Biometric information refers to physical or behavioural characteristics such as fingerprints, facial patterns, iris scans or voiceprints that can be used to authenticate or identify a person.
In India, the Aadhaar system, the world’s largest biometric ID system, assigns a unique number to residents based on their biometric and demographic data. While the system has streamlined welfare delivery and identification, it has also faced criticism for enabling mass surveillance and contributing to the exclusion of vulnerable groups. Numerous reports have documented cases where individuals, especially elderly people or manual labourers with worn fingerprints, were denied food or social benefits due to fingerprint authentication failures. Moreover, Aadhaar data breaches have exposed millions of records, undermining user trust.
In Kenya, the National Integrated Identity Management System (NIIMS), known as Huduma Namba, attempted to centralise all government data under a single identifier. Civil society organizations successfully challenged the system at the High Court for failing to comply with constitutional requirements on data protection and privacy. Critics warned that a single source of truth containing biometric and demographic information would allow state surveillance on an unprecedented scale. Since the court halted the mandatory rollout, the government has relaunched the project under the name Maisha Namba, facing similar challenges.
In South Africa, biometric authentication has become a precondition for accessing social welfare. The Social Security Agency (SASSA) requires biometric enrolment and authentication to combat high levels of fraud and identity theft. Similarly, the Department of Hume Affairs (DHA) has also upgraded their system to require face and fingerprint authentication against the citizen register for people seeking essential government services. The government also has high hopes for the private sector benefiting from the widespread adoption. These reforms happened during the G20 presidency of South Africa.
Most countries of the world have a requirement for biometric fingerprint and facial information for issuing passports to their citizens and residents. Therefore, there are extensive databases in these countries of the biometric information of almost the whole population.
The many pictures of faces on the internet can be seen as a decentralised data set of biometric information. Private companies use this information to offer free Facial Recognition Services or data brokers transact this information. It is highly likely that intelligence agencies and law enforcement also use this information to identify suspects.
<aside> 💡
Simply put, biometrics assumes that we all have hands, eyes, and faces with unique patterns that can be scanned to recognise us.
</aside>
Biometric technology is built on the assumption that every human has certain bodily features and that a machine can recognise patterns in these features that are unique enough to re-identify that person.
It is important to highlight how this technology functions and what pitfalls it can have.
First, the recognition of these patterns is not absolute. For example, if a finger is only partially placed on a scanner, the error rate of recognition can increase significantly. Additionally, the hands of manual labourers may cause the fingerprint patterns to become faint or unreadable. Similar effects can occur if substances like glue are applied to the fingertips.
The picture of a face can become less accurate for facial recognition by bad lighting, images from high angles and if the person is wearing a mask, wigs or prosthetics. Facial recognition can also be tricked by alternating the image with photoshop or letting AI change the picture from a webcam to an alternate face in real time. Much harder to fool are other forms of biometrics, such as palm vein recognition or iris scanners, which even work with glasses and contact lenses.
Secondly, irrespective of how many patterns could be recognised, they will be converted into a mathematical representation. These mathematical representations are then compared to a data based of other biometric features.
These matches are probabilistic, not absolute. This means that, depending on the type of biometric technology and the specific scenario, two different people might be mistakenly matched as the same person, or two scans of the same individual might be identified as belonging to two different people.
Importantly, while facial recognition and fingerprints have error rates that make false matches possible, this is much less likely with iris and palm vein recognition.
How it works: