 2016 @01:50PM (#52478657)

    >"Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."

    Which is why fingerprints should never be used for biometrics.

    Using fingerprints and allowing a third-party to have access to that data is unacceptable. Fingerprints are left everywhere and can be collected and accessed without your permission. Once collected, that data will NEVER be erased or restricted, regardless of claims or laws. They will like go or leak into huge databases and shared between various government agencies and used however they want for as long as they want. With every crime investigation, you will be searched without probable cause.

    There is only one safer and practical biometric I know of- that is deep vein palm scan. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of the biometric all over the place. When you go to use it, you know you are using it every time. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using.

    Example: http://www.m2sys.com/palm-vein... [m2sys.com]

    We all need to realize that IT IS NOT EVERYONE'S BUSINESS WHAT WE ALL DO. And you can't trust latent biometrics with security.

  • To answer the question of the original topical question with an actual solution:

    Yes, and you should own ALL of your personal information. You should be able to store it where you want it and ANY use of your personal information should be according to your preferences. Retention of someone else's personal information without their permission should be regarded as a crime, and when that information is held without permission by a government authority, it should be regarded as a violation of the Fourth Amendme

    • Of course we must keep our personal information in secret. But how protect it? Multiple antiviruses, VPN services and secure browsers assure us in absolute safety. Can we believe providers? And what we must do with fingerprints? Wipe fingerprints off any spot we touched? I think that in modern world a person can’t be invisible and feel secure.
  • by stooo ( 2202012 )

    Normally, with a question in the title, the broadly valid answer is "No"
    But this is an exception.

  • The problem I always had with biometrics, specially in articles saying they should completely replace passwords and whatnot, is exactly that: they are uniquelly identifiable and non-exchangeable. We all know well enough that biometrics are far from being as secure as their evangelists will tell you, plenty of fingerprint scanners have been cracked, yet every now and then I'll read once again in some superficial, when not sponsored, article how biometrics are going to replace everything because they are impo

One good suit is worth a thousand resumes.

Working...