Societal, cultural and ethical issues related to the use of biometrics in security systems for identifying people are clarified in a new technical report by ISO and the IEC, two of the world’s principal developers of International Standards.   

Biometric technologies are currently required in many public and private sector applications worldwide to authenticate an individual’s identity, secure national borders and restrict access to secure sites including buildings and computer networks. ISO/IEC TR 24714-1:2008, Information technology – Biometrics – Jurisdictional and societal considerations for commercial applications – Part 1: General guidance, offers guidance on the design of systems that use biometric technologies to capture, process and record biometric information.   

Mr. Fernando Podio, the chairman of the ISO/IEC Joint Technical Committee 1, Information technology, subcommittee 37, Biometrics, that developed the report, comments: “For decades, biometric technologies were primarily used in law enforcement applications. Currently, they are increasingly being required in multiple applications worldwide. These technologies provide the opportunity for deployment of significantly better security for physical and logical access control. ISO/IEC TR 24714-1 will help biometric-based system users, writers of system specifications and decision makers, in the context of cross-jurisdictional and societal considerations for commercial applications of biometrics."  

The technical report gives generic recommendations providing principles, guidelines and considerations for the design and implementation of biometric systems, including the following:  

Jurisdictional issues related to privacy and protection of personal information   

Health and safety issues.  

It also addresses conditions of the physical environment that may affect the operation, accessibility and usability of a biometric system and continues with the societal, cultural and ethical aspects of biometrics; and discusses acceptance of the use of biometric characteristics. The report does not address specification and assessment of government policy.  

ISO/IEC TR 24714-1:2008 covers the following:  

The capture and design of initial requirements, including legal frameworks   

Development and deployment   

Operations, including enrolment and subsequent usage   

Interrelationships with other systems   

Related data storage and security of data   

Data updates and maintenance   

Training and awareness   

System evaluation and audit   

Controlled system expiration.  

Some of the benefits to be gained by the primary stakeholders of ISO/IEC TR 24714-1:2008 (designers, implementers and system operators of biometric systems) by following the recommendations and guidelines of the standard are:  

Enhanced acceptance of systems using biometrics by subjects   

Improved public perception and understanding of well-designed systems   

Smoother introduction and operation of these systems   

Potential long-term cost reduction (whole life costs)    

Increased awareness of the range of accessibility-related issues   

Adoption of commonly approved good privacy practice.  

ISO/IEC TR 24714-1:2008, Information technology – Biometrics – Jurisdictional and societal considerations for commercial applications – Part 1: General guidance, was developed by ISO/IEC JTC 1, Information technology, subcommittee SC 37, Biometrics.  

It is available from ISO national member institutes (see the complete list with contact details). It may also be obtained directly from ISO Central Secretariat, price 112 Swiss francs through the ISO Store or by contacting the Marketing & Communication department (see right-hand column).