Via Hand Delivery
March 28, 2000
Mr. Eric Fredell
Task Force on Electronic Commerce
International Trade Administration
Department of Commerce
Fourteenth Street & Constitution Avenue, N.W.
Washington, D.C. 20230
Dear Mr. Fredell:
I am writing in response the notice published on March 17 by David L. Aaron, Under Secretary of Commerce for International Trade. The notice sets forth revised International Safe Harbor Privacy Principles and "Frequently Asked Questions" (FAQs) concerning the EU-U.S. agreement on data privacy standards.
IBIA, the trade association for the biometric industry, believes that the proposed revised Principles and FAQs reflect the best interests of U.S. companies operating in EU markets. As those Principles are implemented, IBIA urges the Department to respect the specific concerns of the biometric industry expressed in IBIA's letter of comment dated November 19, 1998, a copy of which is enclosed. IBIA's core concern is to ensure that policymakers understand that biometrics are powerful means to secure personal privacy and deter identity theft.
To promote a better understanding of biometrics and learn more about the issues faced by the Department, we would welcome the opportunity to meet again with you and other appropriate officials
Page Two
responsible for data privacy matters. Please phone me so that we can fix a convenient date and time to meet.
Sincerely,
Richard E. Norton
Executive Director
November 19, 1998
Mr. Eric Fredell
Task Force on Electronic Commerce
International Trade Administration
Department of Commerce
14th & Constitution Avenue, N.W.
Washington, D.C. 20230
Dear Mr. Fredell:
This is in response to Mr. David Aaron's notice of November 12, 1998, describing the proposed International Safe Harbor Privacy Principles. As the trade association for the biometric industry, the IBIA has reviewed the proposal and offers comments on behalf of its member companies.
The biometric industry is relatively new, and it is only in the past few years that its products have been in common use. The industry produces devices and software that automatically verify or identify an individual by unique physical characteristics. Examples include products that use face, iris, hand, fingerprint, and voice measurements in environments such as border control, information security, physical access control, financial transactions, time and attendance, law enforcement, and other civil and government applications.
In most of the applications biometric technology is used to erect a barrier between personal data and unauthorized access. Often this is done by creating electronic templates that are used to perform the verification process. The templates normally use proprietary and carefully guarded algorithms to secure a record and protect it from disclosure. Standing alone, these templates are of no use and therefore do not appear to meet the definition of "personally identifiable data."
Despite this important distinction, the industry is acutely aware of both the general perceptions that are created through the collection of any electronic information and the specific role that biometrics play in linking an individual to sensitive data. Companies understand that without a clear public stance on the issue of privacy, the industry faces serious obstacles in trying to achieve broad public acceptance of the
Page Two
technologies and thereby expand markets for its products here and abroad. As a first step in addressing this situation, IBIA members have established a strict Code of Ethics that obligates them to protect individual privacy and prevent unauthorized disclosure of information.
In addition to demonstrating voluntary compliance, the industry recognizes the need for, and generally supports, the proposed Safe Harbor Principles. It is crucial, however, that government negotiators be aware of the protections that biometric technologies offer, and resist agreements that would constrict the use of biometric data to preserve personal data. We therefore strongly encourage the Department of Commerce to be sensitive to the unique status of biometrics when conducting negotiations with the European Union and other countries.
To promote a better understanding of the industry and learn more about the issues faced by the Department, we would welcome the opportunity to meet with you and other appropriate officials who are involved in data privacy matters. I will contact you shortly to arrange such a session.
Sincerely,
Richard E. Norton
Executive Director