Within the next four months, a major Bay Area supermarket chain plans to introduce a payment system that uses biometric fingerprint authentication to verify customers' identities. Under this system, shoppers in checkout lines won't need to use cash, checks, debit cards or credit cards. Instead, they can place their fingers on scanners that read fingerprints, and once the device links to their bank or credit card accounts, they can buy groceries, get cash back and do everything else shoppers do.

The system is already used in cities around the United States, including Portland, Ore., and Chicago, where one shopper says it has changed his life for the better. Linc Thelen, a 37-year-old interior designer, says the fingerprint system -- known commercially as Pay By Touch -- is convenient to use and expedites his way through grocery lines at Jewel-Osco, where he shops. Thelen says the system lets people leave their wallets behind, so they don't have to worry about being robbed or losing their credit cards.

At El Camino Hospital in Mountain View, a medical supply cabinet requires a thumbprint from an authorized user to open. Chronicle file photo, 2004, by Liz Hafalia

"I had no reservation," Thelen said in a phone interview. "It's a safe way to store information."

But no system is 100 percent foolproof.

Despite the fact that armed men guard the computers that store the customers' virtual fingerprints, despite the fact that Bank of America's former security chief now heads Pay By Touch's security division, and despite the fact that Pay By Touch hires people to try to expose vulnerabilities in its computer system (so those vulnerabilities can be eliminated), Pay By Touch President John Morris acknowledges that "it's not impossible" for computer hackers to figure out how to tamper with its information.

And therein lies one of the 21st century's most vexing problems: More and more of our personal data are captured and stored by corporate and government interests, and are potentially available to anyone with the technological, legal or financial means to access that information.

Whether it's phone calls we make, library books we check out, CDs we buy on the Internet or divorces we finalize in court, we leave a trail of information that becomes susceptible to prying eyes. For the price of a bus pass, you can pay a company to supply anyone's address, phone number, political affiliation, estimated income and property history. For $20 more, you can find out if that person is married or divorced, has a criminal record, and what sort of jobs he or she has worked.

Sen. Hillary Clinton, D-N.Y., says she will introduce a "privacy bill of rights" because identity theft and security failures of personal records have become "one of the most important issues facing us as individuals and as a nation."

The availability of personal information -- downloadable onto laptop computers, which are increasingly being fitted with fingerprint technology -- is changing the culture in ways that may seem trivial but are really benchmarks for a new society already in its formative stages.

An HP laptop computer uses biometric fingerprint technology to prevent unauthorized users from logging on. File photo, 2005, courtesy of Hewlett-Packard

A small example: Unbeknownst to the men who date her, Judy runs background checks on all of them, using a private investigator to dig out any "red flags" that would presage troubling behavior. A businesswoman in Southern California, Judy, 50, uses a company called DateSmart, whose client base has boomed in the past five years as more people confront the perils of online dating.

"I'm glad the information is out there," says Judy, who did not want her last name used because of concerns her suitors would read this article. "The men I'm talking to online are complete strangers. And I have absolutely no knowledge of their character other than what they're saying in their profiles. I need to feel comfortable knowing that they're not an ax murderer. The people you meet might be well dressed, but you never know if they have any criminal history. It's for (my) safety."

Background checks are nothing new. What's changed are the speed with which you can obtain them, their relatively small price (some companies advertise free checks) and their growing public acceptance. The information revolution has transformed the background check into a common and casual tool, and those being scrutinized probably don't have a clue. More obvious are the security cameras embedded in nearly every major American city, including New York, Milwaukee, Chicago, Atlanta, Los Angeles and, yes, San Francisco, where lenses record people's activities in such crime-ridden neighborhoods as Bayview-Hunters Point and the Western Addition. The spread of these cameras is championed by authorities, who say it reduces criminal activity, and criticized by the ACLU, which says the equipment is an unnecessary intrusion into public spaces.

Civil liberties groups have joined the widespread outcry against the government's monitoring of Americans' phone-call records. Two weeks ago in federal court, the ACLU challenged the legal rationale behind the National Security Agency program, arguing that the NSA's actions -- involving "data mining" of records provided by AT&T and other telephone companies -- violate Americans' rights to free speech and privacy as guaranteed under the First and Fourth Amendments. Last week, privacy experts raised questions about the U.S. government's monitoring of international bank transfers -- previously secret data surveillance officials say is justified by the fight against terrorism.

Americans' rights to privacy will be tested even more in the next few years as biometric technology creeps increasingly into everyday arenas. For example, on the campus of UC San Diego, biometric experts are testing a soda machine that uses both fingerprint and face-recognition technology. The machine is in a lounge for grad students in UC San Diego's computer science building.

"The students are very excited about getting it working," Serge Belongie, a UC San Diego associate professor of computer science, says in a phone interview. "People think it's very cool. ... No one uses money. They have accounts. What would be fun is if (the machine) recognizes you and says, 'Would you like your usual?' "

If UC San Diego students are reluctant to use the machine, their privacy concerns are outweighed by convenience -- a sentiment echoed in survey after survey on biometric technology. In March, Unisys Corp. released a report on public perception of "identity management" that said convenience and efficiency were the two biggest reasons consumers would use biometric technology. (The most preferred biometric methods are fingerprints and voice recognition, according to the survey. The least preferred, because of its perceived intrusiveness, is an iris or eye scan.)

Two of the biggest turnoffs for those who shun biometric technology: suspicion of how the technology works and loss of privacy. Among respondents from North America, just 56 percent said they'd be willing to share their fingerprint with a government organization such as a post office or tax authority. Among respondents from the Asia-Pacific region, 71 percent said they'd share their fingerprint with the government.

"As consumer confidence grows in the large-scale usage of (biometric technology) and standards are more generally comfortably adopted, you're going to see a pretty rapid migration" to it, says Mark Cohn, Unisys vice president for homeland security solutions.

Cohn, a principal architect of the Department of Homeland Security's US-VISIT Exit system, which uses fingerprint technology to run background checks on visa applicants and verify their entry to and arrival from the United States, says Malaysia offers a preview of how the United States may change in the coming years.

Since 2001, the Malay government has issued a biometric "multipurpose card" to Malaysians 12 years and older. The card, which features a thumbprint and photograph, acts as a passport, driver's license, ATM card, toll and parking pass, and medical record that lists blood type and any allergies.

The card is convenient to use -- but it's a nightmare for Malaysians who lose it or have it stolen. Crime syndicates in Malaysia have altered cards with different photographs and used them to give members new identities, though the Malay government insists these identity thieves can't access the original cardholders' personal information. Special chip technology and other password features prevent this, they say. Also, the cardholder's fingerprint -- rather than being visible on the card -- is encrypted in the card itself: To reveal the fingerprint, the card must be inserted into a special biometric device that compares the encrypted print with that of the person claiming to be the cardholder.

For anyone who has read Orwell's "Nineteen Eighty-Four," where "telescreens" keep track of people's lives, this new biometric technology will seem like fiction come to life. It's showing up everywhere. By the end of this year, U.S. passport agencies hope to issue "electronic passports" with computer chips that have digital photos of the holders. With the help of face-recognition machines, airport security can compare a photo with the face of the passport holder. For two years, an American corporation, VeriChip, has sold government-approved electronic chips that are inserted under people's skin to give doctors instant access to patients' medical histories.

In 2008, as mandated by the Real ID Act, states plan to issue driver's licenses linked to a database that includes each license holder's photo and Social Security number. These licenses (civil liberties groups call them national identity cards) will likely include a biometric photo of the driver accessible by authorities.

In the meantime, banks are considering using iris scans and even palm scans at ATMs in an effort to cut down on fraud. (In 1999, Bank United in Texas adopted iris-scan technology at three of its ATMs in a test that was discontinued when Washington Mutual took over the bank.)

Some people love the new technology. Others shun it.

Pay By Touch admits it has encountered some resistance among shoppers it approached in supermarkets that already use the company's fingerprint service. But Morris, its president, says many of these customers are quickly won over by the convenience of Pay By Touch, which is free for consumers, and that the company keeps data points based on users' fingerprints, not actual fingerprints. So far, supermarkets in 40 states use the Pay By Touch system.

Pay By Touch, which is based in San Francisco, wouldn't say which Bay Area supermarket chain will start using its fingerprint system in the next four months -- only that the chain will use the system in just a handful of its Bay Area stores. Pay By Touch users sign up voluntarily and are under no obligation to use it at the checkout line.

Pay By Touch says it takes great care to safeguard its users' data. After fingerprints are converted into algorithms, they're encrypted, then stored in IBM computers. Those algorithms can't be reconverted into an exact copy of the fingerprint, though Pay By Touch may eventually store users' actual fingerprints if the technology improves, Morris says. The company insists it will never sell users' personal information or fingerprints to anyone else -- a pledge that's backed up in writing when users sign up with the company. But what if federal authorities, citing national security, insist on the finger scan and payment history of a Pay By Touch user?

Pam Dixon, who heads the World Privacy Forum, a public research group, went to Chicago to warn potential Pay By Touch users about possible dangers.

"It didn't stick," she says. "People were (more) concerned with (convenience than) the potential risks. People can put their thumb on a pad and be done with it. But meanwhile, their biometric data is sitting with another company, a third party, that's subject to subpoena. One argument that I made: Let's say that every supermarket in the country, particularly the large chains, (use) a biometric payment system. It's a law enforcement dream because who needs a biometric database run by the U.S. government when you've got one being run by private companies?"

Citing the recent disclosure by the Veterans Administration, which said a computer with credit information on millions of veterans had been stolen, Dixon says, "The second issue is information security. If the VA can't keep its records secure, which is a government agency that has all sorts of strict controls that are supposed to be in place, how on Earth can a private company without the resources of something like the VA manage to keep something secure? When we have a credit card stolen, we can call the credit card company and say, 'Give me a new number.' But you can't do that with your biometric. You can't say, 'Give me a new fingerprint.' "

Morris dismisses such concerns, saying that Pay By Touch will actually decrease the likelihood that consumers' credit information is stolen or misappropriated. "I think (Pay By Touch users) get pretty rapidly that it's the ultimate way to secure their private data," he says. "It connects (their accounts) to something that's uniquely them, as opposed to handing a credit card over to a stranger or writing a personal check that seven or eight humans touch before it gets in their statement. Securing information by a biometric is a giant leap forward. (Users) like that they don't have to pull their card out anymore. They (tell us they) like that they don't have to carry their (purses or wallets) through the parking lot of an urban supermarket. There's a physical security benefit. Their numbers are never displayed. The safety of securing their data is the No. 1 thing they like."

The marketplace will determine whether the public is ready to accept commercial fingerprint identification. Investors in Pay By Touch believe that day is here, capitalizing the company with $190 million in the past 12 months. More than 2.5 million shoppers already use the Pay By Touch system. Morris envisions a day when all stores -- even mom-and-pop ones -- offer a Pay By Touch option.

Soon, customers will be able to use Pay By Touch from home with the help of fingerprint readers attached to their computers. In ancient China, rulers would put their fingerprints on documents to give them an official seal. Artists would also mark their work with prints. It wasn't until the late 1800s that authorities realized they could use fingerprints to catch criminals. Their evolution as a way to pay for groceries is a 21st century twist fueled by technology. It's also a trade-off between privacy and convenience. Welcome to the brave new world in Aisle 5.

E-mail Jonathan Curiel at jcuriel@sfchronicle.com.

________________________

Read from Looking Glass News

You need not be paranoid to fear RFID

SpyChips: How Major Corporations and Government Plan to Track Your Every Move with RFID

All US passports to be RFID chipped

Police State Technology: Implanting a GPS-microchip in the body of a human being, using a high powered sniper rifle

Spy-Chipped Levi's Brand Jean Now In US

Verichip for All: Tommy Thompson Has Gone Insane

HOMELAND SECURITY WANTS TO TRACK SPYCHIPS IN MOVING CARS

SpyChips: How Major Corporations and Government Plan to Track Your Every Move with RFID

Hospital to test ID chip in patients

New chips called a danger to privacy

FDA approves injecting ID chips in patients

Video surveillance outfit chips workers

RFID Kryptonite