ISO-IEC Technical Report examines biometrics

17 Feb 09

Societal, cultural and ethical issues related to the use of biometrics in security systems for identifying people are clarified in a new technical report by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC).

By Brian Sims

Biometric technologies are currently required in many public and private sector applications worldwide to authenticate an individual’s identity, secure national borders and restrict access to secure sites/buildings and computer networks.

With this in mind, ISO/IEC Technical Report TR 24714-1:2008: Information Technology – Biometrics – Jurisdictional and Societal Considerations for Commercial Applications (Part 1: General Guidance offers general guidelineson the design of systems that use biometric technologies to capture, process and record biometric information.

The Technical Report gives generic recommendations providing principles, guidelines and considerations for the design and implementation of biometric systems, including the following:

jurisdictional issues related to privacy and protection of personal information
Health and safety issues

Operation, accessibility and usability

It also addresses conditions of the physical environment that may affect the operation, accessibility and usability of a biometric system and continues with the societal, cultural and ethical aspects of biometrics, and discusses acceptance of the use of biometric characteristics. The report doesn’t address the specification and assessment of Government policy.

ISO/IEC TR 24714-1:2008 covers the following:

the capture and design of initial requirements (including legal frameworks)
development and deployment
operations (including enrolment and subsequent usage)
interrelationships with other systems
related data storage and security of data
data updates and maintenance
training and awareness
system evaluation and audit
controlled system expiration

Benefits for primary Stakeholders

Some of the benefits to be gained by the primary Stakeholders of ISO/IEC TR 24714-1:2008 (designers, implementers and system operators of biometric systems) if they follow the recommendations and guidelines are:

enhanced acceptance of systems using biometrics by subjects
improved public perception and understanding of well-designed systems
smoother introduction and operation of these systems
potential long-term cost reduction (whole life costs)
increased awareness of the range of accessibility-related issues
adoption of commonly approved good privacy practice

Speaking about the document, Fernando Podio – the chairman of the ISO/IEC Joint Technical Committee 1, Information Technology, Sub-Committee 37: Biometrics that developed the report – commented: “For decades, biometric technologies were primarily used in law enforcement applications. Currently, they are increasingly being required in multiple applications worldwide.”

Podio continued: “These technologies provide the opportunity for the deployment of significantly better security for physical and logical access control. ISO/IEC TR 24714-1 will help biometric-based system users, writers of system specifications and decision-makers in the context of the cross-jurisdictional and societal considerations for commercial applications of biometrics.”

How to order your copy

Copies may be obtained directly from ISO Central Secretariat, through the ISO Store (see web link) or by contacting the ISO Marketing and Communication Department (see the dedicated link provided on the right hand panel of this page).