Protests have occurred, legislation enacted and class action lawsuits filed that all relate directly to the biometrics used by automated proctoring services, that capture and store facial recognition data, facial detection data, recorded patterns of keystrokes, eye monitoring data, gaze monitoring data, and camera and microphone recordings as part of the service they provide.
Before going further we should break down the meaning of “Biometric”.
"Bio" short for biological, relating to biology or living organisms, and “metric” meaning a standard of measurement. The Illinois’s Biometric Information Privacy Act (BIPA), considered one of the toughest laws in the U.S. concerning the protection of biometric data defines the term "Biometric identifier" to mean “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.”
The BIPA legislation provides a protective framework for Biometric data use regardless of how the biometric data was/is captured, converted, stored, or shared.
So what is the concern about the use of biometrics by the automated proctoring services?
Biometric data is as personal as it gets, which is why many physical security systems use retinal or facial scan for security access points, we also see it used for access to personal banking services and many of us use biometrics to access our electronic devices like laptops and iPhones.
Additionally, the belief in the accuracy and infallibility of biometrics can create its own problems. If we focus on biometrics related to the human face, we find that it is just like any other type of measurement that it is open to error, as both the image being measured may not have the resolution required and due to the challenges relating to the measuring a three dimensional object from a two dimensional image.
While biometrics are continually improving through use of computer learning, a big problem with the “learning” to date has been the demonstration of racial biases due to the inappropriately representative demographics being used to train these systems. This means that these algorithms can programmatically disadvantage people based on race and result in a disproportionate application of scrutiny and administrative requirements.
Even with all of this known, the use of biometrics in the proctoring industry is mainly to eliminate the need for human capital in an attempt to increase profits & revenues. Further risks in this type of service include biometric data being collected transmitted and stored that could be leaked/hacked/miss-handled and then miss-used resulting in significant and everlasting security impairment for the learner. No matter the promises of encryption, password protection, or deletion processes, if biometric data leaves the users device, the data is thereby at-risk. (See other article about proctoring data hacked from proctoring service provider).
So how could a responsible proctoring service provider find a solution that addresses the shortfalls, protects the learner, and improves the user experience? Well, the solution already exists, in fact it is used by billions of people every day. Anyone with a cellular phone with facial recognition utilizes biometrics to unlock their phone and this is done without any of the biometrics ever leaving the device. Institutions and learners need to demand the biometrics are never transmitted from the learners device onto their servers. The use of biometrics needs to remain on the learners device and within their control at all times.
Integrity advocate was created based on the precepts of Privacy by Design and to provide organizations with an alternative to the legacy grab-all surveillance services that make up the majority of the proctoring service providers on the market
Learn how our Privacy by Design architecture is used to protect yourself, your organization, and your end users.. Book a demo today.