Speech Technology Magazine

 

Security versus Privacy

Nancy Jamison reports on a survey completed earlier this year by Jamison Consulting and BrandMarketing Services Ltd. studying the public’s awareness and acceptance of biometrics. While security is a big issue, privacy is a concern.
By Nancy Jamison - Posted Nov 25, 2003
Page1 of 1
Bookmark and Share
THE BIOMARKET PROJECT Privacy versus security -- those two issues drove conflicting emothions and some interesting results in a consumer-based biometric study completed at the beginning of the year, entitled the BioMarket Project. THE BIOMARKET PROJECT The BioMarket Pilot Study, launched in the summer of 2002, surveyed a slice of the U.S. public as to its awareness of biometrics as a whole, as well as individual biometrics, and the public’s willingness to use biometrics if presented with the opportunity. The study was a collaborative effort between Jamison Consulting and BrandMarketing Services Ltd. Methodology consisted of a two-phased approach with 23 face-to-face or over the phone, in-depth qualitative interviews, followed by a focused, phone-based quantitative survey of 200 randomly selected adults. The project focused on five biometric technologies: 1. Fingerprint Recognition 2. Face Recognition 3. Voice Verification 4. Iris Scanning 5. Hand Geometry As a baseline each person was first asked if they were familiar with the term biometrics, and after answering were presented with the following biometric definition: “Biometrics are techniques being used as a secure way of identifying an individual in a variety of applications worldwide. Biometrics are being used to improve security, such as making sure that only authorized people have access to facilities and information to prevent theft or to prevent fraud -- such as identity theft and credit card fraud, or to enhance convenience -- for things like easy self-service checkout at grocery stores or easier access to your account information over the telephone. They are also a way to identify people who might be wanted by law enforcement authorities. Most biometric approaches work by extracting information from a picture or recording of, for example, a fingerprint or a face or a voice. The information is then stored and later matched to verify the identity of people.” This definition was developed by referring to generally accepted industry sources and experts within the biometric community. In general, the concept of biometrics as a term had a relatively low recognition rate. Only 33 percent of the people polled recognized the term biometrics, but not surprisingly individual biometric terms, such as voice verification and fingerprint recognition, were recognized much more. In particular voice verification was recognized by 80 percent of respondents, although many confused the term with speech recognition. SURVEY FLOW After examining general opinions as to whether or not biometrics should be used, we explored particular concerns that people might have gegarding biometric use. In addition to querying them about such issues as reliability, cost, potential financial impact and inconvenience, we asked questions of a more emotional nature — specifically issues of privacy and security. During the qualitative phase these questions led to a lot of commentary on each usage of a biometric, depending upon the type of application, as being a trade off between the two. We then asked questions on where biometrics should be used, such as parking lots, hospitals, sporting events and government facilities. Lastly we asked specific questions on a few select applications, such as whether or not respondents felt that a biometric should be used in place of PINs and passwords in financial transactions, used to increase the security of voting, or in a trusted traveler program. In all cases, the issues of privacy and security were raised. Especially in light of 9/11, we asked whether or not they felt the government and private industry should be encouraged to use biometric techniques to improve security in public places. SECURITY IS A BIG CONCERN Security was a big issue with almost everyone, which does not come at all as a surprise given that we launched the survey within a year of the terrorist attacks, and people were willing to use a biometric if it would increase security in specific places. For example, questions related to biometric usage in airports, train stations and bus terminals elicited the highest level of acceptance, directly due to the reality and publicity of airport security related to 9/11. And although we combined airports with train stations and bus terminals in our questionnaire, most of the resulting commentary focused on airports, for obvious reasons. Seventy-two percent of interviewees responded yes to biometrics being a good idea as it related to transportation. An additional 12 percent said maybe, with most of them being unsure about using biometrics in train stations or bus terminals. However, many respondents were initially hesitant to encourage biometric use by the government until the concept of terrorism was brought up. This theme was recurring with many comments such as the following: “Yes, I would allow you to use my face print. However, if you asked me this question prior to the 9/11 attack, I’m not sure I would respond ‘yes’ so quickly. At that time, I would have felt that a face print was a little extreme for security use. However, that is not the case anymore. I think it’s a fabulous idea!” “For employees of the various branches of the government, it would seem to make sense as a means of being more certain that the people coming in are actually the people that they want to have coming in. I would be inclined to have them use a combination of them (biometrics) for very secure sites, though. For example, at a bio-weapon site I would feel better if they had to pass through voice, iris and hand recognition before being allowed entry. That would reduce the chances of people trying to get in by the nefarious means previously described.” Yet, we still had our detractors no matter what: “I do not trust the government with biometrics. It presents the greatest danger to our freedom and privacy — much more real danger than becoming the target of a terrorist.” After further information was given to the respondent, the question that had the highest rate of change from a no to a yes was whether or not biometrics should be used in parking lots. If the respondent’s first thought was of a big shopping mall parking lot, for example, the answer was generally no. However, if they were asked whether or not they felt it would be good to restrict access to private apartments or office parking lots to prevent crime, the majority then said that it was a good idea. Thirty-six percent of respondents said yes to parking lots, 40 percent said no, and 24 percent said maybe. PRIVACY Security is one thing, and often was viewed as a necessary expense or evil. Privacy is another thing indeed. Only 15 percent of our quantitative respondents felt that privacy wasn’t a concern at all, and the rest were either concerned or very concerned about it. In fact, the strongest theme that we had throughout this study was the specter of Big Brother hanging over our heads: “My answer to all these techniques is going to be about the same. Just because there are a couple thousand “terrorists” in the world, I am not willing to start down the “slippery slope” to “1984.” Once you start with this where do you stop, where does it lead 10, 20 years from now?” “I’m very concerned that we would be undermining our very way of life.” “No, invasion of one’s privacy. I know we have to make some sacrifices, like for airports, for instance, pilots should be armed, but we do not need George Orwell. That is not what America is all about.” Surprisingly, the study results provided almost the exact same spread of responses when we asked whether private companies should be encouraged to use biometrics as we did when we asked if the government should be encouraged to use biometrics — 60 percent said yes, 20 percent said no and 20 percent said maybe. What was surprising was that it wasn’t the same people responding in the same way. In effect, there were people who were vehemently opposed to the government’s use of biometrics, but did not oppose its use in private industry and vice versa. In most of these cases people believed that it did not violate their freedom if it was the worker’s choice to be employed there. So a person that was fervently opposed to Big Brother government misusing biometric information might be the one to respond that it was ok for private industry to implement biometric solutions. PRIVACY VERSUS SECURITY At the conclusion of the survey, we asked if there is any reason why respondents wouldn’t be willing to cooperate with either the government or a private company using one of these biometric techniques. Sixty-eight percent of respondents answered no. From the qualitative responses, we suspect that even those that are opposed to the use of biometrics would not refuse to use them if they were in place for what they perceive is a good reason, or if it was a condition of employment. In all we discovered that education was key to making biometric use successful. Fear drove some responses for invasion of privacy, and misuse of information, along with fear of too much government control. Respondents were much more vociferous about not wanting their “persona” stored, particularly as they felt that this might be the basis for abuse or an invasion of privacy. We saw a theme of fear that the use of biometrics could somehow lead to the government tracking everyone’s movements. “I know I’ve heard the argument that this is an invasion of privacy. It depends on what is done with that information. If it is strictly for the internal use of a particular place, of course I would be willing to do it. I can’t think of a good reason why not other than the invasion of privacy where your face or your fingerprint is now on record somewhere and you don’t know where it is. “So, if someone had access to the face images there would be even more possibility of violating your privacy. More than say your fingerprint. That’s kind of useless unless you have a fingerprint reader with you. There are more ways in which it could be abused and you could be tracked.” VENDORS CHIME IN As a follow up to the project for this article we asked a number of vendors who market voice verification/authentication if the results of our survey mirrored what they were seeing in the market. Granted, they are in the position of selling to those who deploy to the ultimate end user, but we wanted to see if the concerns of the customers were similar to end users. Whereas security was an issue, for the end user the customers were downplaying security in lieu of other benefits of the technology. For example, convenience and ease of use were highlighted in marketing materials used by companies to introduce the technology to their customer base. “Internally security and cost reduction is the big message, but for the end user its convenience and ‘oh by the way, it’s secure,'" said Regina Schmidt, senior product marketing manager at Nuance. Similarly, in discussions with a number of brokerage/financial firms, VoiceMatch mirrored that thought by saying that their customers were indeed focused more on the bottom line, particularly in call centers where anything that shortens the length of a call is welcome. But in the case of brokerage, end users were also very ware of security and had become more sophisticated in the ways that they look at private information and identity theft. “Our customers want to know it’s a winwin for themselves and their end customers,” said John Kaufman, CEO of VoiceMatch. “And that feedback they had received is that customers would welcome a voice biometric if it shortens the call and replaces something they already have to do, such as give a PIN or a password out over the phone.” Kaufman added that in VoiceMatch’s customer’s studies it shows that customers are fed up with being asked invasive questions such as mother’s maiden name and social numbers that can only come back to haunt them in identity theft. SUMMARY: EDUCATION REAPS REWARDS FOR VENDORS We found vendors are indeed pushing the education aspects of the technology in marketing materials for end users. So in many cases, particularly in finance where the technology is being used as a replacement for touch-tone PINS and passwords, firms are rolling out marketing programs in advance in order to prepare the end user for what is coming and to gain consensus and increase enrolment. Interestingly, vendors commented on the fact that companies are tending not shy away from the term biometric in connection with voice verification, but were using voice verification or authentication instead. So however you package it, education is of the utmost importance for the end user. In order to gain acceptance, preferably in advance of deploying applications such as voice verification, it is critical to roll out the application trying it on small groups of end users first, getting feedback, creating an introduction plan for deployment that includes educational materials on what the technology is, how it is to be used, and the benefits of using it. With this in place up front user acceptance and subsequent high enrolment rates will be possible. Nancy Jamison is the principal analyst at Jamison Consulting. For more information on the complete report she can be reached at nsj@jamisons.com.
Page1 of 1