Standards, Best Practices, and Recommendations
These guidelines for privacy-sympathetic and privacy-protective deployment provide institutions with an understanding of the types of protections and limitations commonly implemented. The Best Practices are meant to address the full breadth of biometric applications and technologies, from small-scale physical access to nationwide identification programs.
The Biometrics Institute is an Australian independent not-for-profit user group with 115 organizations, including government departments, financial services institutions, health service providers, and also vendors of biometric products and services. It is a meeting place for organizations that have an interest in biometrics and would like to share experiences and receive information and training in an information environment. The Biometrics Institute has developed a Privacy Code for the biometrics industry in Australia and offers a privacy impact assessment (PIA) service.
The Biometrics.gov standards page includes several standards documents that contain privacy recommendations or discussions, such as the Supplemental Information in Support of the NSTC Policy for Enabling the Development, Adoption, and Use of Biometric Standards, August 10, 2009, which contains in Section A.22 a discussion on biometric information privacy, including an analysis of the issue and the need for a privacy impact assessment, and solutions.
Recognizing that biometric technologies are seeing increased usage in the public and private sectors, the International Biometric Group's (IBG) BioPrivacy Initiative defines best practices as well as deployment and technology guidelines for maintenance of personal and informational privacy in biometric deployments. The objectives of IBG's BioPrivacy Initiative are to raise awareness of privacy issues for end users and deployers of biometric technology and to increase the likelihood that biometric technologies, when deployed, will be as protective of personal and informational privacy as possible. The BioPrivacy Initiative is a resource for the following:
- Public and private sector entities drafting privacy policies or statements
- Institutions deploying biometrics to employees, customers, or citizens
- Private citizens concerned with the use of biometric technology
The Federal Bureau of Investigation’s (FBI’s) Biometric Center of Excellence Web site is dedicated to providing up-to-date information regarding FBI biometric standards initiatives from the Criminal Justice Information Services (CJIS) Division, Technology Evaluation Standards Test Unit. The FBI's Science and Technology Branch created the BCOE to strengthen our ability to combat crime and terrorism with state-of-the-art biometrics technology. CJIS actively participates in close partnership with other U.S. government agencies and U.S. industry to help establish formal national and international biometric standards development bodies as the best environments to support deployment of standards-based solutions and to accelerate the development of the consensus standards. This site contains background information and links on the Integrated Automated Fingerprint Identification System (IAFIS), the American National Standards Institute/National Institute of Standards and Technology (ANSI/NIST), and the Electronic Biometric Transmission Specification (EBTS). This site also includes the results of the State-of-the-Art Biometrics Excellence Roadmap (SABER) Technology Assessment, referenced in an earlier section.
Mobile ID Device Best Practice Recommendation, Version 1.0 –
July, 2009, National Institute of Standards and Technology, U.S. Department of Commerce, Special Publication 500-280, Shahram Orandi and R. Michael McCabe, Information Access Division, Information Technology Laboratory
On August 25, 2009, the National Institute of Standards and Technology (NIST) published a report detailing the best practices for the interoperability of the next generation of mobile biometric acquisition devices. The devices will allow for the remote collection of biometric information and the ability to wirelessly send collected information for database and watch list comparison in real time. The NIST recommendations address future mobile applications of fingerprints, facial recognition, and iris scanning in law enforcement (e.g., by patrol officers and on-board patrol vehicles), criminal justice, and military environments. The report also addresses XML issues. There is much that is significant about this report. For example, it encourages the use of images rather than templates because of the higher accuracy attributed to this approach. However, although not stated in the report, images are more likely to be usable in other applications (if stolen/replicated) and consequently are a greater threat to privacy than templates. Also, the use of biometrics in mobile contexts may, over time, reshape fundamental criminal justice tasks. For example booking facilities could be potentially eliminated. Verification of who is giving a DNA sample could be made easier than what is sometimes done today with the concurrent capture of both DNA and fingerprints. Sex offender registrant and wanted persons identification at the scene of major disasters (e.g., weather-forced relocations) could be greatly facilitated. Updating of criminal case disposition information could be done more easily and less expensively, etc.
The mission of the National Biometric Security Project (NBSP) is to help government and private sector organizations protect the civil infrastructure by deterring attacks through the timely deployment of biometric technologies for identity assurance. NBSP, a nonprofit organization, was established after the events of 9/11 with the support of the U.S. Congress. NBSP widely supports government and private sector efforts to standardize, test, acquire, and deploy biometric technology and to do so in an environment compatible with rational social objectives in preserving individual privacy and civil liberties. The NBSP Enterprise was created to increase national security and personal identity protection by enhancing identity assurance with biometrics. The enterprise components provide biometric acquisition support, testing, training, standards development, and authentication services to public and private sector clients. The NBSP organization is ISO 9001-certified [Quality Management Systems Requirements]. As a 501(c)(3) nonprofit corporation, NBSP is able to ensure a technology-neutral, vendor-independent posture and focus on user requirements.
The National Institute of Justice (NIJ) established the Sensors, Surveillance, and Biometric Technologies Center of Excellence as part of the National Law Enforcement and Corrections Technology Center (NLECTC) system. DOJ contracted with the International Biometric Group to establish and operate the center to support NIJ’s law enforcement and corrections technology projects, including concealed weapons detection, through-the-wall surveillance, novel sensors, video surveillance, and biometric technologies. The center provides hands-on expert services and engineering assistance to 19,000+ U.S. state and local criminal justice agencies.
In conjunction with other federal agencies, academia, and industry partners, the NIST Identity Management Systems Program is pursuing the development of common models and metrics for identity management, critical standards, and interoperability of electronic identities. These efforts will improve the quality, usability, and consistency of identity management systems; protect privacy; and ensure that U.S. interests are represented in the international arena.
Privacy guidance for the electronic sharing of corrections photographs – October 9, 2008, Nlets—The International Justice and Public Safety Network