1997’s “Gattaca” has something of a cult following. The story is set in a futuristic society in which genetics determines destiny. The protagonist, of course, overcomes all obstacles through sheer will power, and by “borrowing” someone else’s DNA, in the form of blood, urine and hair samples. The security measures put in place to catch the “in-valids” failed in the face of someone determined to circumvent them.
Fast forward almost twenty years and relying on biometric data as a security measure is no longer fiction. In the U.S., the Department of Homeland Security intends to use fingerprints and iris scans to prevent fraudulent travel on a passport, and New York has had good luck using facial recognition software to combat identity theft. Consumers, too, have adapted to emerging technology, embracing the ability to lock their smartphones with fingerprints instead of hard-to-remember codes. What could possibly go wrong? From a privacy standpoint, quite a lot. Fingerprints are not actually kept “secret,” as we leave them everywhere we go, and a determined hacker just might be able to make suitable copies of your fingerprints using a printer. Moreover, there is nothing to preclude law enforcement agencies from drafting warrants that—if issued— would allow them to collect your fingerprint and use it to unlock your phone.
While the government’s use of biometric data will present new and interesting legal challenges, we will undoubtedly see a rise in civil suits too. To date, courts have had the most experience with claims under Illinois’s Biometric Information Privacy Act (BIPA).
Considering that Connecticut, Washington, Wisconsin, Texas and Massachusetts all have existing (or pending) legislation that explicitly addresses the use of biometric data, things are bound to get more and more interesting.