Biometrics, or the measurement of physiological or behavioral characteristics for authentication or identification, has potential for enormous positive impact on such areas as law enforcement, data protection, counter-terrorism and border security.\nYet concerns about privacy have given some people pause. When considering biometrics, it\u2019s important to understand the difference between anonymity and privacy \u2013 and why it matters.\n\u201cPeople sometimes confuse privacy and anonymity,\u201d says John Mears, Senior Fellow, Homeland Security Solutions at Leidos. \u2018Many don\u2019t understand the difference, and the relationship of the two things to the concept of trust.\u201d For Mears, being recognized in an encounter at a store or while walking down the street can be embarrassing in certain situations, especially if you can\u2019t remember the other person\u2019s name, but that\u2019s the extent of it. \u201cThere\u2019s no harm in somebody recognizing me,\u201d he says. \u201cMy privacy hasn\u2019t been invaded because I\u2019m walking down the street or going to the store.\u201d\nIn fact, privacy doesn\u2019t require anonymity and anonymity doesn\u2019t guarantee privacy. \u201cFor instance,\u201d Mears says, \u201cthose robo-calls I get in the evenings sure feel like an invasion of privacy at dinner time, but I know they have no idea to whom they are speaking when \u2013 or if \u2013 I answer.\u201d In this case, anonymity didn\u2019t guarantee privacy. As a result, Mears says that he\u2019s begun to screen calls based on caller-ID. \u201cI\u2019ve learned to mistrust caller IDs that I don\u2019t recognize,\u201d he says.\nWhich brings up another important point \u2013 the relationship between anonymity, privacy, and trust. \u201cKnowing someone is necessary but not sufficient to trusting them,\u201d Mears says. \u201cI\u2019ll take calls from people and companies I know and trust \u2013 unless they abuse that trust in some way.\u201d Whether you decide to trust a person or a company or not depends fundamentally on being able to identify them and to associate their behavior with their identity uniquely. This is true not only for individuals, but also for companies or countries.\nFor instance, trusting a foreign national to enter into a country depends on biometrically identifying them, and associating past records about that person with that unique identity. We don\u2019t necessarily know if the person is traveling under an assumed name or with a stolen passport, but the biometrics will reveal the truth. While biometric identification currently legally applies to foreign travelers crossing borders, Mears says that he\u2019d like to see it apply to all travelers, including citizens. \u201cI\u2019d like some assurance that someone can\u2019t steal my biometric-enabled ePassport and board a plane illegally with it, just because the thief claims he\u2019s a citizen, and therefore exempt from verification.\u201d Of course this brings us back to questions of privacy and anonymity and trust for the process. \u201cWhy should I trust someone I barely know on the other side of the world and not trust our own national travel security processes?\u201d Mears asks. Especially when there are so many protections in place.\n\u201cIn the U.S., we have no less than 29 federal laws covering protections of various aspects and definitions of privacy,\u201d says Mears. \u201cThere is no guarantee of anonymity in any of our laws.\u201d In the case of biometrics, the loss of anonymity itself isn\u2019t harmful; it\u2019s what happens when someone is identified that counts. For identified bad people, we want protection for the rest of society.\u00a0\u00a0 For innocent people, we want protection from fraud and unnecessary invasions of privacy. Strong identity helps sort them out in either case. \u201cStrong identity concepts, pervasively implemented, are keys to a high-functioning society.\u201d\nWhether you are a government or a company, how do you maintain the public\u2019s trust when implementing strong identity practices that include biometrics? At the highest level, the answer to this question revolves around communications, being transparent about identity policies, and periodically verifying adherance to those policies.\u00a0\u00a0 In the case of the government, agencies involved in identity verification practices publish privacy impact assessments, which are publicly available. Companies aren\u2019t subject to such regulations, so the International Biometrics and Identity Association, as well as the Biometrics Institute and the Security Industry Association have published recommended best practices for trustworthy companies. Generally they state that organizations should provide notice of when and where biometrics are being used and for what purpose, and be transparent with their customers or users in defining what is collected and for how long it can be stored, and on whether information can be shared and with whom. With the right transparent policies in place, rigorous biometrically-verified identity can be both beneficial to society, as well as preserving of privacy and trust.\nTo learn more about biometrics, click here.