A Northwest Airlines agent greeted a passenger in a frequent-flier security express program -- overseen by the Transportation Security Administration in 2004 -- that entailed fingerprinting, iris scans and background checks at Minneapolis-St. Paul International Airport. Associated Press file photo by Jim Mone
As technology makes life richer and easier, we leave a trail of information
that is susceptible to prying eyes
Within the next four months, a major Bay Area supermarket chain plans to introduce
a payment system that uses biometric fingerprint authentication to verify customers'
identities. Under this system, shoppers in checkout lines won't need to use
cash, checks, debit cards or credit cards. Instead, they can place their fingers
on scanners that read fingerprints, and once the device links to their bank
or credit card accounts, they can buy groceries, get cash back and do everything
else shoppers do.
The system is already used in cities around the United States, including Portland,
Ore., and Chicago, where one shopper says it has changed his life for the better.
Linc Thelen, a 37-year-old interior designer, says the fingerprint system --
known commercially as Pay By Touch -- is convenient to use and expedites his
way through grocery lines at Jewel-Osco, where he shops. Thelen says the system
lets people leave their wallets behind, so they don't have to worry about being
robbed or losing their credit cards.
At El Camino Hospital in Mountain View, a medical supply cabinet requires a thumbprint from an authorized user to open. Chronicle file photo, 2004, by Liz Hafalia
"I had no reservation," Thelen said in a phone interview. "It's
a safe way to store information."
But no system is 100 percent foolproof.
Despite the fact that armed men guard the computers that store the customers'
virtual fingerprints, despite the fact that Bank of America's former security
chief now heads Pay By Touch's security division, and despite the fact that
Pay By Touch hires people to try to expose vulnerabilities in its computer system
(so those vulnerabilities can be eliminated), Pay By Touch President John Morris
acknowledges that "it's not impossible" for computer hackers to figure
out how to tamper with its information.
And therein lies one of the 21st century's most vexing problems: More and more
of our personal data are captured and stored by corporate and government interests,
and are potentially available to anyone with the technological, legal or financial
means to access that information.
Whether it's phone calls we make, library books we check out, CDs we buy on
the Internet or divorces we finalize in court, we leave a trail of information
that becomes susceptible to prying eyes. For the price of a bus pass, you can
pay a company to supply anyone's address, phone number, political affiliation,
estimated income and property history. For $20 more, you can find out if that
person is married or divorced, has a criminal record, and what sort of jobs
he or she has worked.
Sen. Hillary Clinton, D-N.Y., says she will introduce a "privacy bill
of rights" because identity theft and security failures of personal records
have become "one of the most important issues facing us as individuals
and as a nation."
The availability of personal information -- downloadable onto laptop computers,
which are increasingly being fitted with fingerprint technology -- is changing
the culture in ways that may seem trivial but are really benchmarks for a new
society already in its formative stages.
An HP laptop computer uses biometric fingerprint technology to prevent unauthorized users from logging on. File photo, 2005, courtesy of Hewlett-Packard
A small example: Unbeknownst to the men who date her, Judy runs background
checks on all of them, using a private investigator to dig out any "red
flags" that would presage troubling behavior. A businesswoman in Southern
California, Judy, 50, uses a company called DateSmart, whose client base has
boomed in the past five years as more people confront the perils of online dating.
"I'm glad the information is out there," says Judy, who did not want
her last name used because of concerns her suitors would read this article.
"The men I'm talking to online are complete strangers. And I have absolutely
no knowledge of their character other than what they're saying in their profiles.
I need to feel comfortable knowing that they're not an ax murderer. The people
you meet might be well dressed, but you never know if they have any criminal
history. It's for (my) safety."
Background checks are nothing new. What's changed are the speed with which
you can obtain them, their relatively small price (some companies advertise
free checks) and their growing public acceptance. The information revolution
has transformed the background check into a common and casual tool, and those
being scrutinized probably don't have a clue. More obvious are the security
cameras embedded in nearly every major American city, including New York, Milwaukee,
Chicago, Atlanta, Los Angeles and, yes, San Francisco, where lenses record people's
activities in such crime-ridden neighborhoods as Bayview-Hunters Point and the
Western Addition. The spread of these cameras is championed by authorities,
who say it reduces criminal activity, and criticized by the ACLU, which says
the equipment is an unnecessary intrusion into public spaces.
Civil liberties groups have joined the widespread outcry against the government's
monitoring of Americans' phone-call records. Two weeks ago in federal court,
the ACLU challenged the legal rationale behind the National Security Agency
program, arguing that the NSA's actions -- involving "data mining"
of records provided by AT&T and other telephone companies -- violate Americans'
rights to free speech and privacy as guaranteed under the First and Fourth Amendments.
Last week, privacy experts raised questions about the U.S. government's monitoring
of international bank transfers -- previously secret data surveillance officials
say is justified by the fight against terrorism.
Americans' rights to privacy will be tested even more in the next few years
as biometric technology creeps increasingly into everyday arenas. For example,
on the campus of UC San Diego, biometric experts are testing a soda machine
that uses both fingerprint and face-recognition technology. The machine is in
a lounge for grad students in UC San Diego's computer science building.
"The students are very excited about getting it working," Serge Belongie,
a UC San Diego associate professor of computer science, says in a phone interview.
"People think it's very cool. ... No one uses money. They have accounts.
What would be fun is if (the machine) recognizes you and says, 'Would you like
your usual?' "
If UC San Diego students are reluctant to use the machine, their privacy concerns
are outweighed by convenience -- a sentiment echoed in survey after survey on
biometric technology. In March, Unisys Corp. released a report on public perception
of "identity management" that said convenience and efficiency were
the two biggest reasons consumers would use biometric technology. (The most
preferred biometric methods are fingerprints and voice recognition, according
to the survey. The least preferred, because of its perceived intrusiveness,
is an iris or eye scan.)
Two of the biggest turnoffs for those who shun biometric technology: suspicion
of how the technology works and loss of privacy. Among respondents from North
America, just 56 percent said they'd be willing to share their fingerprint with
a government organization such as a post office or tax authority. Among respondents
from the Asia-Pacific region, 71 percent said they'd share their fingerprint
with the government.
"As consumer confidence grows in the large-scale usage of (biometric technology)
and standards are more generally comfortably adopted, you're going to see a
pretty rapid migration" to it, says Mark Cohn, Unisys vice president for
homeland security solutions.
Cohn, a principal architect of the Department of Homeland Security's US-VISIT
Exit system, which uses fingerprint technology to run background checks on visa
applicants and verify their entry to and arrival from the United States, says
Malaysia offers a preview of how the United States may change in the coming
Since 2001, the Malay government has issued a biometric "multipurpose
card" to Malaysians 12 years and older. The card, which features a thumbprint
and photograph, acts as a passport, driver's license, ATM card, toll and parking
pass, and medical record that lists blood type and any allergies.
The card is convenient to use -- but it's a nightmare for Malaysians who lose
it or have it stolen. Crime syndicates in Malaysia have altered cards with different
photographs and used them to give members new identities, though the Malay government
insists these identity thieves can't access the original cardholders' personal
information. Special chip technology and other password features prevent this,
they say. Also, the cardholder's fingerprint -- rather than being visible on
the card -- is encrypted in the card itself: To reveal the fingerprint, the
card must be inserted into a special biometric device that compares the encrypted
print with that of the person claiming to be the cardholder.
For anyone who has read Orwell's "Nineteen Eighty-Four," where "telescreens"
keep track of people's lives, this new biometric technology will seem like fiction
come to life. It's showing up everywhere. By the end of this year, U.S. passport
agencies hope to issue "electronic passports" with computer chips
that have digital photos of the holders. With the help of face-recognition machines,
airport security can compare a photo with the face of the passport holder. For
two years, an American corporation, VeriChip, has sold government-approved electronic
chips that are inserted under people's skin to give doctors instant access to
patients' medical histories.
In 2008, as mandated by the Real ID Act, states plan to issue driver's licenses
linked to a database that includes each license holder's photo and Social Security
number. These licenses (civil liberties groups call them national identity cards)
will likely include a biometric photo of the driver accessible by authorities.
In the meantime, banks are considering using iris scans and even palm scans
at ATMs in an effort to cut down on fraud. (In 1999, Bank United in Texas adopted
iris-scan technology at three of its ATMs in a test that was discontinued when
Washington Mutual took over the bank.)
Some people love the new technology. Others shun it.
Pay By Touch admits it has encountered some resistance among shoppers it approached
in supermarkets that already use the company's fingerprint service. But Morris,
its president, says many of these customers are quickly won over by the convenience
of Pay By Touch, which is free for consumers, and that the company keeps data
points based on users' fingerprints, not actual fingerprints. So far, supermarkets
in 40 states use the Pay By Touch system.
Pay By Touch, which is based in San Francisco, wouldn't say which Bay Area
supermarket chain will start using its fingerprint system in the next four months
-- only that the chain will use the system in just a handful of its Bay Area
stores. Pay By Touch users sign up voluntarily and are under no obligation to
use it at the checkout line.
Pay By Touch says it takes great care to safeguard its users' data. After fingerprints
are converted into algorithms, they're encrypted, then stored in IBM computers.
Those algorithms can't be reconverted into an exact copy of the fingerprint,
though Pay By Touch may eventually store users' actual fingerprints if the technology
improves, Morris says. The company insists it will never sell users' personal
information or fingerprints to anyone else -- a pledge that's backed up in writing
when users sign up with the company. But what if federal authorities, citing
national security, insist on the finger scan and payment history of a Pay By
Pam Dixon, who heads the World Privacy Forum, a public research group, went
to Chicago to warn potential Pay By Touch users about possible dangers.
"It didn't stick," she says. "People were (more) concerned with
(convenience than) the potential risks. People can put their thumb on a pad
and be done with it. But meanwhile, their biometric data is sitting with another
company, a third party, that's subject to subpoena. One argument that I made:
Let's say that every supermarket in the country, particularly the large chains,
(use) a biometric payment system. It's a law enforcement dream because who needs
a biometric database run by the U.S. government when you've got one being run
by private companies?"
Citing the recent disclosure by the Veterans Administration, which said a computer
with credit information on millions of veterans had been stolen, Dixon says,
"The second issue is information security. If the VA can't keep its records
secure, which is a government agency that has all sorts of strict controls that
are supposed to be in place, how on Earth can a private company without the
resources of something like the VA manage to keep something secure? When we
have a credit card stolen, we can call the credit card company and say, 'Give
me a new number.' But you can't do that with your biometric. You can't say,
'Give me a new fingerprint.' "
Morris dismisses such concerns, saying that Pay By Touch will actually decrease
the likelihood that consumers' credit information is stolen or misappropriated.
"I think (Pay By Touch users) get pretty rapidly that it's the ultimate
way to secure their private data," he says. "It connects (their accounts)
to something that's uniquely them, as opposed to handing a credit card over
to a stranger or writing a personal check that seven or eight humans touch before
it gets in their statement. Securing information by a biometric is a giant leap
forward. (Users) like that they don't have to pull their card out anymore. They
(tell us they) like that they don't have to carry their (purses or wallets)
through the parking lot of an urban supermarket. There's a physical security
benefit. Their numbers are never displayed. The safety of securing their data
is the No. 1 thing they like."
The marketplace will determine whether the public is ready to accept commercial
fingerprint identification. Investors in Pay By Touch believe that day is here,
capitalizing the company with $190 million in the past 12 months. More than
2.5 million shoppers already use the Pay By Touch system. Morris envisions a
day when all stores -- even mom-and-pop ones -- offer a Pay By Touch option.
Soon, customers will be able to use Pay By Touch from home with the help of
fingerprint readers attached to their computers. In ancient China, rulers would
put their fingerprints on documents to give them an official seal. Artists would
also mark their work with prints. It wasn't until the late 1800s that authorities
realized they could use fingerprints to catch criminals. Their evolution as
a way to pay for groceries is a 21st century twist fueled by technology. It's
also a trade-off between privacy and convenience. Welcome to the brave new world
in Aisle 5.
E-mail Jonathan Curiel at
Read from Looking Glass News
need not be paranoid to fear RFID
How Major Corporations and Government Plan to Track Your Every Move with RFID
US passports to be RFID chipped
State Technology: Implanting a GPS-microchip in the body of a human being, using
a high powered sniper rifle
Levi's Brand Jean Now In US
for All: Tommy Thompson Has Gone Insane
SECURITY WANTS TO TRACK SPYCHIPS IN MOVING CARS
How Major Corporations and Government Plan to Track Your Every Move with RFID
to test ID chip in patients
chips called a danger to privacy
approves injecting ID chips in patients
surveillance outfit chips workers