Sharing Biometrics

Biometric Attendance System in the company & concerns:

• Data Security:
  The data stored in a biometric database is far more intimate and personal than any other kind of data. You can change your proxy identities like passwords, signatures, cellphone numbers etc., but you can’t change your absolute identities i.e. fingerprints, voiceprints, retina scan and DNA. This means that once your biometric data has been compromised, there will be no going back. The probability of data theft might be very low, but the cost of compromise is massive.
  
  Now, how safe is the stored biometric data?
  
  After I discussed with the techies at Absolutdata, even they have expressed concerns on hacking of data, in case someone internally hacks the internal server via the biometric device. Biometric devices are instruments delivering added security check functions over traditional methods and these devices can be hack-proof, if the process of exploiting vulnerabilities to gain unauthorized access to systems or resources, is taken care of. With liveliness detection, iris biometric devices are far more hack-proof than fingerprint devices. Even Pentagon has been hacked. Theoretically, a biometric device can internally store or copy fingerprints or iris scans. Depending upon the use-case and ecosystem, a biometric device can internally store templates. Here are the views of Pranesh Prakash (Policy Director, The Centre for Internet & Society), Umesh Panchal (Vice-President, Biomatiques Identification Solutions), Bryce Boland (Chief Technology Officer-Asia Pacific, FireEye), Rajesh Babu (CEO, Mirox Cyber Security & Technology):
  https://www.livemint.com/Money/YD7dqEVRJbrqoAs3h4PuJO/Are-biometrics-hackproof.html
  
  For a consumer, the device security is determined by the certification it holds from the competent certification authority.
  
  Here are some of noteworthy instances of data security breach:
• The Aadhar data of 135 million citizens have been leaked online, claims a CIS (Centre for Internet and Society) report.
  https://cis-india.org/internet-governance/news/times-of-india-may-5-2017-aadhaar-numbers-of-135-mn-may-have-leaked-claims-cis-report
• Provident Fund Portal Hacked, 2.7 Crore People Face Data Theft
  https://www.ndtv.com/india-news/provident-fund-portal-hacked-2-7-crore-people-face-data-theft-1846218

 

• Potential Misuse of Stolen Biometric Data
  Once your face, iris or DNA profile becomes a digital file, that file will be difficult to protect. As the recent NSA revelations have made clear, the boundary between commercial and government data is porous at best. Biometricidentifiers could also be stolen. It's easy to replace a swiped credit card, but good luck changing the patterns on your iris. Identity theft, fraud and terrorism are real problems. Used properly, biometrics could help protect against them. But the potential for misuse is glaringly obvious. For more information, please visit:
  https://www.scientificamerican.com/article/biometric-security-poses-huge-privacy-risks/

 

• Encroachment of One’s Privacy and Legal Implications:
  The primary reason which was told to us was the erstwhile attendance system required the hardware upgrade, and also the fact that multiple other firms like IBM, ICICI, L&T, Cult Fitness, Zomato, Hines etc. have moved to biometricattendance system. But, none of the stakeholders discussed the drawbacks/issues with the hardware upgrade. Besides, if some of the renowned MNCs move to biometric attendance system, it doesn’t imply they are doing it the right way.
  
  And, the majority of the employees of such firms did not express any resistance to this probably because of the following reasons:
• There might be people who did not care, who haven’t considered about the imminent pros and cons
• There might be people who cared, and they considered about the pros and cons, and gave in to the organization because everybody else is doing so and they could not afford to go against the organization
• There might be people who cared, and they considered about the pros and cons of the present, and they don’t have the distant vision to see its implications in the long term (say 20 years hence). Let’s say, some key institutions like Banks ask for fingerprints for carrying out a transaction, then our absolute identity will become very crucial. So, now, it’s like sharing your absolute passwords with organization, which when compromised, would incur enormous loss to the victims.

Due to the advent of new technologies and policies by the government, there are chances that fingerprints/retina scans may be used to access bank accounts etc. in future. In that case, one will be wary of sharing one’s very personal identity to anyone, let alone Absolutdata. And, where is the end to this encroachment on the privacy of employees? Tomorrow, if fingerprint system fails (e.g. use of latex gloves with someone else’s fingerprints), will we go for retina scan?

On the other hand, there are multiple examples of other firms which have rolled back the biometric system, allowed parallel attendance etc.:

• After they realized the importance of privacy of their employees, Nestlé (Mumbai office) has allowed parallel access facility(which included both access card and biometric punching) to its employees
• After the employees raised similar concerns, HCL Technologies have rolled back the biometric attendance system
• Incedo (Gurgaon office) has gone back to the access-card punching system, realizing the cost of privacy of employees.

Even if the data is very safe, as an individual, it should be one’s right to share their personal information (under the Fundamental Right to Privacy Act of Article 21 of Indian Constitution). They have the choice to either disclose to others or retain their personal (especially that is absolute) information with themselves. Some Public Interest Litigations (PILs) have been filed in the past, e.g. after the protests by DU teachers, doctors in Chennai etc. on the introduction of biometric attendance system in their organizations. 

 

• Pros and Cons of Biometric Attendance System
  Undoubtedly, Biometric Attendance System brings in more convenience to both the employees and the overseer alike. The invigilator need not look into the instances of tailgating that closely, as the employees will use their absolute identity. A slightly more convenient option for someone who forgets to bring their access card along.
  
  But on the other hand, I think there is some merit in evaluating the erstwhile attendance system in retrospect. For this let’s question ourselves: Why do we need fingerprints for the maintenance of attendance? Is it worth the effort in the first place?
  
  In order to make the erstwhile access-card-punch system more robust, effective and resilient to tailgating or other such malpractices, conducting random audits once in a quarter and imposing very heavy penalty on non-compliance would have been more fruitful. There have been instances wherein the HR department had issued warning letters to the offenders in-person. Creating such deterrents would be very effective, but the masses need to be categorically aware of the consequences of illicit acts beforehand.
  
  Besides, there are ways with which one is still likely to trespass the biometric system. Polymer films, resin adhesives, latex gloves etc. can be used to forge the fingerprints at almost nominal cost (<₹200). CCTV surveillance and manual supervision by the guards will still be required. For further reading on instances of tricking the biometric system:
• https://www.hindustantimes.com/mumbai-news/you-will-be-glued-to-this-mumbai-college-s-students-trick-biometric-system/story-W64f1jdMtecxKDml2DakeI.html
• http://www.instructables.com/id/How-To-Fool-a-Fingerprint-Security-System-As-Easy-/

Eliciting biometric information, which is so personal, for the sake of attesting the attendance is a big ask and it holds minor importance, when compared to tackling problems, like terrorism, where national security is at risk. People even who are opposed to the idea of sharing their biometric information with organizations, may like to share the same for the sake of national security.

 

• A Win-Win Alternative
• Allowing Parallel Access Facility 
  Those who are willing to share their fingerprints can use the current system, and the rest can use the access card. And, anyways, some of the temporary employees, physically handicapped employees etc. have been allowed to use their cards. Even if it calls for audits, the sample of people to supervise will be far less than what used to be before. So, it wouldn’t be inconvenient for the invigilator to track a very small sample of employees.
• Open House Discussion
  We all would appreciate, if we could have an open house discussion on this with all the relevant stakeholders (including the vendor of the biometric device) to discuss out all the risks and measures taken for the same.