Ethics of Behavioral Biometrics

Is storing and using personal biometrics data ethical with the consent of users? The parties involved are the user, the computer storing the data, the company holding the data and hackers who may steal the data. Let us consider, under the Rights Approach, which action best respects the rights of those involved. If a customer goes to a store in person, should the cashier be legally allowed to notice small things like a shaky hand, or that they got a nice hair cut? Yes, a worker should be legally allowed to notice small things about a customer. Likewise, a website should be allowed to notice small things about a customer. Additionally, under the Utilitarian Approach, storing and using personal biometrics data with the consent of users would benefit the customer because the website can be optimized to them. For example, users with shaky hands could be given larger buttons on the screen. There is a risk that the biometric data is hacked or stolen, however, this risk can be minimized with government regulation to ensure the data is secured properly.

Is it ethical to provide the government with user biometrics to assist with national security? The parties involved are the government, the company holding the data and the user. Let us consider, under the Rights Approach, which action respects the rights of all who have a stake in the decision? The constitution correctly already protects the rights of people from unreasonable search or seizure. So yes it is ethical to provide the government with user biometrics if the government has a warrant, and no it is unethical if they don’t have a warrant. This best respects the rights of all those involved because the user data is only provided to the government when the government has probable cause.

Is the use of biometrics an invasion of personal privacy? No, it is not an invasion of personal privacy. Every time a person goes into the world they are releasing biometric data to the world. If a cashier at a grocery store recognizes a customer by face, no customer would say “how dare you remember my face sir, that’s an invasion of my personal privacy!” If somebody wants to shop at a supermarket and have nobody recognize who they are, they can wear a disguise. Likewise, if a person wants to use the internet and mask themselves, they can use a script sanitize their biometric data, perhaps by smoothing out mouse movement or otherwise. In the real world and on the internet it is a person’s responsibility to mask or disguise themself if they want to do that sort of thing.