Collection and storage of biometric data: what you need to know
Miscellaneous / / October 09, 2023
The most important thing is that they can be erased at any time.
What is biometric data and why is there so much talk about it?
Biometrics are unique physical characteristics that allow a person to be identified. Now these are, for example, fingerprints, voice samples, faces, iris and more.
In general, the method of recognition based on biometric data has been used for a long time. Fingerprinting began to be used to search for criminals at the beginning of the 20th century. But in recent decades, technology has come a long way. About 30 years ago, we only saw in futuristic films how scientists entered secret laboratories using the iris of the eye. And today we unlock phones ourselves using a fingerprint or face recognition.
The reason why the topic of biometrics began to be widely discussed was the new law on the storage of such data. Previously, companies acted in this matter at their best, ensuring security on their own. But the state decided to store biometric data centrally and created a corresponding registry, known as the Unified Biometric System and operating since 2018.
But if previously companies that collect biometric data transferred them to the registry voluntarily, now they obliged do it. Moreover, they had to send the information to the unified system by September 30, 2023.
Back in the summer, banks began sending out messages to clients stating that they would transfer their data to the state register before the end of the period specified in the law. What sowed some panic. People began to wonder whether it was possible to opt out of collecting and storing biometric data. Spoiler: it is possible, and despite the rumors that caused particular concern, at any moment. We will discuss the mechanism of how to do this below, but first we will figure out why to do this and whether it is worth it at all.
What problems can arise from collecting and storing biometric data?
Let's agree right away so that this doesn't look like a witch hunt. The technology of identifying a person using biometric data itself is neutral, like any tool. It is not connected either with the number of the beast, or with chipping, with the help of which aliens will control people on Earth, or with other obscurantism.
Biometrics makes life easier in many ways. For example, it helps to cross the border, since biometric data is embedded in modern international passports. You no longer need to rely on the vigilance of the border guard: he can scan a person’s passport and fingers and make sure that it is the owner of the document. Access to applications, ATMs and similar things becomes easier because you don't have to remember or enter a password. Besides, it's still easier to steal than a finger or a face.
But any tool can be used for good and for harm. For example, unlocking a phone with your face is quick and convenient, but if a person is attacked in the alley, the device is taken away and forced to look at the screen, the feature becomes a bug.
How securely biometric data is stored is important. While companies do this themselves, you can assess the risks by communicating relevant information to them. But now this is impossible; the data will still end up in the general register, for which the state is responsible. And there are two nuances here.
Firstly, intruders may not see much point in attacking the storage facilities of individual companies because it is not clear how to use this information. But a centralized base is always a good target. From there you can get various data and then look for a use for it.
Secondly, it is impossible to say how carefully the state will protect the collected biometric information. Government officials, of course, promise security. But there were some problems with Gosuslugi in this regard, data have already been leaked to the Network. So whether to leave them in the state register or not depends on your level trust to the state.
Finally, a lot depends on how conscientiously the data will be used, access to which will not only be available to the person to whom you provided it purposefully. For example, a person just wanted to use an ATM using his face. But now it’s even easier to identify him from CCTV footage, because the database has a clear comparison of his face with Full name.
How to opt out of storing biometric data
This can be done at any time. Failure like should from the law, cannot be an obstacle to receiving state and municipal services.
You can submit the corresponding application at the multifunctional center during a personal visit or through “Public services». To do this, log into your account, click on your photo in the upper right corner, select “Profile” from the drop-down menu, and then select the “Biometrics” tab in the list on the left.
1 / 0
Screenshot: Gosuslugi portal
2 / 0
Screenshot: Gosuslugi portal
Next, mark the data you want to erase and click “Delete.” After this, the information should be erased, but how much everything will actually be deleted is another question.
Take care of information security🧐🪪🔓
- 7 best free antiviruses
- Why you shouldn't trust App Store privacy ratings
- How to avoid problems if you need to use a copy of your passport on the Internet
- How to protect personal data on the Internet
- How to protect parents on the Internet