Do Employees Have a Right to Refuse Enrollment in a #Biometric System?
Biometrics is a Growing Identification Technology
It’s no secret that biometric technology deployments are on the rise. Increasingly, retailers are catching on to the unique benefits and security that biometric technology offers to positively identify an individual by their physiological characteristics instead of through ID cards, personal identification numbers or passwords. The rapid growth of biometric technology seemed to begin shortly after we shifted into a society aggressively focused on safety and security in the wake of the rise in global terrorism. Biometrics was soon recognized as the only technology that could tell with near absolute certainty that someone was who they claimed to be. Governments were the first to actively use biometric identification to secure their intellectual and physical property and then slowly expanded to border control and public safety.
The progression of biometric technology didn’t stop solely with security deployments though; it kept on growing and progressing. As price points dropped and the technology became more refined, deployments began to shift to the private sector as companies took notice that biometrics had strong potential to help them with problems like employee time theft, inventory shrink, identity theft, compliance and fraud. Widespread adoption by the private sector fueled the growth of biometric systems designed to positively identify individuals to prevent these problems and with this growth came increased scrutiny of the technology (specifically how individual biometric data was stored and what it may be used for other than identification) by Privacy advocates and proponents of civil liberty protection. Their feelings are that biometric technology violates individual privacy without a 100% guarantee that templates are safely stored and unable to be stolen and governments are not using the data to track citizens interacting with a system and subsequently disseminating the information collected to external bodies.
These arguments are strong but perhaps a closer look at how the technology works would help uncover some answers to these concerns and clear up some misconceptions about biometric technology.
The Privacy Issue – How Does Biometric Technology Actually Work?
Most people believe that when an individual places their finger on a fingerprint reader to register their identity in a biometric system, an image of their fingerprint(s) is stored somewhere on a server or a computer. In actuality this is typically not the case. Instead, the biometric matching software extracts and stores what is known as an identity template. This is a mathematical representation of data points that a biometric algorithm extracts from the scanned fingerprint. The biometric identity template is simply a binary data file, a series of zeros and ones. The algorithm then uses the template to positively identify an individual during subsequent fingerprint scans. No image is ever stored or transmitted across a network. In addition, the algorithm is “one way” which means that it is nearly impossible to recreate the original biometric image from the template. In other words, it is nearly impossible to reverse engineer the data that is sent to positively identify an individual and successfully “steal” their biometric identity.
Understanding these processes is central to realizing how the danger of identity theft or a security breach is significantly lessened, if not completely eliminated, through the use of a proprietary algorithm with no stored image and data encryption. Biometric templates are also not linked to anything in a closed system that can positively identify an individual outside of that system.
However, privacy advocates strongly feel that the idea of capture, storage and use of biometric data (specifically by governments either through mandated deployments for social services/social issues or request of data and records from private business) to assemble a comprehensive citizen knowledge base and thus exercise covert control of society in general is a violation of individual privacy and proves to be a valid point.
Can an Employee Claim that using Biometric Technology is a Violation of Their Privacy?
If you adopt biometric technology for time and attendance, access control or another deployment within a business, do employees have a right to refuse participation on the grounds that it violates their privacy and/or individual civil liberties? It brings up an interesting question. Without irrefutable proof that a biometric database can’t be hacked into and the templates reverse engineered into images, if an employee did decide to decline participation, would they be able to prove their claim that the technology did in fact violate their civil liberties?
There have not been any known cases here in the U.S. of an employee taking their employer to court for their refusal to enroll in a biometric identification system that resulted in wrongful termination or a violation of their equal opportunity rights. However, shouldn’t biometric information be treated as any other personally identifiable data that an employer keeps on file like social security numbers, pictures, or bank information if you request a direct deposit? Information that, if stolen, could be used to recreate you as a person? Most companies already have policies in place that govern the safe protection of this data and biometrics should arguably be included and not treated any differently. It should be treated the same way as the data you have already given up and is stored just by being an employee of the company.
Most employers also monitor their employee’s activities while they are at work which could include video, email and telephone monitoring. An employee is then asked to sign that they received and read the employee manual that explicitly states their acknowledgement that they will be monitored throughout their employment tenure. Remember that this is not a request for permission to be monitored; it is an agreement that the employer will be doing it.
It is also important to note if you have a Twitter or Facebook account, purchase on the Internet, use credit cards at brick and mortar establishments, subscribe to publications on the Internet, have any form of insurance or bank account, etc. you no longer have any privacy. If you use one or more credit cards, the credit card company knows where you eat, what you eat, what kind of car you drive, where you live, what insurance you have, where you spend your vacations, what you read, how much you spend on shoes and more. If you use most social media platforms, you have publicly given up every bit of privacy you ever had. Although these are personal preferences, it makes the argument hard to justify that enrollment in a biometric system is any more egregious than most of the other daily online and offline activities that we participate in.
Is biometric enrollment any more egregious than most other activities that we participate in? Click To Tweet
I don’t think it is far to say that because you as an individual choose to share certain information on social network sites you have no privacy. When it comes to employer employee relations then it often makes sense to look after your staff. If staff feel you understand their concerns (whether well-founded or not) then that will surely lead to a better working environment. Having systems that allow for alternative verification e.g. smart card keeps everyone happy.
Thank you for the comment James. You are correct that employers have an obligation to protect their employees’ personal and confidential information and keep their best interests at heart. That certainly leads to a more amicable working environment.
does the us bank use bio metric systems
Thank you for the comment. Some elements of the US banking system use biometrics, but mostly for access control and network security. There has not yet been widespread adoption of biometrics for transactional based activities though.
The problem is that smart cards and keys can be shared, stolen or copied. We without a fingerprint, we really don’t know who open the door or unlocked a piece of equipment or clocked in for work. As soon as you give one employee the alternative verification, they will go tell everyone at work and then you have lost any amount of control over who is accessing what.
Pingback: Biometric Technology to Replace Passwords
We have a 0 tolerance policy on this blog for insults or vitriol. Please understand that this is unacceptable.
This blog promotes educational content to make information and views of biometric industry specialist available to the general people. We believe that if our effort can make a difference in your personal or public life, that would be our success. While carrying out these efforts, we maintain a zero tolerance policy for any degrading or insulting comments that might offend others.
I respectfully disagree with you. Your information is based on a lack of knowledge of how biometrics are stored and retrieved.
Mi supervisor checks my biometric gate readings to check when I leave but he has to ask another person to actively check it for him as he does not have the position to check it himself.is this legal. I work in construction in the uk
Thanks for your comment Raymond. although we are not sure what is your actual question. Could you please clarify a little bit.
I work as a tower crane operator I work in London on a construction site that’s has biometric fingerprint entry I have 4 hours downtime when I climb down the crane. I’m allowed off site during this time where I go to the gym to spend my time it usually takes 2 hours my supervisor /appointed person has been checking the data from the gate to see what time I’ve been leaving and coming back I also text him when I leave site and text him when I return however he checks the data by going through an authorised person to check it for him. Is he allowed to check the gate data to use against me,which seems to be the case, he himself is not authorised to check the data. Thankyou
Sent from Samsung Mobile on O2
——– Original message ——–
I am staying at Office. I want to get attendance finger print of staff who are working onsite away from office. How can I do to get staff’s attendance finger print.
Thanks for reaching out to us. Please reach out to our experts for advice here: https://www.m2sys.com/blog/contact-form/
Pingback: Acceptance of Biometrics for Patient ID Points to Hope, Not Hype
They say thumb print is converted to digital data so if your employer has this thumb print data your bank will get it from them through computer transactions of direct deposit and so will the Government Tax agency the Elite’s want to enslave you so in the future of the New World Order and World Currency is a part of it if you have dept or owe Taxes they will be able to take there share first, Food for thought you may not have enough left over for food or rent
The one world currency will be cashless in cyber space
^clearly has no idea how this works. You can’t recreate the fingerprint from the computer data alone. It’s algorithm based not image based, typically the data is stored local to the machine and the only data that is sent through the intranet/internet is encrypted and only stores information about when you clock in and out, it never takes a picture of your fingerprint, but uses distances and measurements between different key points on your finger to securely identify you.
There’s plenty of time for tinfoil hat nonsence Mr. Scott, but this is just misinformed nonsence.
you don’t answer the question. also facebook, credit cards ect… is a lot different then biometrics. the Mathimatical equation you speak of … is unique it plots your finger print swirls… so ya the harmless “identity template” is private information about me.
Thank you for the message Terri, apologies for the late reply. Offering your personal, private information to a social platform or a credit card company is indeed akin to the use of biometrics for identification. How is it different? Arguably, consumers consistently provide companies with information that, if compromised, could lead to identity theft, fraud, or theft. The difference with biometrics is, what would a criminal do with your physiological identification credentials if they were somehow miraculously be able to re-create an image from a stored biometric template? Most modern biometric hardware devices have sophisticated liveness detection that renders spoofed or fake credentials useless. The proprietary nature of algorithms and software used to identify individuals after they have been enrolled in a biometric system is another deterring factor to consider. We would be interested to hear more research about your argument that biometrics violates individual privacy. Thanks again for stopping by to comment.
Terri – found a great article for you to read when you have a chance that addresses the concept of owning our digital identity: https://www.veridiumid.com/blog/who-owns-your-identity/?utm_campaign=Monthly%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=54041060&_hsenc=p2ANqtz–UdemmQxKo7rsUC8ovqiaKWKoe3G8h9qDUhEQ9goD2um6iEIUhjskK21K2V3w6Bn6FjohurCsS6Az14lmvxBf5jWgUUA&_hsmi=54050829
There has been a case of a person who was fired for refusing to use the biometric time clock. He claimed it was against his religion, sounded to much like the mark of the beast. the courts sided with him and he was paid alot of money. look it up… These things are massive invasions of privacy.. you wont ever catch me using them and if i’m forced i will take someone to court..
Thank you for stopping by to comment. Please note that this post was written back in 2011, and at that time, there were no known cases to report of an employee refusing to enroll in a biometric identification management system. You are correct however, and the case you are referring to is legitimate and we will be updating this post to reflect that soon. We respect your opinion that you feel it’s an invasion of your privacy but disagree with that assertion. See our comments below to Ms. Campbell for our thoughts on privacy and biometrics.
The author did not seem to understand that ones and zeros that record details about the human body are still records about the body. A photo is ones and zeros, and my bust size can be recorded as ones and zeros. Once supposedly hard to fake data, like a biometric scan is taken, it can easily be hacked stolen and used by someone else.
It doesn’t matter how careful my employer and I were about my social security number thanks to Equifax. That same sort of identifying information could be breached with points on a fingerprint or my DNA for that matter.
I would rather have to check multiple forms of ID or be recognized by supervisor then pass around my biometric data to a bunch of invisible and poorly secured servers.
Yesterday, I arrived to checking at work and the supervisor took us to a biometrics machine to scan our fingerprints. When I was in the process, a warning about acknowledging and agreeing with the policy appeared but they never showed to me so I refused to accept. Now I have to wait for a meeting with manager…