Biometrics refers to the automatic recognition of individuals based on their physiological and/or behavioural characteristics. Physiological characteristics such as fingerprints have been used for identification purposes since the 19th century. Also the signature as an example of behavioural characteristics has been used for authentication purposes for centuries. With technological advancement, new characteristics such as a person’s keystroke pattern or the possibility of a DNA analysis have evolved. Citizens worldwide are growing accustomed to the collection of two biometric characteristics, i.e. fingerprints and biometric picture, as these are implemented in machine readable travel documents (MRTD) issued according to ICAO standards. Private companies have been developing new services concerning biometrics too. For more than 3,000 diseases, among them breast cancer, Alzheimer’s disease, mucoviscidosis, and Huntington’s chorea, genetic reasons are known and companies offer genetic tests to detect genetic loading with regards to such diseases. With such information available, genetic profiling would be possible, for example by insurance companies which impose the contractual duty for their customers to report previous diseases, known dispositions and other circumstances allowing conclusions regarding future illnesses. In the future we may see a development where individuals may benefit from lower insurance rates, or on the contrary may not find a company willing to offer them insurance coverage based on their genetic predisposition.
As a new service, companies have also started to offer genealogical research based on DNA tests. The aim is to determine the geographical origin of customers and to find other descendants of joint ancestors. These new emerging social or rather genetic networks revolve around the common interest of shared ancestry. While in these cases the use of DNA as identifying information cannot be changed by the user, social networks usually offer the possibility to create a partial identity: a profile describing the user, her interests and often her social contacts.

Scenario

Zoe, the daughter of Li-lian and David, is now two and a half years old, and enrolled in kindergarten, and so Li-lian has returned to work.

Emerging technologies offer a wide range of possibilities but researchers, policy makers and citizens should be aware of the risks that come along with these new technologies. The examples chosen in this scenario show some of the possibilities and risks of biometrics and social networks for the privacy of citizens.

Biometric methods tend to become widely used for identification as they get cheaper and more accurate. They offer high security for authentication and verification while offering the highest possible convenience for users. But this brings in some concerns too. Biometric data is not changeable. If it happens that unique human characteristics used for biometric authentication are compromised the affected person has no possibility for revocation or to get new ones issued. Equally, false rejections must be addressed and some equally secure backup procedures installed to retain access if system errors occur.

Databases containing biometric data are themselves a threat to privacy. Such data may be used as a unique identifier and thus enables linking of a wide number of existing databases and profiling for many purposes. Biometric raw data may even be used to identify health risks which may raise a desire for access to these data by insurance companies, banks or for health related advertising. A solution for these threats may be the encapsulated storage of sensitive biometric data which remain under the control of the data subject. 
Within FIDIS, existing and advancing biometric technology has been analysed and discussed. FIDIS particularly explored possible future uses, abuses and remedies against the latter. General security and privacy aspects as well as social, political and economic implications of biometrics are covered by D3.2: ‘A study on PKI and biometrics’. A broad analysis of biometrics in identity management with a depiction of the available technology as well as chances and risks for privacy and security is contained in D3.10: ‘Biometrics in identity management’. Biometry and security in existing and future ID-documents is covered by D3.6: ‘Study on ID Documents’. Issues of biometric identification in an AmI environment are addressed by D12.3: ‘A Holistic Privacy Framework for RFID Applications’.
Privacy and identity theft should also be a major concern for operators and users of websites offering information on persons, in particular the wide variety of emerging social networks, as the availability of detailed personal information provides ground for a wide range of actions with criminal intent. Multidisciplinary research on ID theft was the object of the following FIDIS deliverables, are referred to for further reading on this topic: D5.3: ‘A Multidisciplinary Article on Identity-related Crime’ is written as a journal article proposing a typology and categorising of identity-related crime from a conceptual, technical, and legal perspective. A deeper analysis on social, economic and legal aspects is provided by D5.2b: ‘ID-related Crime: Towards a Common Ground for Interdisciplinary Research’ addressing the technical methods of ID crime and possible countermeasures. An analysis of identity issues within Digital Social Environments (DSE) is provided in D2.2 ‘Set of Use Cases and Scenarios’. The concept of virtual persons was developed in D2.13: ‘Virtual Persons and Identities’. Virtual persons are a virtual entity stepping between the physical person and its virtual identity possibly creating a protective veil for the privacy of the data subject. The model was further analysed and developed in D17.1: ‘Modelling new Forms of Identities’ and an evaluation of virtual persons within the current European legal setting is provided in D17.2: ‘Abstract Persons and the Law’.