1
Copyright (c) 1997 The University of Pittsburgh Law Review
University of Pittsburgh Law Review
Fall, 1997
59 U. Pitt. L. Rev. 97
LENGTH: 29115 words
ARTICLE: BIOMETRIC SCANNING, LAW & POLICY: IDENTIFYING THE CONCERNS-DRAFTING THE BIOMETRIC BLUEPRINT
NAME: John D. Woodward *
BIO:
* Operations Officer, Directorate of Operations, Central Intelligence Agency, 1985-1997; J.D.,
Georgetown University Law Center, 1998; M.S., London School of Economics, University of
London, 1983; B.S., Wharton School, University of Pennsylvania, 1981. I thank Dr. Arthur S.
DiDio, M.D., Professor Steven Goldberg, Professor Julie O'Sullivan and Shirley Cassin
Woodward for their helpful comments and support. I also thank Dr. Joe Campbell, the Chair of
the Biometric Consortium, Dave Harper of the International Computer Security Association, Ben
Miller, the Chairman of CardTech/SecurTech and William Rogers, the editor of Biometric
Digest, for kindly inviting me to speak at conferences which their organizations hosted; I
benefited greatly from the participants' insightful comments. Erik Bowman, Gary Roethenbaugh
and Dr. Jim Wayman patiently answered my many questions.
SUMMARY:
... While Cruise, according to the Hollywood script, coolly outwits cutting-edge biometric
technologies like eye scanning, voice recognition and computerized finger imaging, the reality is
that biometrics is rapidly emerging as a fast, foolproof means of personal recognition. ... After an
explanation of biometrics and biometric applications in parts II and III, this paper, in part IV,
will examine legal issues from the standpoint of possible constitutional concerns associated with
the government's use of biometric technology. ... "High Government" use refers to the use of
biometric technology by the military and national security community, law enforcement agencies
and prison management. ... Recognizing a high-level privacy interest in the medical data
collected, courts will likely focus on how the government agency handles dissemination of the
data it has collected and what kinds of safeguards are in place to prevent inadvertent disclosure,
given the strong interest in keeping personal medical information strictly confidential. ... The
court did, however, restrict access to the fingerprint database to legitimate Department of Motor
Vehicle driving matters in California. ... For example, privacy rights advocate Robert Ellis Smith
contends that " "in most cases, biometric technology is impersonal and it's overkill.' ... Various
biometric technologies, including hand geometry and finger imaging, are securing access and
verifying identity of prisoners, staff and visitors across the U.S. ...
2
TEXT:
[*97]
Technology is fast. The law . . . is slow. n1
A government official may be upset when a memo runs into problems with a policy analyst. This
official's situation is much worse, however, when the memo runs into problems with the general
counsel. n2
I. Introduction
Mission: Impossible, the hot movie hit of the summer of 1996, showcases Tom Cruise in a fastpaced espionage thriller. n3 Like many good spy flicks, the film features the latest in high tech
innovations, in this particular case, biometrics. n4 While Cruise, according to the Hollywood
script, coolly outwits cutting-edge biometric technologies like eye scanning, voice recognition
and computerized finger imaging, n5 the reality is that biometrics is rapidly emerging as a fast,
foolproof means of personal recognition. In fact, both the governmental and private sectors are
making extensive use of biometrics to provide better service to the [*98] public. n6
For government agencies in the United States constantly encouraged to "do more with less,"
biometric applications can save tax dollars and make programs operate more efficiently.
Government agencies are reporting impressive biometric success stories. For example, the Los
Angeles County Department of Public Social Services reported that finger imaging of welfare
recipients in a pilot program reduced fraud by over $ 14 million and resulted in the termination
of over 3,000 previously-approved entitlement cases over a three year period. n7 The savings
more than paid for the $ 9.6 million cost of implementing biometric technology. n8 Recognizing
this and similar positive applications, the U.S. Secret Service and the General Accounting Office
(GAO) gave biometrics a qualified endorsement as a viable means to deter fraud in government
entitlements distributed electronically, known as electronic benefits transfer (EBT). n9
Understanding biometrics is essential for elected officials charged with authorizing how these
new technologies will be used, and for government managers responsible for implementing
biometrics into comprehensive, integrated programs. Moreover, an understanding of biometrics
is important for the legal, academic and policy advocacy communities so that they can
meaningfully participate in the public debate related to biometrics. This understanding, however,
must be more broad-based than just technical, administrative and security concerns. As the
technology becomes more economically viable and technically perfected, biometric [*99]
scanning could refocus the way Americans look at the brave new world of personal information.
We will soon be eyeball to eyeball with controversial legal issues implicating constitutional
safeguards as well as larger public policy concerns. Accordingly, before integrating biometric
scanning into government programs, these legal and policy concerns must be addressed to help
guarantee political support and public acceptance of biometrics.
After an explanation of biometrics and biometric applications in parts II and III, this paper, in
part IV, will examine legal issues from the standpoint of possible constitutional concerns
associated with the government's use of biometric technology. Accordingly, part IV focuses
3
primarily on physical privacy and informational privacy concerns. These concerns are explored
through the relevant case law dealing with the impact of technology on privacy. Part V briefly
examines the major problems government agencies will face, in terms of the "regulatory gap,"
when they seek to incorporate the use of biometrics into their programs. The paper concludes
with a modest biometric blueprint which provides a framework to ensure that legal and policy
concerns mesh productively with technical, security and administrative factors. Existing
biometric technologies are then examined in terms of which ones offer the most promise for this
blueprint in actual practice.
II. What is Biometrics?
A. Biometrics and Biometric Scanning Defined
While the word "biometrics" sounds very new and "high tech," it stands for a very old and
simple concept--human recognition. n10 In technical terms, biometrics is the automated technique
of measuring a physical characteristic or personal trait of an individual and comparing that
characteristic or trait to a database for purposes of recognizing that individual. n11
Biometrics uses physical characteristics and personal traits, which include: n12 [*100]
[SEE TABLE IN ORIGINAL]
Of these, only three of the physical characteristics and personal traits currently used for
biometrics are considered truly consistent and unique: the retina, the iris and fingerprints. n13 As
such, these three physical characteristics provide the greatest reliability and accuracy for
biometrics. n14
Biometric scanning is the process whereby biometric measurements are collected and integrated
into a computer system, which can then be used to automatically recognize a person. n15
Biometric scanning is used for two major purposes: identification and verification. Identification
is defined as the ability to identify a person from among all those enrolled, i.e., all those whose
biometric measurements have been collected in the database. n16 Identification seeks to answer
the question: "Do I know who you are?" and involves a one-compared-to-many match (or what is
referred to as a "cold search"). n17
Biometric scanning is also used for verification, which involves the authentication of a person's
claimed identity from his previously enrolled pattern. n18 Verification seeks to answer the
question: "Are you who you claim to be?" and involves a one-to-one match. n19
B. Advantages of a Biometric Scanning System
Biometric scanning can be used for almost any situation calling for a quick, correct answer to the
question: "Who are you?" n20 The unique advantage of biometrics is that it bases identification on
an intrinsic as- [*101] pect of a human being. n21 Recognition systems that are based on
something other than an intrinsic aspect of a human being are not always secure. n22 For example,
4
keys, badges, tokens and access cards (or things that you physically possess) can be lost,
duplicated, stolen or forgotten at home. Passwords, secret codes and personal identification
numbers (PINs) (or things you must know) can be easily forgotten, compromised, shared, or
observed. n23 Biometrics, on the other hand, are not susceptible to these particular problems.
Depending on the exact use for which the technology is envisioned, an ideal biometric
technology would generally include a system based on:
. A unique biometric characteristic;
. Non-intrusive data collection;
<Bullet> No or minimal contact between the person being scanned and the equipment doing the
scanning;
. An automated system, i.e., no human decisionmaker in the decision loop;
. Very high accuracy; n24 and
. High speed. n25
In sum, a good biometric system is fast, accurate, user-friendly and lowcost. n26
In terms of operability, desirable biometric characteristics generally include:
. Precision of the measurement(s);
. Speed (Throughput Rate);
. Public acceptability;
. Reliability; [*102]
. Resistance to counterfeiting;
. Acceptable storage requirements; and
. Fast enrollment time. n27
According to Dr. Joseph P. Campbell, Jr., a National Security Agency researcher and the
Chairman of the U.S. Government's Biometric Consortium, which has over 200 members from
government, academia and the private sector, no technology has emerged as the "'perfect
biometric,' suitable for any application." n28 While a detailed examination of the various
biometric technologies is beyond the scope of this paper, numerous technologies are currently
being perfected and many biometrics are fully deployed and in use. These biometric technologies
5
can be divided into three general categories: High Biometrics, Lesser Biometrics and Esoteric
Biometrics. n29
C. High Biometrics
The first category, "High Biometrics," refers to biometric technologies distinguished by high
accuracy and which currently have functional working systems fully deployed. At present, high
biometrics are based on the only three biometric features that are considered truly consistent and
unique: the retina, the iris and fingerprints. n30 These biometrics include the following:
1. Retinal Scanning
Retinal scanning involves an electronic scan of the retina--the in- [*103] nermost layer of the
wall of the eyeball. n31 By emitting a beam of incandescent light that bounces off the person's
retina and returns to the scanner, a retinal scanning system quickly maps the eye's blood vessel
pattern and records it into an easily retrievable digitized database. n32 The eye's natural reflective
and absorption properties are used to map a specific portion of the retinal vascular structure. n33
This mapping is accomplished by a device n34 which uses a scan wheel/lens apparatus rotating at
the rate of six complete rotations per second to collect a total of 700 data points in the retina
during each rotation. n35 Once the data is collected, it is digitized and stored as a 96 byte
template. n36 Retinal scanning relies on the unique characteristics of each person's retina as well
as the fact that the retina generally remains fairly stable through life. n37 Disadvantages of retinal
scanning include the need for fairly close physical contact with the scanning device, n38 the fact
that trauma to the eye and certain diseases can change the retinal vascular structure, as well as
concerns about public acceptance. n39
2. Iris Recognition
Iris recognition uses the iris, the colored circle that surrounds the pupil, as the physical
characteristic to be measured. n40 The iris is chock full of randomly distributed immutable
structures, which means that, like snowflakes, no two irises are ever the same. n41 Moreover, the
iris does not [*104] change over time. n42 Using standard video technology, its features can be
quickly recorded from about nine inches away, thus obviating the need for invasive physical
contact. n43 Software captures the identifying information from the iris and stores it in a 256 byte
code. n44 Disadvantages of iris recognition include problems of user acceptance, the relative
expense of the system as compared to other biometric technologies, n45 and the relatively
memory intensive storage requirements. n46 Iris recognition stands out as perhaps the most
"hygienic" of the biometric technologies in that no part of the user's body has to touch anything
to operate the system. n47
3. Finger Imaging
Fingerprints have long been used as a means of recognition. n48 By the early twentieth century,
on the heels of the establishment of the Henry system of classification, fingerprint identification
was formally accepted by law enforcement agencies and became a standard in forensics. n49
Fingerprints' contemporary offspring, finger imaging, n50 involves physically placing a finger on
6
a small optical scanner roughly similar to the glass plates seen on many supermarket checkout
counters. n51 This "live" fingerprint is electronically read and converted into a unique byte code
stored in a database which can then be compared to other finger images for identification
purposes. [*105]
A major advantage of finger imaging is the long-time use of the fingerprint and its wide
acceptance by the public and law enforcement communities as a reliable means of human
recognition. n52 Comprehensive finger imaging systems are fully operational; for example,
currently, Woolworth's supermarkets in Australia operate the world's largest time and attendance
system featuring biometrics. n53 Finger imaging technology is used to monitor time and
attendance for about 100,000 employees. n54 Disadvantages of finger imaging include the need
for physical contact with the optical scanner, the possibility of poor quality images due to residue
on the finger such as dirt and body oils (which can build up on the glass plate), as well as eroded
fingerprints from scrapes, years of heavy labor, or mutilation. n55
D. Lesser Biometrics
The second category, "Lesser Biometrics," features reasonable accuracy with functional systems
deployed. They are not based on truly unique physical characteristics. Examples include the
following:
1. Hand Geometry
Hand geometry, "the granddaddy of biometrics by virtue of a 20year history of live
applications," n56 takes a three dimensional record of the length, width and height of the hand
and/or fingers. n57 The subject places her hand in an optical scanner, measurements are taken, and
the results are converted into a less than ten byte code. n58 In effect, a digital map of the outline
of a person's hand is created. n59 The system is non-invasive, and since the memory requirements
are limited, hand geometry [*106] requires very little computer storage space. n60 It is also very
userfriendly. n61 Hand geometry systems are currently deployed at over 8,000 locations, n62
including Walt Disney World in Orlando, which uses a version of hand geometry to verify
customers who purchase yearly passes to prevent any illegal or inadvertent pass transfer. n63
Disadvantages include the lack of uniqueness of hand geometry as compared to other biometrics.
n64
Also, an injury to the hand can cause the measurements to change, resulting in recognition
problems. n65
2. Face Recognition
People recognize one another by looking at each other's faces. Face recognition is a noninvasive
process where a portion of the subject's face is photographed and the resulting image is reduced
to a digital code. n66 PC Week Labs, in its recent review of a face recognition biometric product,
noted that it "affords nearly foolproof authentication; eliminates userrelated security issues such
as forgotten passwords or token theft; is fast and easy to use; and provides an audit trail of all
access attempts." n67
7
The main disadvantages of face recognition are similar to problems of photographs--people who
look alike can fool the scanners. n68 Also, people can significantly alter their appearance, and
facial hair may be able to fool the device. n69 Finally, some systems have difficulty maintaining
high levels of performance as the database grows in size. n70
3. Voice Recognition
One's voice, like other biometrics, cannot be forgotten or mis- [*107] placed. n71 Voice
recognition involves taking the acoustic signal of a person's voice and converting it to a unique
digital code which can then be stored in a template. n72 In practical terms, the user would first
enroll in the voice recognition system by speaking an agreed-upon phrase. n73 For future
recognition, she would speak the exact same phrase, the signal would be analyzed by the voice
recognition system and she would either be accepted, rejected or, if there were insufficient
confidence as to her signal, the system could request additional information from her. n74 Voice
recognition systems are extremely well-suited for verifying user access over a telephone. For
example, Chase Manhattan Bank has begun using voice verification systems to identify
customers seeking account access by telephone. n75 Disadvantages of this biometric are that, not
only is a fairly large byte code required, but people's voices can change (for example, when they
are sick or in extreme emotional states), phrases can be misspoken, and background noises can
interfere with the system. n76
4. Signature Recognition
Signature recognition, or signature dynamics, uses computer technology to record components of
an individual's signature such as pen/stylus speed, pressure, direction in signature and related
characteristics. n77 "The key . . . is to differentiate between the parts of the signature that are
habitual and those that vary with almost every signing." n78 Recently, many large retailers,
including Home Depot, have examined signature recognition systems as a way to reduce fraud.
n79
The idea is that to the extent a person's handwriting is unique, an on-line writing device at the
checkout line could instantly compare the customer's signature to one in a database. The major
drawbacks are problems of long-term reliability, the lack of accuracy and cost. n80 [*108]
E. Esoteric Biometrics
The third category, "Esoteric Biometrics," includes biometrics still in the early experimental and
developmental stages. Examples include vein measurement and the analysis of the chemical
composition of body odor. n81 In the area of vein measurement, the European Union, given its
official funding of this technology, seems to be encouraging this biometric. n82 Vein
measurement generally focuses on blood vessels on the back of the hand. n83 An infrared light
combined with a special camera capture an image of the blood vessels, in the form of tree
patterns, which is converted into data and stored in a template. n84 Vein patterns have some
advantages. First, vein patterns are large robust internal patterns. Second, the procedure does not
implicate the criminal connotations associated with the taking of fingerprints. Third, the patterns
are not easily damaged by weekend gardening or bricklaying. n85
8
The procedure has not yet won full mainstream acceptance. According to Dr. L. John A. DiDio,
a leading anatomist and professor emeritus of the Medical College of Ohio, "there has not yet
been a definitive study proving the reliability for precise identification of the dorsal patterns of
the human hand." n86 However, the idea of vein measurement as a unique identifier is not new;
several papers were published on the subject in the early part of the twentieth century, n87 but
interest waned as fingerprints become universally accepted for identification purposes. n88 For
many practical applications, vein measurement holds promise.
Finally, while body odors as a biometric are unproven, we know that certain breeds of dogs excel
at using their sense of smell to track humans. At least one company is working on a device to
identify people [*109] based on body odors. n89 The scientific basis of the work is that the
chemical composition of odors can be identified using special sensors. n90 The University of
Leeds has pioneered similar research that has application to drug and bomb detection
technologies. n91
III. What are the Applications of Biometrics?
While initially encouraged by the U.S. government for its national security uses, biometric
scanning can be considered for any situation calling for a quick, correct answer to the question:
"Who are you?" n92 Applications are vast and expanding; as one industry expert noted: "The
influence of biometric technology has spread to all continents on the globe." n93 In concrete
terms, this influence translates into about $ 1 billion worth of computer systems that include
biometrics-based identification devices expected to be installed worldwide during 1997. n94 The
biometric market, conservatively valued at over $ 16 million in 1996, is projected to grow to $
50-$ 100 million by 1999. n95 Accordingly, biometric scanning is likely to have a substantial
impact on the way we interact and conduct our affairs in the foreseeable future. The following
discussion will consider the various ways in which biometric scanning could touch our lives.
A. "High Government" Use
"High Government" use refers to the use of biometric technology by the military and national
security community, law enforcement agencies and prison management. One interesting example
is the use of eye scanning behind bars--in American prisons. n96 In March 1990, the Cook County
(Illinois) Sheriff's Department began using retinal scanning in the form of Eye-Dent, a device
that scans the retina. n97 Every prisoner is re- [*110] tinally scanned. n98 The captured
information is then used to identify and keep track of inmates in Sheriff Michael Sheahan's
charge. n99 Upwards of 300 prisoners are scanned daily, and the Sheriff's database includes more
than 300,000 retinal patterns. n100 Retinal scanning makes it much tougher for a suspect to
masquerade under a false identity. n101 It also saves time and money: man-hours spent identifying
a suspect are reduced to about one minute per search, which could mean substantial savings if
multiplied over the current U.S. prison population of over one million inmates. n102
B. "Lesser Government" Use
"Lesser Government" use includes the use of biometrics in applications that have the potential to
touch everyone's life. Consider, for example, biometric scanning to register voters, n103 reduce
9
fraud in entitlement programs, n104 increase the efficiency and effectiveness of immigration n105
and border control checks, n106 as well as "everyday" licensing require- [*111] ments for driving
a vehicle, n107 employment, n108 owning a weapon, purchasing controlled substances, n109 and
accessing buildings and computer systems. n110 In addition, biometrics could easily be
incorporated into national identity card programs. n111
The United States Immigration and Naturalization Service (INS), confronted with a two-fold
increase in passenger volume in international air travel over the past decade, along with the
urgent need to keep terrorists, criminals and illegal aliens out of the U.S., has been
experimenting with an automated inspection system using biometric technologies at select Ports
of Entry since 1993. n112 The INS goal is to remove the law-abiding, frequent traveler from the
inspection lines and allow that low-risk person to be inspected and cleared by verifying his
identity with a biometrics-based system. n113 This method allows INS to focus its efforts on
potential terrorists and criminals, thus ensuring that INS resources are better utilized. [*112]
INS currently has four biometric projects under way at Ports of Entry: INSPASS (Airport);
INSPASS (Land); PORTPASS (Dedicated Commuter Lane); and PORTPASS (Automated
Permit Port). n114 The INSPASS programs feature hand geometry biometrics, although INS,
according to unofficial word, is thinking about concentrating on finger imaging for future use.
n115
INSPASS sites are currently operative at airports in Newark, New York City's JFK, Toronto
and Vancouver; systems are set to go on line at Miami, Chicago, Los Angeles and San Francisco
in the near future. n116 Almost 80,000 travelers have enrolled in the program. n117 PORTPASS
uses voice verification technologies, since it is designed for use by passengers in motor vehicles
passing through border crossings. n118 INS is also expanding IDENT, its finger imaging-based
border control scheme presently deployed at seventy sites in the southwestern United States. n119
"INS['s] $ 17 million Automated Fingerprint Identification System (IDENT) led to the
apprehension, identification and return of 996,000 illegal immigrants who entered the United
States repeatedly, plus immediate identification of more than 14,700 criminal immigrants during
fiscal 1996 alone." n120
Immigration authorities throughout the world, including those in Australia, Canada, Germany,
Hong Kong, the Netherlands, Singapore and the United Kingdom are also developing automated
systems, and experimenting with different biometrics such as fingerprints, hand geometry and
face recognition. n121 Joint efforts are being made to develop an international standard for
automated inspections to ensure compatibility. n122 [*113] Without an accepted international
standard, the "user-friendly" attraction of the system lessens. In this situation, an international
traveler would need to carry multiple identifier cards, one for each country she hoped to enter,
containing her digitized biometric code for the biometric system used by that country stored onto
the card's magnetic strip.
C. "Private Sector and Commercial" Use
"Private Sector and Commercial" use includes verification systems for automated teller machines
(ATMs), smart card and credit card transactions and electronic commerce; n123 private security
systems for facility and room access; n124 personnel management systems such as time and
attendance records; n125 computer access controls, background checks and encryption. n126
10
In 1995, Oki Electric Industry Limited (Oki), a leading vendor of ATMs, teamed up with two
New Jersey companies, IriScan and Sensar, a subsidiary of the David Sarnoff Research Center,
to integrate iris recognition technology into its ATMs in Japan. n127 England's Nationwide Bank
is also testing iris recognition. n128 According to Donald R. Richards, IriScan's former Director of
Program Development, the ATM card holder will first be "enrolled" at her local bank. n129
Instead of thinking up a password, the customer will look into a scanner which will video her iris
pattern, instantly convert it to a 256 byte digitized code and store this code onto the magnetic
strip of her ATM card. n130 The next time the customer needs fast cash, she simply inserts her
card into an ATM, where a video camera installed in the ATM re-reads her iris pattern and
matches it with the code on her card to grant her access to her account. n131 All of this will
happen faster than she can ask her friends, "Should we have [*114] sushi or yakitori for lunch
today?" n132
In October 1996, Oki unveiled IrisIdent, its iris recognition-based ATM system, in Tokyo where
the system is being tested by a number of Japanese banks. n133 In the United States, fingerprints
(or, to use the term of art, finger images) are also being used to control ATM access. n134 In
Indiana, for example, the Purdue Employees Federal Credit Union has been enrolling finger
images of customers since February 1997 to give them access to kiosks, or "virtual branches,"
that it plans to install at several Purdue University campus sites. n135
If biometric scanning, such as IrisIdent, proves technically successful and meets with consumer
acceptance, then the world's financial community, concerned about growing problems of fraud,
estimated to cost over $ 450 million in 1995, will take notice. n136 In Japan, for example, the cost
of ATM fraud and unauthorized account access was estimated at 1.2 billion yen in 1995 alone.
n137
The potential biometric scanning ATM market in the U.S. alone is enormous, with almost ten
billion ATM transactions conducted in 1995. n138 Worldwide, credit card fraud is estimated at $ 2
billion per year, much of which the credit card industry believes will be eliminated by the use of
biometrics. n139 [*115]
IV. What are the Legal and Policy Implications of Biometric Scanning?
A. Legal
1. Medical Information Concerns
Biometric scanning, whether based on the iris, retina or finger image or other biometrics, may
prompt a variety of legal and policy concerns. Specifically, privacy concerns may be implicated
because in addition to the identification data captured, information about a person's health and
medical history may also be incidentally obtained. For example, through an examination of the
retina or iris, an expert can determine that a patient may be suffering from common afflictions
like diabetes, arteriosclerosis and hypertension. n140 Furthermore, unique diseases of the iris and
the retina can also be detected by a medical professional. n141 As Dr. F.P. Nasrallah, an Assistant
Professor of Ophthalmology at George Washington University explains, "examination of both
the iris and the retina provides important diagnostic clues about a person's health, the retina more
so." n142 Nasrallah adds: "If I see certain lesions on the retina, I can become suspicious that the
11
patient has AIDS, diabetes or high blood pressure for example." n143 Intravenous drug abuse can
also be suspected from a retina exam. n144
While both the iris and retina contain medical information, it is by no means certain that
biometric scanning of the iris or retina automatically implicates constitutional privacy concerns
related to the disclosure of medical information. A key area of necessary inquiry is whether the
computerized byte code taken of the iris or retina contains this medical information. If the byte
code does, in fact, contain such information, it seems that such medical information could be
extracted from the byte code in at least two ways. First, the actual byte code, in and of itself,
could reveal information beyond identification information. Second, the byte code could, by
technical means, be reversed engineered to reveal the iris or retina pattern which could then be
examined for medical information. [*116]
Recent scientific research suggests that finger imaging might also disclose sensitive medical
information about a person. n145 For example, Dr. Marvin M. Schuster, director of the division of
digestive diseases at Johns Hopkins Bayview Medical Center, has discovered a "mysterious
relationship" between an uncommon fingerprint pattern, known as a digital arch, and a medical
disorder called chronic, intestinal pseudo-obstruction (CIP) which affects 50,000 people
nationwide. n146
Additionally, Dr. Harold Chen, in his work on dermatoglyphics, or the study of the patterns of
the ridges of the skin on parts of the hands and feet, notes that "certain chromosomal disorders
are known to be associated with characteristic dermatoglyphic abnormalities." n147 He
specifically cites Down syndrome, Turner syndrome and Klinefelter syndrome as chromosomal
disorders which cause unusual fingerprint patterns in a person. n148 Certain non-chromosomal
disorders, such as CIP (described above), leukemia, breast cancer and Rubella syndrome, have
also been implicated by certain unusual fingerprint patterns. n149
Although their findings remain controversial within the scientific and gay communities, several
researchers report a link between fingerprints and homosexuality. n150 Psychologists at the
University of Western Ontario report that homosexual males are more likely than their
heterosexual counterparts to show asymmetry in their fingerprints. n151 While this research is far
from conclusive, n152 the availability of such information with its possible links to medical
information and lifestyle preferences raises concern about the need to protect the privacy of the
information. [*117]
Interestingly, in its report on the use of biometrics to deter fraud in the nationwide EBT program,
the GAO raised no objections about the possible capture of medical data from biometric
scanning, although the U.S. Department of the Treasury expressed unspecified concern over how
finger imaging "would impact on the dignity of the recipients" and called for more "testing and
study." n153 From the perspective of the federal judiciary, however, this type of personal data
implicates constitutional privacy concerns in that the federal courts have long recognized that
"medical information . . . falls within one of the zones of privacy entitled to protection." n154
2. Privacy
12
a. Definitions, Background & History
The word "privacy" (like the word "biometrics") is nowhere to be found in the text of the
Constitution. Perhaps the absence of a textual reference to privacy makes the legal community
all the more fond of defining what privacy is and explaining what it should be. Privacy is
different things to different people. n155 Ruth Gavison offers perhaps the extreme privacy model:
"Privacy is a limitation of others' access to an individual . . . in perfect privacy no one has any
information about X, no one pays any attention to X, and no one has physical access to X." n156
Privacy includes a control aspect--"control we have over information about ourselves," n157
"control over who can sense us," n158 "control over the intimacies of personal identity," n159 or as
a federal appeals court has phrased it, "control over knowledge about oneself. But it is not simply
control over the quantity of information abroad; there are modulations in the quality [*118] of
knowledge as well." n160 Based on her survey of the extensive privacy literature, Professor Lillian
R. Bevier concluded, "privacy is a chameleon-like word, used denotatively to designate a range
of wildly disparate interests--from confidentiality of personal information to reproductive
autonomy--and connatively to generate goodwill on behalf of whatever interest is being asserted
in its name." n161
Before examining specific privacy concerns related to biometrics, a brief historical overview of
privacy in America is necessary because the American concept of privacy has changed over the
centuries as America has changed--reflecting the idiom that "law mirrors the society that creates
it." n162 Prior to the birth of the nation, the American colonists essentially recognized a right of
physical privacy centered in the home-where a person could be free from contact with others. n163
For example, as part of his famous defense against British-imposed general search warrants n164
in 1761, James Otis, a leading Boston attorney, said: "Now one of the most essential branches of
English liberty, is the freedom of one's house. A man's house is his castle; and while he is quiet,
he is as well guarded as a prince in his castle." n165 Otis' remarks explicitly acknowledge that this
right to physical privacy was not unfettered; the colonist enjoyed his privacy right provided he
was "quiet." n166
With the founding of the Republic, the Constitution, without making explicit reference to
privacy, protected privacy interests. n167 The Bill of Rights contains these protections in the First
Amendment rights of freedom of speech, press and association; n168 the Third Amendment
prohibi- [*119] tion against the quartering of soldiers in one's home; n169 the Fourth
Amendment right to be free from unreasonable searches and seizures; n170 the Fifth Amendment
right against self-incrimination; n171 the Ninth Amendment's provision that "the enumeration in
the Constitution, of certain rights, shall not be construed to deny or disparage others retained by
the people;" n172 and the Tenth Amendment's provision that "the powers not delegated to the
United States by the Constitution, nor prohibited by it to the States, are reserved to the States
respectively, or to the people." n173
Beyond these constitutional provisions, the state legislatures and the courts took additional
measures to protect citizens' privacy interests from the intrusive forces of new technologies. An
example from mid nineteenth century America demonstrates this point. When Samuel F.B.
Morse tapped out "What hath God wrought!" in 1844, he not only brought about a profound
technological change but a legal change as well. n174 The telegraph's extensive use as a means of
13
communication soon led to privacy concerns as the unscrupulous perfected wiretapping to
intercept telegraphic messages. n175 Reacting to this intrusion, several states, as early as the
1850s, passed statutes prohibiting unauthorized interception of telegraph communications and
the cutting of telegraph lines. n176 However, original drafts of telegrams filed with clerks for
dispatch, as well as the telegraph company's copies of the received messages, had to be produced
for court trials and legislative investigations. n177 The courts balanced privacy interests by
requiring that such requests had to be reasonable in scope and a specific description of the
telegram sought for [*120] production had to be provided. n178 Later, special ciphers were
developed to ensure privacy. n179
By the second half of the nineteenth century, academia and the judiciary focused more attention
on privacy rights, moving beyond privacy of place to privacy of person. In 1879, Judge Thomas
M. Cooley, in his treatise on torts, included "the right to be let alone" n180 as a class of tort rights,
contending that "the right to one's person may be said to be a right of complete immunity." n181
Two years later, the Michigan Supreme Court granted relief to a mother because the male
defendant had observed her giving birth in her home without her consent. n182 In doing so, the
court stated: "The plaintiff had a legal right to privacy of her apartment at such a time, and the
law secures to her this right by requiring others to observe it." n183
Echoing and popularizing Cooley's phrase, Warren and Brandeis, in their classic article, The
Right to Privacy, n184 written over one hundred years ago, articulated their view of privacy as a
"right to be let alone" n185 which would enable society to "achieve control of press invasions of
privacy." n186 They enjoyed success in that this invasion of privacy tort received recognition at
common law by the Georgia Supreme Court fifteen years later. n187 Brandeis, as a U.S. Supreme
Court Justice, would later use [*121] the phrase in his famous dissent in Olmstead v. United
States, n188 declaring that the Founding Fathers "conferred, as against the Government, the right
to be let alone--the most comprehensive of rights and the right most valued by civilized men."
n189
While privacy as the "right to be let alone" has a positive appeal and commendable
simplicity for many Americans, the phrase has been criticized in that "legally, it offers no
guidance at all. Coveting an indefinable right is one thing; enforcing it in a court of law is
another." n190
What then is the constitutional right to privacy and how does it affect biometrics used in
government programs? The roots of most modern privacy interests are found in the Due Process
Clause of the Fourteenth Amendment. It provides that no State shall "deprive any person of life,
liberty, or property, without due process of law." n191 For over one hundred years, these words
have been interpreted in tandem by the Supreme Court to contain a substantive protection which
"bars certain government actions regardless of the fairness of the procedures used to implement
them." n192 The Court has emphasized that "there is a realm of personal liberty which the
government may not enter." n193 This realm consists of rights which are "fundamental" or
"implicit in the concept of ordered liberty" n194 or as a later Court would phrase it, "deeply rooted
in this Nation's history and tradition." n195 [*122]
In what specific areas is the government forbidden entry? In the hundred years since The Right
to Privacy was written, the Supreme Court, in its consideration of privacy interests, has
implicitly categorized privacy as taking three distinct forms. n196 These include:
14
(i) Physical privacy or freedom from contact with other people or monitoring agents. Physical
privacy enjoys its greatest constitutional protection under the Fourth Amendment freedom from
unreasonable governmental search and seizure. n197
(ii) Decisional privacy or the freedom of the individual to make private choices about the
personal and intimate matters that affect her without undue government interference. n198 The
Court has found that the individual is constitutionally protected in "personal decisions relating to
marriage, procreation, contraception, family relationships, child rearing and education." n199 In
determining the commonality of these personal decisions and why they deserve constitutional
protection, the Court, through Justice O'Connor's opinion in Casey, explained that:
These matters, involving the most intimate and personal choices a person may make in a
lifetime, choices central to personal dignity and autonomy, are central to the liberty protected by
the Fourteenth Amendment. At the heart of liberty is the right to define one's own concept of
existence, of meaning, of the universe, and of the mystery of human life. Beliefs about these
matters could not define the attributes of personhood were they formed under compulsion of the
State. n200
(iii) Informational privacy or freedom of the individual to limit access to certain personal
information about oneself, n201 or in the words of scholar Alan Westin, "the claim of individuals .
. . to determine for themselves when, how, and to what extent information about them is
communicated to others." n202 [*123]
By requiring citizens to submit to biometrics for official purposes, individuals would be
compelled to give physical identification information to the government for storage, use and
dissemination in government databases. Such government-mandated use of biometrics therefore
directly implicates physical and informational privacy concerns. To a lesser extent, decisional
privacy concerns are also implicated. n203 In the following section, these physical privacy and
informational privacy categories are examined in detail.
b. Physical Privacy or Fourth Amendment
At the outset, it should be noted that because most biometric scanning will result from private
sector activities where the user voluntarily gives up information, constitutional privacy concerns
will not usually be implicated. n204 As one constitutional law scholar has noted, "the Constitution,
with the sole exception of the Thirteenth Amendment prohibiting slavery, regulates action by the
government rather than the conduct of private individuals and groups." n205 Thus, federal courts
will likely turn a blind eye; with respect to the conduct of private individuals, the Supreme Court
has been reluctant to find a privacy right in personal information given voluntarily by an
individual to private parties. n206 [*124]
What happens when the government requires a citizen to be biometrically scanned? Is scanning
then a "search" subject to Fourth Amendment protections? The Fourth Amendment to the United
States Constitution, which governs searches and seizures conducted by government agents,
provides that "the right of the people to be secure in their persons, houses, papers, and effects,
against unreasonable searches and seizures, shall not be violated." n207 To evaluate whether
15
governmentmandated biometric scanning constitutes a search defined as an invasion of a
person's reasonable expectations of privacy, n208 the judiciary will focus on two factors. First, the
nature of the intrusion is examined. n209 Actual physical intrusions into the body, such as blooddrawing, n210 breathalyzer testing and urine analysis, n211 can constitute Fourth Amendment
searches. Second, the scope of the intrusiveness is examined with attention paid to the "host of
private medical facts" revealed during the search. n212
If biometric scanning is found to constitute a search, "the ultimate measure of the
constitutionality of a governmental search is "reasonableness."' n213 To make this determination,
a court must balance the "intrusion on the individual's Fourth Amendment interests against its
promotion of legitimate governmental interests." n214 In the criminal context, a search is
"reasonable" only if the police have probable cause or reasonable suspicion of criminal activity.
n215
However, the vast majority of government-mandated biometric scanning searches will not be
performed under the scope of criminal law. Most biometric scanning searches will be routine and
noncriminal in nature, involving countless citizens such as driver's license applicants, public
entitlement recipients, and many categories of workers, including child care providers, federal
and state government employees, military personnel, school bus drivers, employees of national
securities exchanges, taxi drivers, employees of bars, certain athletes and even attorneys, all of
[*125] whom might have to be biometrically scanned as part of comprehensive government
regulation. "Searches conducted without grounds for suspicion of particular individuals have
been upheld [by the courts] in "certain limited circumstances.' " n216 In this context, a much more
difficult question arises--what legal criteria should apply to routine, non-criminal governmental
"searches"?
In such situations, the judiciary will likely apply its administrative search doctrine. n217 In
balancing government interests against the intrusion on an individual's privacy interest, this
doctrine seeks to ensure that the government agents conducting the searches avoid arbitrary
treatment of the citizens being searched. n218 Moreover, the government does not have to use the
least intrusive search procedures. n219 In the biometric scanning context, the Court will consider
factors similar to those in Vernonia School District 47J v. Acton n220 --"the nature of the privacy
interest," n221 "the character of the intrusion that is complained of," n222 "the information [the
intrusion] discloses" n223 and "the nature and immediacy of the governmental concern." n224
Recognizing a high-level privacy interest in the medical data collected, courts will likely focus
on how the government agency handles dissemination of the data it has collected and what kinds
of safeguards are in place to prevent inadvertent disclosure, given the strong interest in keeping
personal medical information strictly confidential. The courts will also need to consider whether
the gathering of this identification information is a mere pretext to help law enforcement gain
evidence of criminal violations. n225 Government officials are not permitted to use an
administrative search to investigate criminal activity. n226 If the purpose of the search is to
uncover evidence of criminal conduct, government offi- [*126] cials must obtain a valid search
warrant. n227
16
What would happen, for example, if a state public assistance agency required all welfare
recipients to biometrically scan-in and then routinely compared this identification information
with law enforcement databases for outstanding arrest warrants? The question posed is not a pure
hypothetical. For example, in 1995, the Pennsylvania General Assembly passed welfare reform
legislation authorizing the Pennsylvania Department of Public Welfare (DPW) to establish a
biometrics-based pilot program known as the Assistance Recipient Identification Program
(ARIP). n228 Among its legislatively-mandated goals, ARIP will serve "to eliminate duplication
of assistance to welfare recipients, to deter fraud and to assist law enforcement officials in their
duties." n229 The legislation authorizes DPW to use finger imaging, digitized photography and
signature imaging of welfare recipients for storage, use and dissemination in an integrated DPW
database, known as the Pennsylvania Automated Recipient Identification System (PARIS). n230
Access to the ARIP system is provided, by statute, to the DPW, the Pennsylvania State Police,
and the Pennsylvania Board of Probate and Parole, as well as to local and county law
enforcement authorities in Pennsylvania. n231 This legislativelymandated access is explained in
part by the requirement that the DPW must verify that welfare recipients are not wanted by the
police on out- [*127] standing arrest warrants. n232 Moreover, the DPW is mandated to enter
into agreements with neighboring states to implement compatible database identification systems
to include computer matching. n233
In terms of the general cross-sharing procedure for state welfare agencies, many states already
have fraud-related data exchange agreements in place with their neighbors. n234 Cross-state
matches of demographic data are conducted on a periodic and ongoing basis. n235 These existing
agreements cover the exchange of demographic or "other" data. n236 As a result, no new or
modified regulations or agreements are required for the exchange of biometric identification
data. n237 Some state welfare agencies, like Connecticut's for example, do not routinely share
state welfare agency data with law enforcement agencies. Connecticut and New Jersey are
among the very first states to exchange biometric identification information to cross match for
purposes of welfare eligibility. n238 Their initial biometrics-based cross match yielded twenty-five
candidates. n239
With regard to cross-sharing of biometric identifiers and what use is made of this identification
information, the Court's warning in Skinner v. Railway Labor Executives Association n240 might
be worth heeding: "We leave for another day the question whether routine use in criminal
prosecutions of evidence obtained pursuant to the administrative scheme would give rise to an
inference of pretext, or otherwise impugn the administrative nature of the . . . program." n241
[*128]
c. Informational Privacy
The Supreme Court's decision in Whalen v. Roe n242 "began the process of identifying the
elements of an American constitutional right of informational privacy." n243 From a close study
of this case, we can thus predict the federal judiciary's likely approach to constitutional privacy
issues raised by biometric scanning used to create comprehensive, governmentsponsored
databases. n244 Decided twenty years ago, Whalen involved the constitutional question of whether
the State of New York could record, in a centralized computer database, "the names and
addresses of all persons who have obtained, pursuant to a doctor's prescription, certain drugs."
17
n245
While technology has changed greatly since 1977, the legal reasoning in Whalen is perhaps
timeless, particularly for biometrics. Accordingly, the facts of the case (to include the
constitutional concerns implicated), the procedural history, the holding, and the judicial
reasoning deserve detailed examination.
Facts: In 1970, the New York state legislature, disturbed about the growing drug problem,
established a commission to evaluate the state's drug control laws. n246 To correct perceived
deficiencies in these state laws, the commission, after study, drafted legislation, as part of the
New York Public Health Law, which required that "all prescriptions for Schedule II drugs" had
to be prepared by the physician on an official state-provided form. n247 The completed form
identified: [*129]
. the prescribing physician;
. the dispensing pharmacy;
. the prescribed drug and prescribed dosage; and,
. the name, address and age of the patient. n248
The statute required that a copy of the completed form be forwarded to the New York State
Department of Health in Albany. n249 Albany received about 100,000 Schedule II prescription
forms each month. n250 There the government agency "recorded [the information] on magnetic
tapes for processing by a computer." n251 Based on his study of other states' reporting systems,
the commission's chairman found that this comprehensive database would serve two purposes: it
would be a "useful adjunct to the proper identification of culpable professional and unscrupulous
drug abusers" and it would enable the authorities to have a "reliable statistical indication of the
pattern of [the state's] drug flow" to help stop the diversion of lawfully manufactured drugs into
the illegal market. n252
Various parties consisting of patients, doctors and physicians' associations challenged this statute
in the federal courts. The evidence offered before the district court, where the case was first
heard, included testimony from:
. two parents who "were concerned that their children would be stigmatized [as drug addicts] by
the State's central filing system;" n253
. three adult patients who "feared disclosure of their names" to unauthorized third parties; n254
and,
. four physicians who believed that the New York statute "entrenches on patients' privacy, and
that each had observed a reaction of shock, fear and concern on the part of their patients." n255
18
Appellees thus advanced two related privacy categories for the Court's consideration: "the
nondisclosure of private information" n256 or informa- [*130] tional privacy, and an individual's
"interest in making important decisions independently" n257 or decisional privacy. n258
Procedural History: The district court judge dismissed the lawsuit for want of substantial federal
question, n259 and the plaintiffs appealed. The Court of Appeals reversed the district court,
holding that the question of whether constitutional privacy rights were implicated was a
substantial one which justified convening a three judge panel. n260 On remand, a three-judge
district court held that the New York statute, insofar as it requires reporting of drug prescription
information to a state agency, was a constitutional violation of the right of privacy guaranteed by
the Bill of Rights. n261 Moreover, the district court found that "the regulatory scheme . . . has a
needlessly broad sweep." n262 The State of New York successfully appealed to the United States
Supreme Court. n263
Holding: In his opinion for the Court, Justice John Paul Stevens, joined by the Chief Justice and
five other justices, found that "neither the immediate nor the threatened impact of the [statute's]
patientidentification requirements . . . on either the reputation or the independence of patients . . .
is sufficient to constitute an invasion of any right or liberty protected by the Fourteenth
Amendment." n264 With these words, the Supreme Court rejected the privacy claim. In sum, the
nation's highest court ruled that a government's centralized, computerized database containing
massive amounts of sensitive medical information passed constitutional muster.
Judicial Reasoning: What factors influenced the Court's reasoning? First, the court seemed
impressed by the fact that the New York State Legislature had created a specially-appointed
commission which held numerous hearings on and conducted a thorough study of the state's drug
problem. n265 The commission consulted extensively with authorities in [*131] other states
"where central reporting systems were being used effectively." n266 A commission empowered by
the legislature had done its homework in an attempt to help solve the menacing problem of
drugs. The Court concluded that the statute was "manifestly the product of an orderly and
rational legislative decision." n267
In its analysis of the informational privacy concerns raised, the Court paid close attention to what
specific steps the state agency had taken to prevent any unauthorized disclosures of information
from the centralized database. In particular, the Court noted that:
. The forms and the records were kept in a physically secure facility;
. The computer system was secured by restricting the number of computer terminals that could
access the database;
. Employee access to the database was strictly limited; and,
. There were criminal sanctions for unauthorized disclosure. n268
19
Citing a famous (and often-quoted) statement of Justice Brandeis, n269 the Court reinforced a
basic principle of federalism by confirming that the states "have broad latitude in experimenting
with possible solutions to problems of vital local concern." n270 Arguably, the New York statute
had not had much of an impact on the drug problem; twenty months after its enactment,
examination of the database led to only two investigations involving illegal use of drugs. n271 As
a kind of political process check, the Court explained that the state legislature, which gave this
patient identification requirement its legal life, can also sound its death knell if it turns out to be
an "unwise experiment." n272
Taking a somewhat practical approach to the way personal information is used in the
contemporary age, the Court accepted the view that [*132] disclosure of such medical
information to various government agencies and private sector organizations, like insurance
companies, is "often an essential part of modern medical practice even when the disclosure may
reflect unfavorably on the character of the patient. Requiring such disclosures to representatives
of the State having responsibility for the health of the community does not automatically amount
to an impermissible invasion of privacy." n273
In addressing decisional privacy issues, the Court acknowledged genuine concern that the very
existence of the database will disturb some people so greatly that they will refuse to go to the
doctor to get necessary medication. n274 However, given the large number of prescriptions
processed at Albany, the Court concluded that the "statute did not deprive the public of access to
the legal drugs." n275
The Court's opinion concluded with a cautionary note that still echoes loudly twenty years later:
We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of
personal information in computerized data banks or other massive government files. . . . The
right to collect and use such data for public purposes is typically accompanied by a concomitant
statutory or regulatory duty to avoid unwarranted disclosures. n276
The New York statute and its related implementation showed "a proper concern with, and
protection of, the individual's interest in privacy." n277 Limiting the effect of its decision, the
Court, however, reserved for another day consideration of legal questions which could arise from
unauthorized disclosures of information from a government database "by a system that did not
contain comparable security provisions." n278
In his concurring opinion, Justice Brennan, more so than his colleagues, expressed his concern
over the potential erosion of informational privacy in the face of emerging technologies. n279
"The central storage and easy accessibility of computerized data vastly increase the potential for
abuse of that information, and I am not prepared to say that future developments will not
demonstrate the necessity of some curb on such tech- [*133] nology." n280 While this specific
"carefully designed program" n281 did not "amount to a deprivation of constitutionally protected
privacy interests," n282 Justice Brennan suggested that there is a core right to informational
privacy and stressed that future programs might be subjected to a compelling state interest test or
strict scrutiny by the court of the government action. n283
20
Justice Stewart, in his concurrence, took issue with what he implicitly viewed as Justice
Brennan's expansive privacy approach as well as with his brethren's view of constitutional
privacy interests. According to Stewart, there is no general right of privacy in the Constitution.
n284
Moreover, privacy concerns are matters left largely to the individual states. n285 Stewart
further disavowed the notion that there is a constitutional informational privacy right and
distinguished the cases Brennan cited in support of such a proposition: "Whatever the ratio
decidendi of Griswold, it does not recognize a general interest in freedom from disclosure of
private information." n286
With the exception of Justice Stewart, all of the justices adopted a prospective approach. By
intensely focusing on the facts of Whalen, the Court left itself with ample judicial wiggle room
to find that cutting edge computer systems combined with invasive new technologies might lack
the necessary constitutional safeguards. A future Court might find an informational privacy right
violated. In other words, the Court's cautionary note of Whalen could turn into a clear-sounding
constitutional alarm bell in the future. n287 [*134]
Perhaps Whalen is most disappointing in that it fails to deal with the central reality that as certain
new technologies grow and progress, individual privacy interests can shrink and suffer. Justice
Stevens describes this reality when he acknowledges how, in the modern age, medical
information is disclosed to many entities, n288 but fails to raise the potential legal concern: As
citizens literally become accustomed to giving more and more of themselves forever and ever to
government and private sector databanks to fulfill their public sector duties and to participate in
private sector transactions, their individual expectations of privacy will become reduced. n289
Focusing on the government sector, one scholar explains:
The fact that the government collects such great quantities of data gives rise to concern . . . that
the data will be inappropriately disseminated, within government or to outsiders, or that it will be
otherwise misused or abused. Recent advances in computer technology, which permit data to be
manipulated, organized, compiled, transferred, distributed, and retrieved with hitherto
unimaginable ease, exacerbate such concern. n290
At the risk of spewing "vague Orwellian angst," n291 Professor Clark presents perhaps the
ultimate 1984 scenario:
Any high-integrity identifier [such as biometric scanning] represents a threat to civil liberties,
because it represents the basis for a ubiquitous identification scheme, and such a scheme
provides enormous power over the populace. All human behavior would become transparent to
the state, and the scope for non-conformism and dissent would be muted to the point envisaged
by the anti-Utopian novelists. n292
d. Similar Data Collection Cases Decided By the Courts
In deciding whether biometric scanning implicates constitutional privacy concerns, it is
instructive to examine how the courts have decided other cases involving similar governmentmandated identification requirements. In striking the balance between the individual and the
community, expressed as "the demands of organized society," n293 the federal judiciary [*135]
21
has decided a long line of cases related to government-required noncriminal fingerprinting of
individuals. n294 Fingerprinting is often used as part of a statutory requirement for certain
occupations; numerous challenges have been made on right to privacy grounds to such
requirements, however, courts have consistently refused to uphold the challenge. n295 For
example, a federal appeals court has upheld the constitutionality of a New York state statute
mandating fingerprinting of all employees of member firms of national securities exchanges. n296
The court specifically rejected right to privacy contentions, noting that fingerprinting "is only a
means of verifying the required information as to the existence or nonexistence of a prior
criminal record . . . . The actual inconvenience is minor; the claimed indignity, nonexistent;
detention, there is none; nor unlawful search; nor unlawful seizure." n297 Moreover, the court
rejected the plaintiff's contention that a less intrusive means of identification should be provided
as an alternate to the required fingerprinting on the grounds that there was no real invasion of
privacy. n298 Federal courts, for example, have upheld the constitutionality of municipal
ordinances requiring fingerprinting for certain employees of establishments serving liquor by the
drink, n299 for all license applicants for massage parlors, n300 and for taxi drivers. n301
State courts have similarly upheld fingerprinting requirements in numerous contexts. n302 For
example, the California Supreme Court upheld a provision of the California Vehicle Code which
mandated that a fingerprint be submitted as part of the driver's license requirements. n303 The
[*136] court held that the requirement was rationally related to highway safety in that the
fingerprint was the "only assuredly accurate source of identification which remains immutable
throughout an individual's lifetime" and could be used to identify those applicants who posed a
danger to highway safety. n304 The court did, however, restrict access to the fingerprint database
to legitimate Department of Motor Vehicle driving matters in California. n305 Citing the privacy
interests involved, the court refused to allow dissemination of the fingerprint information to all
interested parties. n306
In one of the first programs of its kind, the New York Department of Social Services (DSS) in
1994 established a demonstration program, known as the Automated Finger Imaging System
(AFIS), authorizing a finger imaging requirement to identify welfare recipients in a two county
area. n307 Similar to the Los Angeles County program, by capturing finger images of recipients,
AFIS hopes to catch those who are defrauding the system. n308 Unlike the Pennsylvania
Assistance Recipient Identification Program (ARIP), the finger images required by AFIS are to
only be used to determine welfare eligibility; they are not routinely shared with law enforcement
authorities for any purpose other than welfare fraud. n309 The AFIS program is presently being
expanded throughout the state. n310 In a detailed examination of this initiative, one observer
concluded that the AFIS program is successful, saves taxpayers dollars by reducing fraud,
violates no constitutional safeguards and should be expanded to other jurisdictions: AFIS is a
"simple, non-violative, cost-effective anti-fraud measure." n311 While agreeing that AFIS passes
constitutional muster, the program has been questioned on cost/benefit grounds. n312 As one
analysis [*137] noted: "If double dipping is a pervasive problem, then finger imaging is a
rational response; if not, New York is spending money to fight a ghost and unnecessarily
burdening the poor in the process." n313
In sum, federal and state courts have upheld government-mandated fingerprinting in numerous
noncriminal situations. In these contexts, the courts have found that required fingerprinting, as an
22
identification scheme, has been a legitimate use of the government's authority as long as it is
reasonable, not arbitrary and rationally relates to a governmental objective. Moreover, the courts
have not been willing to extend any kind of constitutionally based privacy protections to
individuals who must comply with the identification requirement.
B. Policy
1. Regulatory Gap n314
Once a new technology becomes viable, the scientists and entrepreneurs who made the
technology feasible are quickly joined (cynics would say replaced) by lawyers, politicians and
bureaucrats as the technology becomes subject to governmental regulation, agency rule-making
and public scrutiny.
Lawyers are extensively involved because, like it or not, they are the "agents for the peaceful
resolution of social disputes in American society, and government agencies are a microcosm of
that society." n315 It is no surprise that in many government agencies, lawyers are the "dominant
professional group." n316 The importance of lawyers in the regulatory decisionmaking process is
heightened by the legal principle that the federal courts have the authority to review decisions of
administrative agencies. "Judicial review means that lawyers argue in court about agency
policies, and it means further that when agencies begin their work they must plan for those court
cases and thus they must rely heavily on lawyers." n317 Thus, the administrative agency's goal is
to arrive at a politi- [*138] cally acceptable policy that can withstand judicial review; pure
technical and security factors can be easily overshadowed by public perceptions of the new
technology and any perceived legal concerns. Accordingly, this reality leads to what one
administrative law expert calls the "regulatory gap," defined as "the cause of the screeching halt
that often greets new ideas that fared well in the scientific world but not so well in the world of
lawyers." n318
The federal government has the constitutional authority to regulate technology based on the
broad construction given to the Commerce Clause n319 by the Supreme Court. n320 Regulation to
protect the public health and safety has long been permitted. n321 Moreover, Congress has the
power to spend for the general welfare, which includes the power to place conditions on the
funds provided. n322 The state governments can also regulate technology as long as the state
regulation does not conflict with federal law. n323 Under the Constitution, federal law is supreme.
n324
Within this public policy process involving new technologies, "the government has ample
constitutional power to regulate . . . . The Constitution empowers Congress to regulate
technology, and Congress has not declined that invitation." n325
When dealing with public policy issues involving new technologies, Congress can follow two
well-worn policy paths. It can take the direct route and pass legislation regulating the technology
or it can delegate its authority to the appropriate federal administrative agencies. n326 The
delegation route is the road most frequently traveled. n327 Since many administrative agencies
inhabit this regulatory beltway, approaches to regulating [*139] technology will vary from
agency to agency. n328 However, while administrative agencies may be equipped with expertise,
experience and institutional memory, the administrative agency faces enormous challenges in
23
designing, formulating and implementing government policy. n329 In addition, numerous
competing groups (many well-organized and some politically influential) will want to press their
claims in this public policy process. n330
In this regard, biometrics is not without its intense critics. n331 For example, privacy rights
advocate Robert Ellis Smith contends that " "in most cases, biometric technology is impersonal
and it's overkill.' " n332 Public policy advocates also oppose government-mandated use of the
technology. As Simon Davies, director general of Privacy International explains: "The idea of
placing the entire population's fingerprint into a registry carried with it enormous messages and
the message was that you will submit to the authority of government." n333 Davies notes that it is
no accident that biometric systems are being tried out most aggressively with welfare recipients;
they are in no position to resist. n334 Marc Rotenberg, of the Electronic Privacy Information
Center in Washington, D.C., believes that biometric methods raise "significant privacy concerns.
. . . Take someone's fingerprint and you have the ability to determine if you have a match, for
forensic purposes." n335 Fundamentalist Christian Pat Robertson, observing that "the Bible says
the time is going to come when you cannot buy or sell except when a mark is placed on your
hand or forehead," n336 expresses doubts about biometrics and notes how the technology is
proceeding according to Scripture. n337 And at least one other religious group has complained
that the hand geometry devices used by [*140] California were making "the mark of the beast"
on enrollees' hands. n338
The "biometric regulatory gap," therefore, may be defined as the possibility that the best
technically acceptable biometric application will not necessarily be embraced as an acceptable
biometric application for government use from a legal and/or policy standpoint. Most
importantly, given the various government agencies involved in evaluating biometric
technologies and their many applications, there will likely not be a single dominant technology
that emerges. Rather, biometric balkanization will take place; that is, multiple technologies will
be deployed as discussed in greater detail below.
2. Lessons of Whalen v. Roe for the Blueprint
In many situations, government officials will be the principal architects of their agency's
biometric blueprint--the comprehensive plan they will design, establish, implement and
coordinate with other interested public and private sector actors to enable biometric technologies
to be used effectively in a government program. Before drafting this biometric blueprint, these
architects need to familiarize themselves with how the federal judiciary would likely approach
such an issue. By doing so, the architects, together with general counsel and other interested
parties, can hopefully draft a biometric blueprint that preempts major legal challenges. n339
a. Drafting the Biometric Blueprint
Government officials, as the architects, should draft their biometric blueprint drawing on the
lessons of the Supreme Court's decision in Whalen. At the risk of stating the obvious, this
blueprint should be drafted as part of a coordinated team effort. n340 In addition to considering the
many technical, security and administrative issues, the architects must also identify and address
legal and public policy concerns. As one Canadian biometric architect has noted, "just as it
24
would be inconceivable to build a new system without any idea of the financial costs involved, it
should be equally inconceivable to build a new system without any idea of the privacy costs
involved, or the protections needed to minimize [*141] those costs." n341 From the outset,
general counsel should be an integral part of this critical effort.
To satisfy the judiciary's concern over unauthorized disclosures, the centralized database should
be governed by a "use limitation" principle meaning that restrictions should be placed on the use
of the biometric identification information stored in the database. n342 When a government
agency collects biometric identification information from an individual, it should do so with a
primary purpose in mind. n343 For example, when a state Department of Motor Vehicles requires
a biometric identifier from a licensed driver, it does so for the specific and proper purpose of
confirming that individual's identity to help ensure traffic safety. n344 The use of the biometric
identifier should ideally be limited to that primary purpose and should not, for example, be
disclosed to private sector interests. n345 Such a safeguard is reasonable from the policy
perspective of safeguarding privacy concerns, encouraging public confidence in the system, as
well as maintaining system integrity by preventing ne'er-do-wells from compromising a
biometric identifier for use in any kind of improper purpose. n346
At its most basic level, the database must be made physically secure. For example, any physical
documents pertaining to the database should be kept in a secured area. n347 Depending on the
amount, a safe, vault or building appropriately safeguarded is appropriate. Security personnel,
alarm systems, video surveillance and other related security devices should be deployed as
necessary. Most importantly, perhaps, biometrics should be used for access control purposes,
thereby restricting unauthorized personnel from gaining access to the sensitive information in
these databases. For example, instead of relying on easily compro- [*142] mised passwords and
PINs, a biometric identifier would be scanned in at the computer workstation to determine
database access. The use of a biometric log-on provides for greater accountability because an
audit trail, or a precise record of who accesses what personal information within the database, is
maintained. Thus, the database information can be restricted or compartmented based on the
"need to know" principle.
The computerized network and system should also be made secure. n348 This task is made more
difficult by the likelihood that such databases will become targets of hackers as well as criminal
interests. To reduce this threat, agencies could engage in robust adversarial analysis or the
technique of creatively attacking a system to learn its security and technical weaknesses. n349
Firewalls should be erected among the different databases.
Architects should explore the option of encrypting the biometric data to help further safeguard
the information from disclosure. For example, agencies should require encryption of biometric
data by promulgating the necessary regulations. Moreover, agencies could investigate the
viability of adopting newly developed biometric technologies which use the individual's physical
characteristics to construct a digital code for the individual without storing the actual physical
characteristics in a database. n350 For example, using commercially-available finger image-based
technology, a person's fingerprint is used during enrollment to create a personal identification
number (PIN) for the individual. n351 This encoded PIN can only be decoded by a match with the
appropriate finger pattern. n352 During verification, a computer search is done to ensure that the
25
same PIN has not previously been entered into the system, thereby eliminating the fraud risk. n353
At the same time only the PIN, and not the actual fingerprint, is stored in the database. n354
[*143]
Staff access should be limited to the "need to know" principle and updated personnel lists should
be kept, indicating which employees enjoy which access levels. n355 Database requests
themselves should be automatically logged to help prevent any employee from tampering with
the system, and system access should be controlled by the use of biometrics.
Training, beyond the mere fundamentals, should be an agency priority. Agency employees
should be instructed concerning their duties with respect to safeguarding the biometric
information at their command. A senior official should be designated as the compliance officer
to ensure that database information is protected. Whistleblower protection should be
incorporated into the pertinent statute as well as the agency's regulations and convenient and
anonymous reporting channels should be established to report violations. Perhaps most
importantly, just as provided for in the New York statute in Whalen, n356 criminal sanctions
should attach for unauthorized disclosures.
While beyond the limited scope of this paper, biometric architects also need to consider special
provisions for those who are unable to comply with the biometric demands placed on them. For
example, people who are physically disabled may not be able to use a biometrics-based system.
Alternatives have to be made available for them. Along similar lines, procedural due process
requirements will have to be honored. For example, in a government entitlements scenario,
termination of entitlements should not be arbitrary. Rather, depending on the situation,
appropriate pre-termination or post-termination procedures should be provided. For example, in
the welfare entitlement setting, notice, an opportunity to confront adverse witnesses, an
opportunity to present arguments and a decision made on the record should all be provided prior
to the termination of benefits. n357
Given the legal and policy concerns discussed, this biometric blueprint has been offered as a
starting point for government agencies adopting these dynamic technologies. Is there an ideal
biometric that satisfies these concerns and neatly meshes with the blueprint? Lesser Biometrics
seem favored if public acceptance and ease of implementation are [*144] weighed more heavily
than technical, security and administrative factors. Lesser Biometrics are essentially noninvasive
and nonthreatening; in short, they are the benign biometrics. For example, hand geometry, as the
name implies, captures only measurements of the hand; even the most outspoken privacy
advocates would be hard pressed to claim a right to privacy in ring size. Moreover, the system is
relatively user-friendly.
For this reason, government lawyers, in their memos, might be inclined to embrace Lesser
Biometrics. Unfortunately, the classic bureaucratic tension between lawyers and technologists
will inevitably result. That is, the Lesser Biometrics will not always meet with the ready
approval of bureaucrats in the policymaking chain, specifically the technical and security
components of government agencies. Simply put, hand measurements are not as reliable as other
biometrics in that they are not based on a truly consistent and unique physical characteristic.
Similar technical and security concerns bedevil the other Lesser Biometrics.
26
As an Esoteric Biometric, vein measurement offers promise, but the current data seem far too
incomplete. n358 Until this biometric becomes more fully developed and more widely deployed,
its use as a viable form of identification remain more theoretical than real. Accordingly, Lesser
Biometrics and Esoteric Biometrics will not be the immediate answer to resolving legal and
policy concerns. n359
With the Higher Biometrics thus implicated as the most logical choice for immediate
implementation, it is important to address whether a specific biometric technology will come to
dominate the blueprint. At present, finger imaging has an early lead in terms of industry presence
and it received an important seal of governmental approval when it was endorsed by the GAO.
n360
The popularity of finger imaging is explained primarily by its accuracy, the long acceptance
of fingerprinting by the public, extensive competition in the finger imaging market which leads
to rapidly decreasing user costs, n361 and the influence of forces within the biometric community.
n362
With regard to public acceptance of finger imag- [*145] ing, a recent survey of 1,000 adults
revealed that 75 percent of those polled would be comfortable having a finger image of
themselves made available to the government or the private sector for identification purposes.
n363
This high acceptance is arguably underscored by over half of those surveyed saying they had
been fingerprinted at some point in their lives. n364 Only twenty percent thought that
fingerprinting "stigmatizes a person as a criminal." n365 Despite this early lead and apparent
popularity, however, it is not clear that finger imaging will emerge as the biometrics of choice.
It is tempting to predict that finger imaging will dominate or that High Biometrics will come to
monopolize the market because of their inherent accuracy. n366 However, this view overlooks one
of the great strengths of the present biometric market: it offers many robust technologies which
allow maximum choice for users. A more likely outcome is that biometric balkanization, or
biometric diversity, will result: multiple biometrics will be deployed for multiple functions not
only by various government agencies, but multiple biometrics will be deployed by the same
government agency depending on the agency's mission. n367
Arguably, biometric balkanization, like its better known Eastern European namesake, can take
on a sinister spin. Individuals are forced to give up various identifying "pieces" of themselves to
countless government bureaucrats. The retina, the iris, the fingerprints, the voice, the signature,
the hand, the vein and presumably even body odor are all extracted by the State, stored and
replicated in countless databases.
Yet, biometric balkanization offers at least three key advantages for the biometric blueprint.
First, biometric balkanization offers maximum flexibility to the government agency. To the
extent it has experience and expertise, the government agency can tailor a specific biometric
program to meet its own unique mission within its resource constraints. Depending on the
situation and the degree of accuracy in identification required, [*146] the optimal biometric for
that specific use can be selected. For example, the best biometric used to verify access to a
government entitlements program might differ from the best biometric used by a state university
to ferret out undergraduate examination fraud, which in turn might differ from the best biometric
needed in a prison environment where hostile users will go to extreme lengths to foil
identification efforts. Similarly, voice verification might be ideal for determining account access
27
over the telephone, while signature dynamics might be better suited for tax authorities charged
with monitoring tax returns.
Second, biometric balkanization might actually result in a synergy of the government agencies'
interests and the individual's concerns. The government agencies basically want dependable,
workable biometrics to achieve their primary purpose--verifying an individual's identity. The
individual essentially wants the same thing, plus protection of private information. If different
technologies are used for different situations, citizens will not face the necessity of reporting to
the government's "biometric central" for enrollment. By allowing the agencies maximum choice
of biometric technologies, the individual gains greater protection for private information.
Third, biometric balkanization could also lead to the safeguarding of biometric
compartmentation, which would be achieved through the use of different biometric identifiers.
For example, an iris pattern used for ATM access would be of little use to the Connecticut
Department of Social Services, which uses finger imaging, just as the hand geometry pattern
captured by the INS would be of little value to the IRS in examining signature dynamics.
From the privacy enhancement perspective, biometric balkanization is the equivalent of being
issued multiple identification numbers, PINs or passwords, with the critical difference that
biometric-based systems provide better security and greater convenience. Compartmentation, or
the separation of personal information into small parts, is best achieved by biometric
balkanization with a detailed biometric blueprint in place.
If biometric centralization and effective biometric standardization were to result, a cunning ne'erdo-well who obtains an individual's actual finger image would potentially be able to access that
individual's personal information. With biometric centralization, the actual finger image would
be the key that could unlock many compartments.
With biometric balkanization, biometric compartmentation results because only a small part of
the individual's informational whole can be potentially accessed. For example, if a data thief
purloins an individual's [*147] hand geometry pattern, she would only at most be able to unlock
information compartments that use a hand geometry-based key.
On balance, however, the greater threat will likely not arise from the use of advanced
technology, but rather from sloppiness in database management. The potential for a breach in
database security increases as shortcuts are taken, budgets are slashed and trained personnel are
few. Hence, the need for the comprehensive database protections described earlier is essential,
particularly regarding criminal sanctions for unauthorized disclosures. n368
b. Using the Biometric Consortium
Within the executive branch of the federal government, there is an intergovernmental working
group that is uniquely well-qualified to begin drafting the initial components of the biometric
blueprint. Initiated by the National Security Agency (NSA), the Biometric Consortium (BC)
serves as the U.S. Government focal point for "research, development, test, evaluation, and
application of biometric-based" technology. n369 The BC reports through the Facilities Protection
28
Committee to the National Security Policy Board to the Assistant to the President for National
Security Affairs. n370 BC membership is currently comprised of representatives of six executive
departments and each of the armed forces. n371 Among its responsibilities, the BC addresses legal
and ethical issues surrounding biometrics as well as "advises and assists member agencies
concerning the selection and application of biometric devices." n372 In addition to its regular
meetings, the BC can also establish ad hoc bodies to address specific areas of need. n373
Recently the BC, through its executive agent, the NSA, took a positive step for assuring
improved, independent biometric research by estab- [*148] lishing the National Biometric Test
Center at San Jose State University. n374 The Center's mission statement reads in part:
The National Biometric Test Center will be a testing, learning and educational organization,
created for the development, documentation, dissemination, promotion and teaching of
scientifically/mathematically sound, "real-world" performance standards, testing protocols, and
certification procedures for biometric devices, particularly those controlling access to U.S.
government computers, computer and communications networks, and physical spaces. n375
The Center has been created under a "task order agreement," which means the Department of
Defense (DoD), under whose jurisdiction NSA falls, will essentially determine the kind of tests
to be conducted. n376 Initially, the assigned studies will likely be very project-specific tests of
particular devices in very well-defined applications. n377 The first tests will involve fingerprinting
systems. n378 While research into secondary information does not appear to be a high DoD
priority at this early stage, the Center's staff is well aware of the legal, political and social issues
raised by this technology. n379 Moreover, one of the advantages of a university environment is
that the Center hopefully can, and should, take a broader, interdisciplinary approach.
To help guarantee this broader perspective, the BC should establish a Biometric Law and Policy
Working Group, on an ad hoc basis, under its Ground Rules Committee, to study in greater detail
the legal and policy implications of biometric technologies when used by government agencies.
The Biometric Law and Policy Working Group should include legal scholars, government
experts and technologists. One of the first priority issues of this Group should be to encourage
the National Biometric Test Center and other organizations to address any medical information
concerns raised by the use of biometrics. This priority issue is a case where "proving the
negative" would help biometrics. If the Center were able to demonstrate that no medical
concerns were implicated, public acceptance of the new technology would likely increase. At a
minimum, [*149] the Group's studies should be presented in suitable public fora. n380
V. Conclusion
In determining if there is a constitutionally protected interest in forbidding the government to
require that an individual provide biometricsbased identification information as part of a
government program, this article has examined right to privacy issues in both the physical
privacy and informational privacy contexts. In this regard, the prospect that a person's medical
information might also be incidentally collected by a biometric technology has been noted as a
possible concern. Furthermore, the Supreme Court's warning in Skinner--whether the use in
criminal prosecutions of information gathered by an administrative agency would give rise to an
29
inference of pretext, or otherwise call into question the administrative nature of the program n381 -has also been highlighted. Considerable attention should be focused on the Whalen decision for
the lessons it provides for the architects of the agency's biometrics blueprint.
To withstand legal and policy challenges, the biometric architects, working closely with general
counsel, should make certain that the database they design is secure and that all reasonable
measures, including staff training, criminal sanctions and whistleblower protections, have been
taken to prevent any unauthorized disclosures. While the future course of the industry is not
clear, the phenomenon known as biometric balkanization will likely lead to greater choice for
government agencies and greater protection for the individual. To address the legal and policy
implications raised by biometric technologies, the Biometric Consortium should immediately
establish a working group to encourage the National Biometric Test Center and other
organizations to investigate medical information concerns related to biometrics.
Mindful of the regulatory gap, it is possible that the implementation of biometric applications in
government programs might be delayed and that the technically best and most secure technology
might not be the same as the most publicly and bureaucratically acceptable. While it is unclear
which biometric technologies will eventually win out in the marketplace, it is certain that as
biometrics becomes more commonly used for recognition purposes, special interest groups,
national and state policy [*150] makers, administrative agencies and the courts all will begin to
identify potential problem areas.
We are now eyeball to eyeball with a new, exciting technology that can make government
programs more effective and efficient. Particularly in a period of limited governmental resources,
biometrics makes it possible for taxpayers' dollars to be spent more productively. Now is not the
time to blink. Government agencies can use biometrics in worthwhile ways and, at the same
time, safeguard legitimate privacy concerns. Drafting a biometric blueprint should be an essential
first step in this process. Without a biometric blueprint, we will soon be pointing fingers of
blame. [*151]
Appendix I
A Selected Listing of Biometric Applications Presently Being Used by U.S. & State Government
Agencies Central Intelligence Agency
The CIA developed a face recognition system currently used by several federal agencies. Much
of the CIA's biometric work is classified; numerous other technologies are being evaluated.
Federal Aviation Administration
Evaluating various biometric technologies, including finger imaging for airport security
applications.
Federal Bureau of Prisons
30
Various biometric technologies, including hand geometry and finger imaging, are securing
access and verifying identity of prisoners, staff and visitors across the U.S.
U.S. Department of Commerce
Hand geometry to secure access to the DoC's Office of Computer Services.
U.S. Department of Defense--Various Components
Voice verification, hand geometry and finger imaging for access control. Much of DoD's
biometric work is classified; numerous technologies are being evaluated.
U.S. Department of Energy
Hand geometry used for access control to sensitive portions of weapons laboratories. Much of
DoE's biometric work is classified; numerous technologies are being evaluated.
U.S. Department of Justice, Drug Enforcement Administration
Hand geometry for access control.
U.S. Department of Justice, Federal Bureau of Investigation
Finger imaging for IAFIS (Integrated Automated Fingerprint Identification System). IAFIS
would replace the present paper and ink based system with electronic finger images. NCIC 2000
(National Crime Information Center) will use various biometric technologies. Finger imaging is
also used for access control.
U.S. Department of Justice, National Institute of Justice
Evaluating finger imaging and voice verification for smart gun technology. A smart gun
incorporates, for example, biometric technology into the operating system of a firearm to restrict
the firing of the weapon to authorized users.
U.S. Department of Justice, U.S. Immigration and Naturalization Service
Border Patrol evaluating facial imaging, voice verification, hand geometry and finger imaging
technologies. The INSPASS system uses hand geometry for automation of frequent flyers at a
number of U.S. airports. The IDENT system uses finger imaging to secure the southwest border
of the U.S. [*152] U.S. Department of State
Evaluating various biometric technologies to aid in visa and passport processing.
U.S. Department of Treasury, Bureau of Printing and Engraving
31
Evaluating various biometric technologies to aid in currency control.
U.S. Department of Treasury, Internal Revenue Service
Evaluating signature verification for the electronic signing-off of income tax returns.
U.S. Department of Treasury, U.S. Secret Service
Evaluating hand geometry. Finger imaging to prevent fraud in the administration of pension
programs.
California Department of Justice, SINS (Statewide Integrated Narcotics System)
Finger imaging to secure access to sensitive information about narcotics.
Department of Motor Vehicles at the State Level
Various states, including California, Colorado, Florida, New Jersey and Texas, are considering
finger imaging for drivers licenses.
Entitlement Programs
A number of States, such as California, Connecticut, Illinois, Massachusetts, New Jersey, New
York, Pennsylvania, and Texas are using finger imaging to prevent welfare fraud. Hand
geometry, retinal scanning and signature verification are being evaluated by other states.
Other Prisons
Retinal scanning, iris recognition, finger imaging and hand geometry for securing access and
verifying identity of prisoners, staff and visitors across the U.S.
[SEE APPENDIX II IN ORIGINAL]
Legal Topics:
For related research and practice materials, see the following legal topics:
Healthcare LawBusiness Administration & OrganizationPatient ConfidentialityGeneral
OverviewCriminal Law & ProcedureSearch & SeizureSearch WarrantsGeneral
OverviewCommercial Law (UCC)Sales (Article 2)Subject MatterDefinitionsGeneral Overview
FOOTNOTES:
n1 Ellen Alderman & Caroline Kennedy, The Right to Privacy 326 (1995).
32
n2 Steven Goldberg, Culture Clash: Law and Science in America 5 (1994).
n3 See Mission: Impossible (Paramount 1996).
n4 See id. Hollywood is keen on biometrics; biometric technologies have been featured in
GoldenEye; True Lies; Demolition Man; Star Trek II: The Wrath of Khan; and Never Say Never
Again among others. See, e.g., Karla Harby, Optics: A Discerning Eye, Sci. Am., Apr. 1996, at
38; Jim Ritter, Eye Scans Help Sheriff Keep Suspects in Sight, Chi. Sun-Times, June 22, 1995, at
18.
n5 See Mission: Impossible (Paramount 1996).
n6 For examples of governmental use of biometrics, see infra Appendix I; see also Reports From
the States and Provinces, in Biometrics Hum. Services User Group (Conn. Dep't of Soc.
Services, Hartford, CT), Sept. 1997, at 1-6. For examples of private sector use of biometrics, see,
for example, Rajiv Chandrasekaran, Brave New Whorl: ID Systems Using the Human Body Are
Here, But Privacy Issues Persist, Wash. Post, Mar. 30, 1997, at H1; Ann Davis, The Body as
Password, Wired, July 1997, at 132; Saul Hansell, Is This an Honest Face? Use of Recognition
Technology Grows in Everyday Transactions, N.Y. Times, Aug. 20, 1997, at D1; Frank James,
Body Scans Could Make ID Process Truly Personal, Chi. Trib., June 4, 1997, at 1; Mastercard to
Test Biometric Finger Identification, Biometric Dig. (William Rogers & Assoc., St. Louis, Mo.),
May 1996, at 1; H. Lee Murphy, Safety Playing Larger Role in Hotel Choice, Crains Chi. Bus.,
Oct. 30, 1995, at 6; Beth Stetenfeld, Credit Unions Look to Biometrics to Curb Fraud, Biometric
Dig. (William Rogers & Assoc., St. Louis, Mo.), Aug. 1996, at 6-7; Survey: Market Trends,
Biometric Tech. Today (SJB Services, England), Nov. 1996, at 11; John D. Woodward,
Biometrics Offers Security--But Legal Worries, Too, Am. Banker, Aug. 23, 1996, at 11
[hereinafter Woodward, Biometrics Offers Security].
n7 See United States General Accounting Office, Electronic Benefits Transfer: Use of
Biometrics to Deter Fraud in the Nationwide EBT Program, GAO/OSI-95-20, Sept. 1995, at 67
[hereinafter GAO Report] (prepared at the request of Representative Kenneth E. Bentsen, Jr. (D.
Texas)); see also Dana Milbank, Measuring and Cataloguing Body Parts May Help to Weed Out
Welfare Cheats, Wall St. J., Dec. 4, 1995, at B1.
n8 See GAO Report, supra note 7, at 6-7.
n9 See id.
n10 See Chandrasekaran, supra note 6.
n11 See Benjamin Miller, Everything You Need to Know About Automated Biometric
Identification at 1, in CTST '96 Government Conference Proceedings (1996); see also Mark
Ashurst, First World Smartcards and Third World Pensioners: Mark Ashurst Witnesses
Technology at the Service of South Africa's Rural Poor, Fin. Times (London), Feb. 16, 1996, at
4.
33
n12 See Joseph P. Campbell, Jr. et al., Biometric Security: Government Applications and
Operations, at 1, in CTST '96 Government Conference Proceedings (1996), available at
<http://www.biometrics.org/reports/ctstg961> (updated Nov. 13, 1997) [hereinafter Campbell et
al., Biometric Security]; Bob Carter, Biometric Technologies, What They Are and How They
Work, in CTST "97 Government Conference Proceedings (1997); Chandrasekaran, supra note 6;
Davis, supra note 6; James, supra note 6.
n13 See Donald R. Richards, Rules of Thumb for Biometric Systems, Security Mgmt., Oct. 1,
1995, at 67, available in 1995 WL 8603833; Interview with Peter T. Higgins, biometric
consultant, in Washington, D.C. (Jan. 13, 1998).
n14 See Interview with Peter T. Higgins, supra note 13.
n15 See Campbell et al., Biometric Security, supra note 12, at 1.
n16 See id.
n17 See id.; see also Miller, supra note 11, at 4-5.
n18 See Campbell et al., Biometric Security, supra note 12, at 1.
n19 See Miller, supra note 11, at 4-5.
n20 See id.
n21 See Anil K. Jain et al., An Identity-Identification System Using Fingerprints, 85 Proceedings
of the IEEE 1365, 1365 (1997).
n22 See id.
n23 The following anecdote indicates how unsecure computer passwords can be. A computer
security expert in Chicago commented that he was able to break into more than forty files using
"Bulls" as a password. See Mal Florence, The Inside Trade: In This Case, Punishment Would Fit
Crime, L.A. Times, Jan. 22, 1997, at C2. For commonly used passwords, see Larry Light, Up
Front: The List, Hacker's Delight, Bus. Wk., Feb. 10, 1997, at 4.
n24 Accuracy of biometric systems has two key components: (1) the false acceptance rate
defined as the percentage of impostors accepted by the system; and (2) the false rejection rate
defined as the percentage of authorized users who are rejected. See, e.g., Campbell et al.,
Biometric Security, supra note 12, at 2. The equal error rate is the decision threshold where the
false acceptance rate equals the false rejection rate. See id. The threshold can be adjusted for
many biometric systems. See id. For example, the system can be set so that virtually no
impostors will be accepted. See id. This step could be done by requiring an extremely precise
match. See id. However, this low false acceptance rate would mean that a high number of
authorized users would be rejected. See id.
34
n25 See id. at 1-2; see also Richards, supra note 13.
n26 See Campbell et al., Biometric Security, supra note 12, at 2-3.
n27 See Richards, supra note 13.
n28 Kevin McManus, At Banks of Future, An Eye for an ID, Wash. Post, May 6, 1996, at A3.
n29 The use of the High Biometrics, Lesser Biometrics and Esoteric Biometrics categories is
done for organizational purposes by the author; the categorization is not based on any rigorous
technical formula. For a technically impressive categorization of biometrics using a five part
taxonomy of applications approach, see James L. Wayman, The State of Biometrics, at 2-3, in
CTST '96 Government Conference Proceedings (1996), available in <http://www.engr.sjsu.edu.libaccess.sjlibrary.org/graduate/re-biom/ main.htm> [hereinafter Wayman, The
State of Biometrics]. Dr. Wayman's taxonomy includes: 1) What is the intent of the "wolf" or the
perpetrator who seeks unauthorized system access? Is she cooperating with the system or not
cooperating? 2) Is the customer aware that a biometric measure is being collected? 3) Does the
customer regularly use the system? 4) Is the biometric device being supervised? and 5) What is
the operating environment? E.g., indoor or outdoor use; climate considerations. See id.; see also
Roger Clarke, Human Identification in Information Systems: Management Challenges and
Public Policy Issues, Info. Tech. & People, Dec. 1994, at 6, 18 (offering a comprehensive
taxonomy of biometric techniques based on appearance, social behavior, bio-dynamics, natural
physiography and imposed physical characteristics).
n30 See, e.g., Richards, supra note 13; Interview with Peter T. Higgins, supra note 13.
n31 See Ritter, supra note 4; see also Tim Tierney, Eyes Have it in Future of Law Enforcement:
Technology Expands to Identify Suspects, Chi. Trib., June 27, 1995, at 1.
n32 EyeDentify, Inc., EyeDentify, Inc. Retinal Recognition Systems 1 (1996).
n33 See id.
n34 An example of such a device is the EyeDentification System 2001, by EyeDentify, Inc. of
Baton Rouge, Louisiana.
n35 See EyeDentify, Inc., supra note 32.
n36 See id.; see generally EyeDentify Targets Lower End of the Market, Security Tech. News,
Apr. 22, 1994.
n37 See EyeDentify, Inc., supra note 32.
n38 See Miller, supra note 11, at 7 ("The toughest hurdle for the technologies continues to be
user resistance.").
35
n39 See Chandrasekaran, supra note 6.
n40 See Richard P. Wildes, Iris Recognition: An Emerging Biometric Technology, 85
Proceedings of the IEEE 1348, 1348-50 (1997).
n41 See id. at 1349. These randomly-distributed immutable structures include: "the trabecular
meshwork of connective tissue, collagenous stromal fibers, ciliary processes, contraction
furrows, crypts, vasculature, rings, corona, coloration and freckles." Harby, supra note 4; see also
John Burnell, ATM Makers Eye Iris Identification, Automatic I.D. News, Sept. 1, 1995, at 1. The
iris has more than 400 "degrees of freedom" (measurable features and characteristics) as opposed
to about 60 degrees of freedom for the fingerprint which, according to many security experts,
makes iris recognition a more secure identification system. See id.
n42 See Harby, supra note 4.
n43 See, e.g., Harby, supra note 4, at 38.
n44 See McManus, supra note 28.
n45 For example, equipping ATM with an iris recognition system costs $ 4,000 to $ 5,000 per
ATM. See Bob Fernandez, Body Language, Phila. Inquirer, July 24, 1997, at F1. "An ATM
without the system costs about $ 35,000." Id.
n46 See Chandrasekaran, supra note 6.
n47 The Japanese and other Asians, whose cultural sensitivities toward physical touching
generally differ from Americans, have reacted well to this feature. See Interview with Donald R.
Richards, Former Director of Program Development for IriScan, in Fairfax, Va. (Mar. 26, 1996)
[hereinafter Interview with Richards]. Iris recognition will be used at the Winter Olympics in
Nagano, Japan for access control to the firearms used for the biathlon. See Amy Shipley, A Look
Towards Nagano: News In Brief, Wash. Post, Jan. 23, 1998, at C4.
n48 English plant morphologist N. Grew wrote the first scientific paper on fingerprints in 1684.
See Jain et al., supra note 21, at 1367-69. Features of fingerprints, including the branch and end
points of epidermal ridges, were used by Sir F. Galton in 1872 "to develop a probablistic model
of fingerprint individuality." Andrea R. Roddy & Jonathan D. Stosz, Fingerprint Features-Statistical Analysis and System Performance Estimates, 85 Proceedings of the IEEE 1390, 1391
(1997). These are known as "Galton features" or "minutiae." Id.
n49 See Jain et al., supra note 21, at 1367-69.
n50 This category also includes fingertip structure, finger length, finger pattern.
n51 See Chandrasekaran, supra note 6.
36
n52 See Jain et al., supra note 21, at 1367-69; Roddy & Stosz, supra note 48, at 1391.
n53 See Survey: Market Trends, supra note 6, at 14.
n54 See id.
n55 Fingerprints cannot be reliably taken from about two percent of the population. See Hansell,
supra note 6. In addition, in an effort to defeat the efforts of law enforcement, criminals will go
to great lengths to alter their fingerprints. For example, they will deliberately cut their
fingerprints to create scar tissue in hopes of marring the print. See Ritter, supra note 4. They
occasionally put powerful adhesives on their fingerprints in an effort to avoid detection. See id.
Richards reports of at least one case where the fingerprint remained on the platen thus enabling a
person to tape his fingerprint, place it on the glass plate and be accepted by the system; in other
words, the system read the previous person's fingerprint. See Richards, supra note 13.
n56 Miller, supra note 11, at 7.
n57 See Chandrasekaran, supra note 6.
n58 See Richards, supra note 13.
n59 See Ira Breskin, Biology-Based Identification Forms Security Systems Niche, Investor's
Bus. Daily, Jan. 17, 1996, at A6.
n60 See Chandrasekaran, supra note 6; Miller, supra note 11, at 7 (stating that the reference
template for one of the products is less than ten bytes).
n61 See, e.g., Ron Martz, Want to Get In? You'll Have to Give Them a Hand, Atlanta Const.,
Sept. 7, 1994, at D6.
n62 See Miller, supra note 11, at 7.
n63 At Walt Disney World, "finger scanning" is used rather than "hand scanning;" Coca-Cola
also uses hand-scanning technology for time and attendance. See Chandrasekaran, supra note 6.
n64 See id.
n65 See id. Since it is less accurate than retinal scanning, iris recognition and finger imaging,
hand geometry can, for example, be combined with the use of another identifier such as a PIN,
password or a photograph, for added security.
n66 See id.
n67 Ken Phillips, In-Your-Face Security, PC WEEK, Mar. 24, 1997, at 97. The product
reviewed was TrueFace CyberWatch by Miros, Incorporated. See id.
37
n68 See McManus, supra note 28.
n69 See Chandrasekaran, supra note 6.
n70 See Miller, supra note 11, at 7.
n71 See Joseph P. Campbell, Jr., Speaker Recognition: A Tutorial, 85 Proceedings of the IEEE
1437, 1438 (1997) [hereinafter Campbell, Speaker Recognition].
n72 See id. at 1437-62.
n73 See id. at 1437-38.
n74 See id.
n75 See Woodward, Biometrics Offers Security, supra note 6, at 11.
n76 See McManus, supra note 28; see also Campbell, Speaker Recognition, supra note 71, at
1438.
n77 See Miller, supra note 11, at 8.
n78 Id.
n79 See Woodward, Biometrics Offers Security, supra note 6, at 11.
n80 See Richards, supra note 13.
n81 See id. at 12; see also Interview with Dr. Arthur S. DiDio and Dr. L. John A. DiDio, in
Washington, D.C. (Mar. 22, 1997) [hereinafter Interview with Dr. Arthur S. DiDio and Dr. L.
John A. DiDio]; Interview with Richards, supra note 47; McManus, supra note 28.
n82 See EU Veincheck Project Takes Off, Biometric Tech. Today (SJB Services, England), Sept.
1996, at 1, 1-2. A vein measurement system, known as Veincheck, is scheduled to be operational
at several European sites in 1997, including Heathrow Airport and the Central Bank of Ireland.
See id. at 2.
n83 See id.
n84 See id.
n85 See E-mail communication from Joe Rice, vein measurement expert (Dec. 21, 1996); see
also Veincheck Biometric Homepage (visited Nov. 28, 1997) <http://innotts.co.uk/joerice/>.
n86 Letter from Dr. L. John A. DiDio to the author (Apr. 2, 1997) (on file with the author).
38
n87 See the bibliography of the Anatomischer Anzeiger and in the abstracts of the Anatomischer
Bericht; Interview with Dr. Arthur S. DiDio and Dr. L. John A. DiDio, supra note 81.
n88 See Facsimile communication from Dr. L. John A. DiDio to the author (Apr. 2, 1997) (on
file with the author).
n89 See Biometric Body Odors . . . No, We Are Not Kidding, Pers. Identification News, June
1995, at 5. The company is named Bloodhound Sensors. See id.
n90 See id.
n91 See id.
n92 See supra part II.A.
n93 Gary Roethenbaugh, Biometrics: A Global Perspective, at D3, in BiometriCon '97 (1997);
see also Survey: Market Trends, supra note 6, at 11-16.
n94 See Chandrasekaran, supra note 6 (citing Ben Miller, editor of Personal Identification
News).
n95 See Pers. Identification News, The 1997 Advanced Card & Identification Tech. Sourcebook
38 (1996). For a more detailed discussion of biometric applications, see, for example,
Chandrasekaran, supra note 6.
n96 See Alice LaPlante, Systems in the Slammer, Computerworld, Apr. 17, 1995, at 1, 89, 93,
97.
n97 See Ritter, supra note 4.
n98 See id.
n99 See id.
n100 See id.
n101 For example, a murder fugitive picked up on a misdemeanor charge, gives a fake name and
alias documentation. With the former system, it could take days to match the fugitive to his true
identity. See id. Inmates will also attempt to outwit prison authorities by establishing a false
identity by memorizing one another's name, addresses and personal information. See LaPlante,
supra note 96, at 93.
n102 See LaPlante, supra note 96, at 89; see also Ritter, supra note 4. Resources are also saved
on the initial enrollment process as skilled fingerprint technicians, using ink and paper to capture
the fingerprints, are no longer necessary.
39
n103 Jamaica is experimenting with an Elector Registration System (ERS) to register eligible
voters incorporating an identification card with fingerprint minutiae data. See South Africa and
Jamaica Use Fingerprints to Identify Citizens, Biometric Tech. Today (SJB Services, England),
Oct. 1996, at 1, 1-2.
n104 For example, New York uses an automated finger imaging system (AFIS) for the
identification of public assistance recipients. See Richard Nawrot, New York State Department
of Social Services Automated Finger Imaging System, Biometrics Human Services User Group
(Conn. Dep't of Soc. Services, Hartford, CT), Sept. 1997, at 2-4.
n105 See Ronald J. Hays, INPASS: INS Passenger Accelerated Service System (last modified
Jan. 4, 1996) <http://www.biometrics.org/reports/inpass.html>.
n106 For example, a voice verification system aids in border crossings between the United States
and Canada in Scobey, Montana. See Reports from the States and Provinces, supra note 6, at 2.
Also, in 1996, Congress required the use of a biometric identifier in connection with border
crossing identification cards:
The term "border crossing identification card" means a document of identity . . . issued to
[qualifying aliens] . . . . Such regulations shall provide that (A) each such document include a
biometric identifier (such as the fingerprint or handprint of the alien) that is machine readable
and (B) an alien presenting a border crossing identification card is not permitted to cross over the
border into the United States unless the biometric identifier contained on the card matches the
appropriate biometric characteristic of the alien.
8 U.S.C.A. § 1101(a)(6) (West Supp. 1997).
n107 At the federal level, for example, Congress specifically required that the Secretary of
Transportation, through the Federal Highway Administration (FHWA), "shall prescribe
regulations on minimum uniform standards for a biometric identification system to ensure the
identification of operators of commercial motor vehicles." The Truck and Bus Safety and
Regulatory Reform Act of 1988, Pub. L. No. 100-690 § 9105(a), 102 Stat. 4530 (1988) (codified
as amended at 49 U.S.C. § 31309(d)(2) (1994)). In mandating this biometric identification
system, Congress responded to public safety concerns that commercial truck drivers were
allegedly obtaining concurrent commercial licenses from various individual states in an attempt
to minimize the true extent of their traffic violations. See Jim Wayman, Presentation, in
Biometric Consortium 9, Arlington, Virginia, Apr. 8, 1997.
n108 See Roethenbaugh, supra note 93, at D9.
n109 See generally id. at D11-12.
n110 See id. at D11.
40
n111 National Identity Card proposals are usually met with concern and consternation in the
United States and other western countries. See, e.g., John J. Miller & Stephen Moore, A National
ID System: Big Brother's Solution to Illegal Immigration, Policy Analysis, Sept. 7, 1995, at 1
("The computer registry and national ID card, which would confer on the federal government
vast new police-state powers, is highly incompatible with . . . expanding freedom and reducing
government. . . . A computer registry would impose large costs on American citizens in terms of
both dollars and lost liberties."); Robert Ellis Smith, The True Terror is in the Card, N.Y. Times,
Sept. 8, 1996, at 58 (objecting to the use of a national identity card as "dehumanizing . . . and . . .
destructive of a free society"). However, the Government of the Philippines has decided to
embark on an ambitious national identity card project with plans to enroll up to 63 million
people; the South African Home Affairs National Identification System (HANIS) will involve an
identity card combined with a biometric identifier. See South Africa and Jamaica Use
Fingerprints to Identify Citizens, supra note 103, at 1-2.
n112 For a detailed explanation of INS biometric programs from which this section of the paper
is largely based, see Hays, supra note 105.
n113 See id.
n114 See id.
n115 See Immigration: INSPASS and IDENT Branch Out, Biometric Tech. Today (SJB
Services, England), Sept. 1996, at 5, 5. Apparently, the senior leadership of the INS is still
mulling the options.
n116 See id.
n117 See Lisa Corbin, Icons of Information Technology, Gov't Executive, Dec. 1996, at 33, 3334, available in <http://www.govexec.com/archdoc/awa96/1296awal.htm>.
n118 See Hays, supra note 105.
n119 Under the IDENT program, after individuals apprehended at the border are scanned-in
during the booking process, the finger images are then computer matched against a central INS
database of criminals and known smugglers in Washington, D.C. See Immigration: INSPASS
and IDENT Branch Out, supra note 115, at 5. "Between October 1994 and October 1995, nearly
half a million sets of fingerprints and photographs were entered into the system. In less than one
year, IDENT has identified 1,378 criminal immigrants in San Diego." Tim Biggs, Enhanced
Security: Border Indentity Checks, in Outline to Efficiency, Gov't Executive, Dec. 1997, at 36.
An IDENT site was also established at Atlanta in 1996 during the Summer Olympics. See
Immigration: INPASS and IDENT Branch Out, supra note 115, at 5.
n120 Biggs, supra note 119, at 35.
n121 See Hays, supra note 105.
41
n122 However, the rumored move by INS to finger imaging conflicts with Germany's Ministry
and Interior's decision to embark on hand geometry systems. See Immigration: German
Government Chooses Hand Geometry, Biometric Tech. Today (SJB Services, England), Sept.
1996, at 3.
n123 See Chandrasekaran, supra note 6.
n124 See id.
n125 See id.; see also Phillips, supra note 67.
n126 See Chandrasekaran, supra note 6.
n127 See Harby, supra note 4, at 38; see also Sensar, Oki Electric Sign $ 41.9 Mil Agreement for
Iris Recognition, Biometric Dig. (William Rogers & Assoc., St. Louis, Mo.), Nov. 1996, at 1
[hereinafter Sensar]. See generally Trends in Japan: Iris Checks at ATM's, Japan Now, Mar.
1997, at 3 [hereinafter Iris Checks at ATM's].
n128 See Jennifer Tanaka & Beth Kwon, Technology: An Eye for ID, Time, Dec. 15, 1997, at
12.
n129 See Interview with Richards, supra note 47.
n130 See id.
n131 See id.
n132 Id.
n133 See Eye: Cash Machine Scanners on the Launch Pad, Biometric Tech. Today (SJB
Services, England), Oct. 1996, at 4, 4.
n134 See A Cutting-Edge Credit Union Makes an Impression with Biometrics, Bank Network
News, Apr. 25, 1997, available in 1997 WL 8924695.
n135 See id.; see also Biometrics in a Virtual Branch, Biometric Dig. (William Rogers & Assoc.,
St. Louis, Mo.), Apr. 1997, at 6.
n136 See Sharon Latka-Davis, Iris Ident ATM Security System Catches Eye of Bankers,
Telegram & Gazette (Worcester, Ma.), July 22, 1996, at C1; Joel S. Lisker, Paving the Way for
Biometric Technology (presentation in Las Vegas, Nevada, Mar. 12, 1997). Mr. Lisker is Senior
Vice President, Security & Risk Management for MasterCard International. See also Matt
Barthel, Banks Eyeball Sci-Fi Style Identification for ATMs, Am. Banker, Sept. 22, 1995, at 14.
In late 1996, Oki expanded the scope of its 1995 contract with IriScan and Sensar to ten Pacific
Rim countries. See Sensar, supra note 127, at 1.
42
n137 See Iris Checks at ATM's, supra note 127, at 3.
n138 See Graeme Browning, Paying More to a Faceless Industry, 28 Nat'l J. 2766, 2766 (1996).
n139 See Chandrasekaran, supra note 6.
n140 See Interview with Dr. F.P. Nasrallah, Assistant Professor of Ophthalmology at George
Washington University, and Dr. Arthur S. DiDio, M.D., in Washington, D.C. (Apr. 4, 1996)
[hereinafter Interview with Dr. Nasralla and Dr. Arthur S. DiDio]. See generally Barbara Bates,
A Guide To Physical Examination and History Taking 213-215 (5th ed. 1991).
n141 See Interview with Dr. Nasrallah and Dr. Arthur S. DiDio, supra note 140.
n142 Id.
n143 Id.
n144 See id.
n145 See Harold Chen, M.D., Medical Genetics Handbook 221-226 (1988); see also Michael
Skoler, Finger and Palm Prints: A Window on Your Health, Glamour, Apr. 1984, at 248.
n146 See Gastroenterology: Fingerprinting GI Disease, Johns Hopkins Physician Update, Apr.
1996, at 5. CIP, a motility disorder, causes its victims "to experience excruciating physical pain,
vomiting, nausea, alternating bouts of severe constipation and diarrhea, and debilitating weight
loss." Id.
n147 Chen, supra note 145, at 225.
n148 See id.
n149 See id. at 226; Skoler, supra note 145, at 250.
n150 See Simon Levay, Queer Science: The Use and Abuse of Research Into Homosexuality
157-158 (1996); see also Richard E. Cytowic, All in the Genes, Wash. Post, Sept. 1, 1996, at 9
(book review).
n151 Drs. Hall and Kimura found that in the majority of both males and females, there are more
ridges on the fingerprints of the right hand than the left hand, but more women than men have
the minority characteristic known as leftward asymmetry. See Levay, supra note 150, at 157.
When the fingerprint patterns of gay men were compared with straight men, researchers found
that more gay men than straight men had the minority characteristic of leftward asymmetry. See
id.
43
n152 For example, the group studied by Drs. Hall and Kimura only included 182 heterosexual
men and 66 homosexual men. See id.
n153 GAO Report, supra note 7, at 28-29.
n154 United States v. Westinghouse Elec. Corp., 638 F.2d 570, 577 (3d Cir. 1980) (holding that
medical records of a private sector employee, while within the ambit of constitutional privacy
protection, could nonetheless be disclosed to a government agency upon a proper showing of
governmental interest); see also Doe v. Attorney General of the United States, 941 F.2d 780, 796
(9th Cir. 1991) ("Information regarding an individual's HIV status or AIDS diagnosis would fall
within the ambit of the privacy protection afforded medical information.").
n155 See Fred H. Cate, Privacy in the Information Age 19-31 (1997). While a detailed
discussion of the many facets of privacy is beyond the scope of this paper, an excellent starting
point is Richard C. Turkington et al., Privacy: Cases and Materials (1992).
n156 Ruth Gavison, Privacy and the Limits of Law, 89 Yale L.J. 421, 428 (1980).
n157 Charles Fried, An Anatomy of Values 140 (1970).
n158 Richard B. Parker, A Definition of Privacy, 27 Rutgers L. Rev. 275, 281 (1974) (internal
quotation marks omitted).
n159 Tom Gerety, Redefining Privacy, 12 Harv. C.R.-C.L. L. Rev. 233, 236 (1977).
n160 United States v. Westinghouse Elec. Corp., 638 F.2d 570, 577 n.5 (3d Cir. 1980).
n161 Lillian R. Bevier, Information About Individuals in the Hands of Government: Some
Reflections on Mechanisms for Privacy Protection, 4 Wm. & Mary Bill Rts. J. 455, 458 (1995)
(footnote omitted); see also Richard S. Murphy, Property Rights in Personal Information: An
Economic Defense of Privacy, 84 Geo. L.J. 2381, 2381 (1996).
n162 Turkington et al., supra note 155, at 35.
n163 See David H. Flaherty, Privacy in Colonial New England 85-88 (1972).
n164 General search warrants were also known as writs of assistance. See Marshall v. Barlow's,
Inc., 436 U.S. 307, 327 (1978) (Stevens, J., dissenting). These were issued by the Crown
authorities to enforce trade and navigation laws in the colonies. See id. The colonist's intense
dislike of the British practice of issuing general warrants led to the establishment of the Fourth
Amendment in the Bill of Rights. See id.
n165 Flaherty, supra note 163, at 87-88.
44
n166 Id. In the period leading up to the Revolutionary War, Otis was a leading political activist
and legal advocate. Sadly for this American patriot, he suffered a blow on the head during an
altercation with a Crown official in 1769 which rendered him insane until his death in 1783. See
8 New Encyclopaedia Britannica 1042 (15th ed. 1997).
n167 Or "zones of privacy," to use Justice Douglas' term. Griswold v. Connecticut, 381 U.S. 479,
484 (1965); see also Cate, supra note 155, at 52.
n168 See U.S. Const. amend. I.
n169 See U.S. Const. amend. III.
n170 See U.S. Const. amend. IV.
n171 See U.S. Const. amend. V.
n172 U.S. Const. amend. IX; Griswold, 381 U.S. at 484. In his Griswold concurrence, Justice
Goldberg stressed that the Ninth Amendment demonstrated that the Founding Fathers believed
that fundamental rights existed outside the first eight amendments. See id. at 488 (Goldberg, J.,
concurring). In their Griswold dissents, Justices Black and Stewart found no right to privacy in
the Constitution. See id. at 508 (Black, J., dissenting); id. at 530 (Stewart, J., dissenting); see also
Turkington et al., supra note 155, at 18-19.
n173 U.S. Const. amend. X.
n174 This message, sent by Morse over a telegraph line running from Washington, D.C. to
Baltimore, Maryland, is from Numbers 23:23. See 26 Encyclopedia Americana: International
Edition 394-95 (1994).
n175 See Alan F. Westin, Privacy and Freedom 337 (1967) (citing W. Scott & M. Jarnagin,
Treatise Upon the Law of Telegraphs, Appendix, 457-507 (1868)).
n176 See id.
n177 See id.
n178 See id.
n179 See id.
n180 Turkington et al., supra note 155, at 18.
n181 Richard F. Hixson, Privacy in a Public Society: Human Rights in Conflict 30 (1987); see
also Goldberg, supra note 2, at 115.
45
n182 See DeMay v. Roberts, 9 N.W. 146, 149 (Mich. 1881); see also Turkington et al., supra
note 155, at 149.
n183 DeMay, 9 N.W. at 149.
n184 Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).
n185 Id. at 193.
n186 Westin, supra note 175, at 346. The tremendous growth in newspapers and a more
sensational, personal style of newspaper reporting were factors that influenced Warren and
Brandeis. See Warren & Brandeis, supra note 184, at 195. In sheer physical terms, the number of
newspapers grew dramatically. See Hixson, supra note 181, at 28. For example, in 1800, there
were about 921 newspapers in the United States; by 1850, 758,000; by 1870, 2,607,000; by
1890, 8,387,000. See id. Regarding the change in journalistic style, it is interesting to note that
President Grover Cleveland complained when newspaper reporters followed the President and
his new bride on their honeymoon in 1886. See id. at 28-29. Other technological factors in the
changing America of the late nineteenth century which influenced the authors included
development of the telephone, whereby conversation was projected outside the home or office;
the microphone and dictagraph recorder, whereby private conversations could be heard by others
and recorded; and instant photography, whereby the privacy of informal areas could now be
invaded. See Westin, supra note 175, at 338.
n187 See Pasevich v. New England Life Ins. Co., 50 S.E. 68, 72 (Ga. 1905) (holding that the
unauthorized use of a person's photograph for commercial purposes was a violation of a person's
privacy interests). An earlier case decided by a state court recognizing a right to privacy is
Schuyler v. Curtis, 15 N.Y.S. 787, 787-88 (N.Y. Sup. Ct. 1891) (recognizing a right of privacy
by granting an injunction against the making and public exhibition of a statue of a deceased
person where it is not shown that she was a public character. The court noted, "The moment one
voluntarily places himself before the public, either in accepting public office, or in becoming a
candidate for office, or as an artist or literary man, he surrenders his right to privacy pro tanto,
and obviously cannot complain of any fair or reasonable description or portraiture of himself.");
see also Hixson, supra note 181, at 38-41.
n188 277 U.S. 438 (1928).
n189 Id. at 478 (Brandeis, J., dissenting); see also Cate, supra note 155, at 57; Goldberg, supra
note 2, at 114.
n190 Alderman & Kennedy, supra note 1, at xiv. It should also be noted that Warren and
Brandeis were concerned about private as opposed to official invasions of privacy. See, e.g.,
Hixson, supra note 181, at 33.
n191 U.S. Const. amend. XIV, § 1.
46
n192 Planned Parenthood v. Casey, 505 U.S. 833, 846 (1992) (quoting Daniels v. Williams, 474
U.S. 327, 331 (1986)).
n193 Id. at 847.
n194 Griswold v. Connecticut, 381 U.S. 479, 500 (1965) (Harlan, J., concurring) (quoting Palko
v. Connecticut, 302 U.S. 319, 325 (1937)).
n195 Moore v. City of East Cleveland, 431 U.S. 494, 503 (1977). These terms have been
criticized for lack of clarity. See, e.g., Robert H. Bork, The Tempting of America: The Political
Seduction of the Law 118 (1990) ("The judge-created phrases specify no particular freedom, but
merely assure us, in sonorous phrases, that they, the judges, will know what freedoms are
required when the time comes.").
n196 See Anita Allen, Legal Issues in Nonvoluntary Prenatal Screening in Aids, in Women and
the Next Generation: Towards a Mutually Acceptable Public Policy for HIV Testing of Pregnant
Women and Newborns 175 (Ruth R. Faden et al. eds., 1991). At least one scholar has more
broadly categorized the Supreme Court's interpretation of constitutional protections for
individual privacy as falling into four areas--"expression and association, searches and seizures,
fundamental decision-making, and informational privacy." Cate, supra note 155, at 52.
n197 See Cate, supra note 155, at 52.
n198 See id.
n199 Planned Parenthood v. Casey, 505 U.S. 833, 851 (1992).
n200 Id.
n201 See Allen, supra note 196, at 175.
n202 Westin, supra note 175, at 7.
n203 The following hypothetical example might illustrate how decisional privacy concerns could
be implicated by a biometric scheme. In response to growing concerns about missing children, a
state legislature decides to require all children attending private day care programs to be
biometrically scanned for identification purposes. Parents object on the grounds that they are
fully satisfied with the less-intrusive security already offered at the private day care program and
that their children will be unduly traumatized by the scanning. Educational zone of privacy
concerns are possibly implicated.
n204 The legal and policy implications of biometric scanning when used in the private sector are
beyond the scope of this paper. While common law privacy torts, state constitutional provisions
and state statutes might permit some sort of a recovery for plaintiffs at the state level, before such
a broad conclusion can be made, further study is needed. It is also beyond the scope of this paper
47
to discuss how the legal system would handle any tort liability lawsuits arising from any
perceived medical concerns arising from the use of biometric technologies. Similarly, the use of
biometrics for evidentiary matters in courts of law is not discussed.
n205 Laurence Tribe, The Constitution in Cyberspace: Law and Liberty Beyond the Electronic
Frontier (viewed Nov. 28, 1997) <http://www.eff.org/pub/legal/cyberconstitution.paper>
(Keynote Address at The First Conference on Computers, Freedom & Privacy (1991)); see also
Cate, supra note 155, at 50-51. It should be noted, however, that until its repeal in 1933, the
Eighteenth Amendment, which prohibited the sale, manufacture or transportation of intoxicating
liquors, severely restricted a private sector activity. See U.S. Const. amend. XVIII, repealed by
U.S. Const. amend. XXI.
n206 See Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (rejecting defendant's claim that
information in the form of telephone numbers he dialed from his home telephone (what is known
as a pen register), could not be turned over to the police absent a search warrant and noting that it
"consistently has held that a person has no legitimate expectation of privacy in information he
voluntarily turns over to third parties").
n207 U.S. Const. amend. IV.
n208 See, e.g., Katz v. United States, 389 U.S. 347, 360-62 (1967) (Harlan, J., concurring).
n209 See Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 616 (1989).
n210 See Schmerber v. California, 384 U.S. 757, 767-68 (1966).
n211 See Skinner, 489 U.S. at 618.
n212 See id. at 617.
n213 Vernonia Sch. Dist. 47J v. Acton, 515 U.S. 646, 652 (1995).
n214 Id. (quoting Skinner, 489 U.S. at 619) (internal quotation marks omitted).
n215 See Zurcher v. Stanford Daily, 436 U.S. 547, 554-55 (1978).
n216 Chandler v. Miller, 117 S. Ct. 1295, 1298 (1997). Those "circumstances include brief stops
for questioning or observation at a fixed Border Patrol checkpoint, or at a sobriety checkpoint,
and administrative inspections in "closely regulated' businesses." Id. (citations omitted).
n217 See Elise Bjorkan Clare et al., Criminal Procedure Project, Warrantless Searches and
Seizures, 84 Geo. L.J., 743, 811-820 (1996) (discussing administrative search doctrine).
n218 See Skinner v. Railway Labor Executives Ass'n, 489 U.S. 602, 621-22 (1989).
48
n219 See Acton, 515 U.S. at 663.
n220 515 U.S. 646 (1995).
n221 Id. at 654.
n222 Id. at 657.
n223 Id. at 658.
n224 Id. at 660.
n225 See Skinner v. Railway Labor Executives Ass'n, 489 U.S. 602, 621 (1989).
n226 See Michigan v. Clifford, 464 U.S. 287, 294-95 (1984) (holding that a search warrant is
required for the administrative search of a residence to investigate the cause of a fire).
n227 See id. at 295.
n228 See James A. Weaver & George W. Beitzel, Fingerprints, Digital Photos and Digital
Signatures: Pennsylvania Automated Recipient Identification System (PARIS), at 1, in CTST
"96 Government Conference Proceedings (1996). ARIP is found in the 1995 Welfare Reform
Bill (Act 1995-20) in Section 44. See id. Similar to Pennsylvania's ARIP, Connecticut recently
embarked on a biometrics-based identification scheme. See David Mintie, The Connecticut DSS
Biometric Project and EBT Card: Implementation Issues, in CTST "96 Government Conference
Proceedings (1996). Legislation was passed effective July 1, 1995 authorizing Connecticut's
Department of Social Services (DSS) to implement the Connecticut Digital Imaging System--a
state-wide electronic personal identification system that enrolls qualified welfare recipients
(consisting of General Assistance (GA) and Aid to Families with Dependent Children (AFDC)
clients) into a statewide database using finger-image identification to verify that enrolled clients
are eligible to receive benefits. See id. Connecticut's objective was to create a system that would
eliminate "dual enrollments" or "double dippers" (the major component of welfare fraud). See id.
Interestingly, DSS sought a standardized biometrics platform that would also serve the needs of
Connecticut's Department of Motor Vehicles for image capture. See id.
n229 Act of June 30, 1995, ch. 71, 1995 Pa. Laws 20 (amending Public Welfare Code); see also
Weaver & Beitzel, supra note 228, at 1-4.
n230 See Weaver & Beitzel, supra note 228, at 1-6. Welfare recipients include Pennsylvanians
receiving General Assistance, Food Stamps, and AFDC among others. See id. at 3.
n231 See Act of June 30, 1995, ch. 71, 1995 Pa. Laws 20; see also Weaver & Beitzel, supra note
228, at 1-6.
49
n232 See All Things Considered: Foolproof Identification Methods Create Privacy Worries
(National Public Radio broadcast, Oct. 8, 1996) [hereinafter All Things Considered].
n233 See Act of June 30, 1995, ch. 71, 1995 Pa. Laws 20.
n234 See E-mail communication from David Mintie, Department of Social Services, State of
Connecticut, to the author (Apr. 10, 1997) (on file with the author) [hereinafter Mintie, E-mail].
n235 See id. In general terms, procedures related to cross matching include: (1) States match
data one or more times each year; (2) States share the costs of the matches; (3) Anti-fraud groups
in each state agency get documentation of the "hits," then independently investigate suspect
cases. Once the investigation has been completed, they jointly determine the prosecution
protocol. See id.
n236 See id.
n237 See id.
n238 See Reports from the State and Provinces, supra note 6, at 2. Aside from the policy aspects
of these cross-sharing procedures, administrative concerns, such as costs, also play a role. For
example, because of the proprietary nature of the biometric scanning systems, states have to pay
for each biometric cross match conducted. Efforts are being made to promote a North East
coalition (NCS) approach to cross state matching as a mechanism to reduce these administrative
costs for each state. See Mintie, E-mail, supra note 234.
n239 See Mintie, E-mail, supra note 234.
n240 489 U.S. 602 (1989).
n241 Id. at 621 n.5.
n242 429 U.S. 589 (1977).
n243 Paul M. Schwartz, Privacy and Participation: Personal Information and Public Sector
Regulation in the United States, 80 Iowa L. Rev. 553, 574-575 (1995). Other scholars have
perhaps interpreted the significance of Whalen v. Roe slightly differently. See, e.g., Allen, supra
note 196, at 181 ("The Court has come closest to recognizing an independent right of
information privacy in Whalen v. Roe."); Michael P. Roch, Filling the Void of Data Protection in
the United States Following the European Example, 12 Santa Clara Computer & High Tech. L.J.
71, 89 (1996) ("In Whalen v. Roe, the court sic recognized in dicta that there may exist a right to
protect against improper disclosure of personal data."); see also Cate, supra note 155, at 63
("Having found this new privacy interest in nondisclosure of personal information, the Court . . .
applying a lower level of scrutiny, found that the statute did not infringe the individual's interest
in nondisclosure."); Peter L. Strauss et al., Gellhorn & Byse's Administrative Law: Cases &
Comments 874 (1995) ("A requirement that information of arguable utility to a lawful regulatory
50
program be collected or submitted is unlikely to fall beyond the constitutional power of either
federal or state government.").
n244 For a truncated version of this Whalen v. Roe analysis, see John D. Woodward, Building a
Biometrics Blueprint: The Lessons of Whalen v. Roe, Biometric Tech. Today (SJB Services,
England), Dec. 1996/Jan. 1997, at 9-10.
n245 Whalen, 429 U.S. at 591.
n246 See id. This commission was formally known as The Temporary State Commission to
Evaluate the Drug Laws. See id. at 592 n.4.
n247 Id. at 593. The statute classified potentially harmful drugs in five schedules which
conformed with relevant federal law. See id. at 592. Schedule II drugs included the most
dangerous of the legitimate drugs. See id. at 592-93. Examples of such drugs would include
opium, methadone, amphetamines and methaqualone. See id. at 593 n.8. These drugs all have
accepted medical uses. The statute also provided for an emergency exception. See id. at 593.
n248 Id.
n249 See id. The office which received the forms was the Bureau of Controlled Substances,
Licensing and Evaluation (BCSLE). See Roe v. Ingraham, 403 F. Supp. 931, 932 (S.D.N.Y.
1975), rev'd, Whalen v. Roe, 429 U.S. 589 (1977).
n250 See Whalen, 429 U.S. at 593.
n251 Id.
n252 Id. at 592 n.6.
n253 Id. at 595-96 n.16.
n254 Id. at 596 n.16.
n255 Id.
n256 Id. at 600.
n257 Id.
n258 For a thorough analysis of these categories as discussed in Whalen, see also Schwartz,
supra note 243, at 574-75.
n259 See Roe v. Ingraham, 357 F. Supp. 1217, 1222 (S.D.N.Y.), rev'd, 480 F.2d 102 (2d Cir.
1973).
51
n260 See Roe v. Ingraham, 480 F.2d 102, 109 (2d Cir. 1973).
n261 See Roe v. Ingraham, 403 F. Supp. 931, 936-38 (S.D.N.Y. 1975), rev'd, 429 U.S. 589
(1977). The Court found this privacy right in the Fourteenth Amendment to the Constitution. See
id. at 938.
n262 Id. at 937.
n263 See Whalen v. Roe, 424 U.S. 907 (1976) (noting probable jurisdiction).
n264 Whalen v. Roe, 429 U.S. 589, 603-04 (1977).
n265 See id. at 591. The Temporary State Commission to Evaluate the Drug Laws issued two
reports which the legislature made part of the legislative history of the statute. See id. at 591 n.4.
n266 Id. at 592.
n267 Id. at 597.
n268 See id. at 593-95.
n269 As the Court in Whalen noted, Justice Brandeis had stated elsewhere:
It is one of the happy incidents of the federal system that a single courageous state may, if its
citizens choose, serve as a laboratory; and try novel social and economic experiments without
risk to the rest of the country. This Court has the power to prevent an experiment. We may strike
down the statute which embodies it on the ground that, in our opinion, the measure is arbitrary,
capricious, or unreasonable. . . . But in the exercise of this high power, we must ever be on our
guard, lest we erect our prejudices into legal principles. If we would guide by the light of reason,
we must let our minds be bold.
Id. at 597 n.20 (quoting New State Ice Co. v. Liebmann, 285 U.S. 262, 311 (1932) (Brandeis, J.,
dissenting)).
n270 Id. at 597.
n271 See id. at 595.
n272 Id. at 598.
n273 Id. at 602 (footnote omitted).
n274 See id. at 603.
52
n275 Id. (noting that Albany received approximately 100,000 prescription forms for Schedule II
drugs monthly).
n276 Id. at 605.
n277 Id.
n278 Id. at 605-06.
n279 See id. at 607 (Brennan, J., concurring).
n280 Id. (Brennan, J., concurring).
n281 Id. (Brennan, J., concurring).
n282 Id. (Brennan, J., concurring).
n283 See id. (Brennan, J., concurring).
n284 See id. at 607-08 (Stewart, J., concurring) (quoting Katz v. United States, 389 U.S. 347,
350-351 (1967)) (footnote omitted).
n285 See id. (Stewart, J., concurring). In the context of biometrics, it is worth stressing that the
state courts, which in some cases have been more protective of individual rights than the federal
courts, would decide if biometric applications violated any state constitutional provisions. See
generally Cate, supra note 155, at 66-68 (discussing state constitutional guarantees of individual
privacy, but concluding that "even the most protective state constitutional provisions . . . have
yielded little protection for information privacy").
n286 Whalen, 429 U.S. at 609 (Stewart, J., concurring).
n287 For this observation, the author is indebted to Professor Steven Goldberg of the
Georgetown University Law Center who shared it in September 1996. Professor Goldberg
opined that when a Supreme Court opinion offers broad pronouncements and little factual
analysis, it is a sure sign that the Court is on comfortable turf. However, when the opinion deals
with intense factual scrutiny, the Court is less sure of itself and thus keeping its options open for
the long run. See Interview with Professor Steven Goldberg, Georgetown University Law
Center, in Washington, D.C. (Sept. 1996).
n288 See Whalen, 429 U.S. at 602 (The relevant language is the disclosure of medical
information, which is "often an essential part of modern medical practice even when the
disclosure may reflect unfavorably on the character of the patient.").
n289 The parallels to Fourth Amendment protections should also be noted.
53
n290 Bevier, supra note 161, at 457.
n291 Id. at 464 (concluding that the many of the writings on contemporary privacy scholarship
related to control of personal information reflect this psychological state).
n292 Clarke, supra note 29, at 34; see also Schwartz, supra note 243, at 560-61.
n293 Planned Parenthood v. Casey, 505 U.S. 833, 850 (1992).
n294 See Iacobucci v. City of Newport, 785 F.2d 1354, 1355-58 (6th Cir.), rev'd on other
grounds, 479 U.S. 92 (1986); Walton v. City of Atlanta, 181 F.2d 693, 694 (5th Cir. 1950);
Brown v. Brannon, 399 F. Supp. 133, 139-45 (M.D.N.C. 1975), aff'd, 535 F.2d 1249 (4th Cir.
1976); Thom v. New York Stock Exch., 306 F. Supp. 1002, 1012 (S.D.N.Y. 1969), aff'd sub
nom. Miller v. New York Stock Exch., 425 F.2d 1074 (2d Cir. 1970).
n295 See, e.g., Thom, 306 F. Supp. at 1012; see also Robert E. Riggs, Privacy Law and Practice
§ 30.04 (George B. Trubow ed., 1991).
n296 See Thom, 306 F. Supp. at 1004-05.
n297 Id. at 1009.
n298 See id. at 1009-10.
n299 See Iacobucci, 785 F.2d at 1359-60. The City of Newport's municipal ordinance was
upheld "as a proper exercise of the City's police power" even though it contained no statement of
purpose. Id. at 1355.
n300 See Brown v. Brannon, 399 F. Supp. 133, 139 (M.D.N.C. 1975), aff'd, 535 F.2d 1249 (4th
Cir. 1976).
n301 See Walton v. City of Atlanta, 181 F.2d 693, 694 (5th Cir. 1950).
n302 See, e.g., People v. Stuller, 89 Cal. Rptr. 158, 167 (Cal. Ct. App. 1970) (upholding the
constitutionality of mandatory fingerprinting for certain employees of establishments serving
liquor by the drink).
n303 See Perkey v. Department of Motor Vehicles, 721 P.2d 50, 55-56 (Cal. 1986).
n304 Id. at 53. At the time of its writing, the court was correct; however, retinal scanning, iris
recognition and finger imaging should now be added to the "assuredly accurate source of
identification" list. Id.
n305 See id. at 60.
54
n306 See id. at 55-56.
n307 See James J. Killerlane III, Note, Finger Imaging: A 21st Century Solution to Welfare
Fraud at Our Fingertips, 22 Fordham Urb. L.J. 1327, 1335-36 (1995); Nawrot, supra note 104, at
2-4.
n308 See Killerlane, supra note 307, at 1361-62.
n309 See N.Y. Soc. Serv. Law § 139-a(3) (McKinney 1994); see also Killerlane, supra note 307,
at 1338 ("The [New York State] law now limits the use of finger imaging information solely to
detect multiple enrollments, or to further a criminal investigation or prosecution of crimes arising
from multiple enrollment for Home Relief.").
n310 See Killerlane, supra note 307, at 1331-33.
n311 Id. at 1365. Note, however, that Killerlane did not examine the medical and sexual
orientation information concerns related to finger imaging.
n312 See Recent Legislation, Welfare Policy--Fraud Prevention--New York Requires Finger
Imaging for Welfare Recipients--1995 N.Y. Laws 83, § 266, 109 Harv. L. Rev. 1168, 1170-71
(1996).
n313 Id. at 1173 (suggesting that the empirical data regarding the success of AFIS is at best
uncertain and that the current anti-welfare political environment motivated the adoption of
biometrics for welfare entitlement programs like the one in New York).
n314 This section of the paper is largely derived from Professor Steven Goldberg's scholarly
treatment of the policy issues inherent in the "regulatory gap," a phrase coined by Professor
Goldberg. See Goldberg, supra note 2, at 2.
n315 Id. at 89.
n316 Id.
n317 Id.
n318 Id. at 2.
n319 See U.S. Const. art. I, § 8, cl. 3.
n320 See, e.g., Wickard v. Filburn, 317 U.S. 111, 118-29 (1942) (holding that the federal
government had the power to set quotas on wheat grown by every farmer in the United States to
include wheat grown for personal consumption).
55
n321 See, e.g., Hipolite Egg Co. v. United States, 220 U.S. 45, 58 (1911) (upholding the seizure
of adulterated eggs by federal officials).
n322 See Goldberg, supra note 2, at 85-86.
n323 See id.
n324 See id.; see also South Dakota v. Dole, 483 U.S. 203, 212 (1987) (upholding Congressional
power to place conditions related to a state's use of federal funds).
n325 Goldberg, supra note 2, at 87.
n326 See id.
n327 Two compelling reasons explain the popularity of Congressional delegation to
administrative agencies: 1) administrative, in that the heavy volume of cases and complexity of
them would overburden Congressional resources; and, 2) political insofar as by delegating,
Congress can let the administrative agencies contend with controversial political dilemmas by
passing the buck. See id. at 87-88.
n328 See id. at 88.
n329 See id. at 93-96.
n330 See id. at 96-98; see also Mark Hansen, No Place to Hide, A.B.A. J., Aug. 1997, at 4448
(discussing recent efforts of the American Bar Association, the American Civil Liberties Union
and several legal scholars to influence policy involving surveillance technologies and contraband
detection devices, although not specifically addressing issues raised by the use of biometrics).
n331 See, e.g., John D. Woodward, Biometrics: Privacy's Foe or Privacy's Friend?, 85
Proceedings of the IEEE 1480, 1485 (1997) (discussing the privacy concerns related to the use of
biometric technology).
n332 Chandrasekaran, supra note 6 (quoting Robert Ellis Smith, publisher of Privacy Journal).
n333 All Things Considered, supra note 232.
n334 See id.
n335 FutureBanking, Am. Banker, Oct. 21, 1996, at 14A; see also Smith, supra note 111, at 5859 (objecting to the use of a national identity card as "dehumanizing" and "destructive of a free
society").
n336 The 700 Club, Fact Sheet: Biometrics--Chipping Away Your Rights, Oct. 9, 1995.
56
n337 See id.
n338 See Milbank, supra note 7.
n339 Throughout this paper, the term "general counsel" is used generically to describe the
government agency's legal counsel. The U.S. Department of State, for example, refers to this
office as the Office of the Legal Adviser.
n340 See, e.g., Whalen v. Roe, 429 U.S. 589 (1977).
n341 Ann Cavoukian, Go Beyond Security--Build in Privacy: One Does Not Equal the Other
(viewed Nov. 28, 1997) <http://www.microstar-usa.com/techsupport/faq/privacy.html>
(CardTech/ SecurTech "96 Conference, May 14, 1996). Dr. Cavoukian currently serves as the
Information and Privacy Commissioner of Ontario, Canada. See Consultations Begin On Draft
Law To Protect Personal Health Information, Can. Newswire, Nov. 21, 1997 (page number
unavailable), available in WESTLAW, Allnewsplus database.
n342 See id.
n343 See id.
n344 See, e.g., Perkey v. Department of Motor Vehicles, 721 P.2d 50, 53 (Cal. 1986); see also
Cavoukian, supra note 341.
n345 Several states routinely disclose and sell information that they require from citizens. For
example, Florida sells drivers' license information to marketing companies. See, e.g., Schwartz,
supra note 243, at 608.
n346 The "use limitation" principle could be easily implemented by the agency's informal
rulemaking procedures.
n347 See, e.g., Whalen v. Roe, 429 U.S. 589, 594 (1977).
n348 Cf. id.
n349 See, e.g., Wayman, The State of Biometrics, supra note 29, at 8.
n350 At least one company, Mytec, claims to have created "the world's first anonymous
verification system using finger patterns and light waves to protect privacy and maximize
security" Don Mills, Privacy Through Technology: Mytec True Recognition System Maximizes
Security With the Touch of a Finger, Can. NewsWire, June 13, 1996, available in WESTLAW,
Allnewsplus database; see also Cavoukian, supra note 341.
n351 See Mills, supra note 350.
57
n352 See id.
n353 See id.
n354 See id. While initial reports on this technology seem favorable, the system is still new and
not widely deployed. There are, however, advantages to taking and storing the actual finger
image. For example, for technical reasons, not all finger imaging systems measure the same
exact points (or what are known minutiae) of the fingerprint. Because of this absence of
uniformity in the finger imaging process, having the actual finger image enables the agency to
re-enroll a subject from the stored image in the event the agency ever wanted to change to a
different finger imaging system. Otherwise, the subject would have to be required to physically
re-enroll.
n355 Limiting staff access to these databases is all the more difficult in a time of budget cuts and
personnel downsizing when managers are under pressure to cross-train personnel to perform
multiple tasks in understaffed offices.
n356 See Whalen v. Roe, 429 U.S. 589, 594-95 (1977).
n357 See Goldberg v. Kelly, 397 U.S. 254, 267-68 (1970).
n358 On a purely speculative note, it is possible that vein measurement could implicate medical
information concerns. For example, drug users might have unusual vein patterns. See Interview
with Dr. Arthur S. DiDio and Dr. L. John A. DiDio, supra note 81.
n359 To the extent that the biometric future is uncertain, it's possible that today's esoteric
biometric might become tomorrow's high biometric.
n360 See GAO Report, supra note 7, at 2.
n361 See Fingerprint Scanners to Cost Half as Much, Am. Banker, Apr. 24, 1996, at 7.
n362 This last factor is admittedly a "soft" variable that is impossible to measure. On a purely
anecdotal basis, this writer has been impressed with the fact that many of the biometric
professionals both in government service and the private sector have a former national security
or law enforcement background. These professionals tend to be inherently comfortable with
fingerprints as a proven, time-tested, dependable identifier.
n363 See Brad Edmondson, People Patterns: Meltdown of the Nuclear Family Continues as
More Parents Go Solo, Wall St. J., Jan. 31, 1997, at A7A.
n364 See id.
n365 Id.
58
n366 In this scenario, like the U.S. automobile industry of the 1960s, biometrics could go the
way of the Big Three--retinal scanning, iris recognition and finger imaging.
n367 An example is the use of biometrics by the INS as discussed supra notes 112-20 and
accompanying text. Accord Investment: Brokers Recommend Biometrics Sector, Biometric
Tech. Today (SJB Services, England), Mar. 1996, at 3.
n368 While not specifically analyzing biometric databases, at least one privacy expert recently
commented that given the incentive to steal data and the computer advances which make hacking
or "electronic aggression" fairly easy, ideas of computer privacy are a "Luddite dreamland."
Daniel S. Greenberg, Computers Put the Byte on Privacy, Wash. Post, Nov. 4, 1996, at A19.
Criminal sanctions for unauthorized disclosures would be all the more necessary to the extent
that a secondary market develops for biometric identification information. The specter of
biometric identification information being bought and sold like names and addresses for mailing
lists, while too Orwellian for many Americans, could make such government databases lucrative
targets of data thieves.
n369 Lisa A. Alyea & Joseph P. Campbell, Jr., Update on the U.S. Government's Biometric
Consortium (visited Nov. 28, 1997) <http://www.biometrics.org/reports/ctst96/>.
n370 See id.; see also Campbell et al., Biometric Security, supra note 12, at 5.
n371 See Alyea & Campbell, supra note 369.
n372 Id. (emphasis removed).
n373 See id.
n374 See Dr. John Colombi, U.S. Government's National Biometric Test Center Effort,
Presentation Before the Ninth Biometric Consortium Meeting (Apr. 8, 1997). Dr. Colombi has
been named the Center's first director. U.S. Government funding for the Center is relatively
modest: $ 400,000 for FY97; $ 550,000 for FY98 and $ 500,000 for FY99. See id.
n375 Id.
n376 Interview with Dr. Jim Wayman, Ph.D., in Arlington, Va. (Apr. 8, 1997). Dr. Wayman is
the Principal Investigator of the National Biometric Test Center.
n377 See id.
n378 See id.
n379 See id.
59
n380 To date, the BC has done an excellent job of making information readily available to the
public. See Biometric Consortium (visited Nov. 28, 1997) <http://www.biometrics.org/>.
n381 See Skinner v. Railway Labor Executives Assoc., 489 U.S. 602, 621 n.3 (1989); see also
supra note 241 and accompanying text.