Concerns raised over leak of biometric data in UK

LONDON • The nature of how organisations capture and store the public's biometric data, such as fingerprints and images of faces, came under renewed scrutiny this week by security experts and regulators.

Britain's Information Commissioner's Office (ICO) said it was opening an investigation into the use of facial-recognition camera technology at King's Cross development in London. It followed revelations on Wednesday that millions of pieces of personal biometric data may have leaked from a popular security service.

"Scanning people's faces as they lawfully go about their daily lives, in order to identify them, is a potential threat to privacy that should concern us all," Ms Elizabeth Denham, Britain's Information Commissioner, said in a statement on Thursday.

In addition to seeking information about how the technology will be used, she said, the ICO "will also inspect the system and its operation on site to assess whether or not it complies with data protection law".

King's Cross said earlier in the week that it had "sophisticated systems in place to protect the privacy of the general public".

Privacy is only one worry, however. Although the Biostar 2 data breach was unconnected to King's Cross or the ICO's concern, security experts said both events served as an important reminder of the risks associated with the use of the public's imagery.

"Security is only as strong as the weakest link," Ms Michela Menting, research director at ABI Research, said in an interview. "Far too many companies are lacking in their risk analysis and security evaluations."

She said the growing trend of so-called deepfakes - audio and video clips fabricated to depict people saying or doing things they never said or did - was a particular concern in this regard.


"The key ingredient in truly credible deepfakes is having a lot of data on the subject, and notably video of a person in any number of different facial expressions," Ms Menting said. "One can imagine that leaks of facial recognition information can help to build better databases."

Data such as digital fingerprints, once lost, can alter a person's life forever, as it is nearly impossible to retrieve that information - or replace one's fingers as easily as changing a password.


A version of this article appeared in the print edition of The Sunday Times on August 18, 2019, with the headline 'Concerns raised over leak of biometric data in UK'. Subscribe