"PLEASE put your hand on the scanner," a receptionist at a doctor's office at New York University Langone Medical Center said to me recently, pointing to a small plastic device on the counter between us. "I need to take a palm scan for your file."
As a reporter who has been covering the growing business of data collection, I know the potential drawbacks -- like customer profiling -- of giving out my personal details. But the idea of submitting to an infrared scan at a medical center that would take a copy of the unique vein patterns in my palm seemed fraught.
The receptionist said it was for my own good. The medical center, she said, had recently instituted a biometric patient identification system to protect against identity theft.
I reluctantly stuck my hand on the machine. If I demurred, I thought, perhaps I'd be denied medical care.
Next, the receptionist said she needed to take my photo. After the palm scan, that seemed like data-collection overkill. Then an office manager appeared and explained that the scans and pictures were optional. Alas, my palm was already in the system.
No longer the province of security services and science-fiction films, biometric technology is on the march. Facebook uses facial-recognition software so its members can automatically put name tags on friends when they upload their photos. Apple uses voice recognition to power Siri. Some theme parks take digital fingerprints to help recognize season pass holders. Now some hospitals and school districts are using palm vein pattern recognition to identify and efficiently manage their patients or students -- in effect, turning your palm into an E-ZPass.
But consumer advocates say that enterprises are increasingly employing biometric data to improve convenience -- and that members of the public are paying for that convenience with their privacy.
Fingerprints, facial dimensions and vein patterns are unique, consumer advocates say, and should be treated as carefully as genetic samples. So collecting such information for expediency, they say, could increase the risks of serious identity theft. Yet companies and institutions that compile such data often fail to adequately explain the risks to consumers, they say.
"Let's say someone makes a fake ID and goes in and has their photo and their palm print taken as you. What are you going to do when you go in?" said Pam Dixon, the executive director of the World Privacy Forum, an advocacy group in San Diego. "Hospitals that are doing this are leaping over profound security issues that they are actually introducing into their systems."
SOURCE: NATASHA SINGER
The New York Times
The New York Times