What is BIPA?
The Biometric Information Privacy Act (740 ILCS 14), enacted in 2008 by the Illinois General Assembly, is the most aggressive biometric privacy statute in the United States. Unlike GDPR's biometric provisions or the Texas CUBI statute, BIPA grants a private right of action — any individual can sue, not just the attorney general. This single feature has made BIPA the source of more biometric litigation than every other US privacy law combined.
BIPA provides for $1,000 per negligent violation and $5,000 per intentional or reckless violation, with no statutory cap on aggregate damages. In Rosenbach v. Six Flags (2019), the Illinois Supreme Court held that a plaintiff does not need to show actual injury — a mere technical violation is enough to sue. The Clearview AI class action settled for $6.85 million. BNSF Railway was hit with a $228 million jury verdict. Facebook (now Meta) settled its BIPA class action for $650 million. These are not theoretical risks.
BIPA defines "biometric identifier" to include retina or iris scans, fingerprints, voiceprints, and scans of hand or face geometry. It defines "biometric information" as any information derived from biometric identifiers used to identify an individual. The statute's five operative sections — 15(a) through 15(e) — establish a comprehensive framework for how private entities must handle biometric data. Every company processing biometric data for Illinois residents must comply.
The Five Pillars of BIPA Section 15
The following sections analyze how H33's FHE biometric architecture addresses each of these requirements — not with policy language, but with cryptographic guarantees.
Traditional Biometric Storage vs. H33 FHE
Before examining each BIPA section, it is worth understanding the fundamental architectural difference between traditional biometric systems and H33's FHE approach. The table below makes the contrast explicit.
| Property | Traditional Biometric System | H33 FHE Biometrics |
|---|---|---|
| Data at Rest | Plaintext templates (AES-256 at best) | BFV FHE ciphertexts — never decrypted |
| Data in Transit | TLS 1.3 (classical key exchange) | Kyber hybrid TLS (PQ key exchange) |
| During Computation | Decrypted to plaintext for comparison | Homomorphic inner product on ciphertexts |
| Server Access to Biometric | Full plaintext access required | Zero — server never sees plaintext |
| Breach Exposure | All enrolled biometrics compromised | Ciphertexts only — computationally worthless |
| Data Destruction | Delete from DB + backups + logs + caches | Delete ciphertext = complete destruction |
| Extraction Risk | Insider threat, subpoena, or breach | Threshold k-of-n — no single party can decrypt |
| BIPA 15(c) Profiting | Policy prohibition only | Mathematically impossible |
| BIPA 15(e) Security Standard | Meets "reasonable" baseline | Exceeds by orders of magnitude |
| Quantum Resistance | None — AES-256 survives, but key exchange does not | Full PQ stack (BFV + Kyber + Dilithium) |
Architecture: Data Flow Diagram
The following diagram shows the complete data flow from client-side biometric capture through H33's FHE pipeline. The critical observation is that plaintext biometric data never crosses the client-server boundary.
match: true/false with a
cryptographic proof of integrity.
Section 15(a) — Retention & Destruction Policy
BIPA Section 15(a) requires that any entity possessing biometric data must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information. The data must be destroyed when the initial purpose for collecting it has been satisfied or within three years of the individual's last interaction with the entity, whichever occurs first.
In a traditional biometric system, "destruction" means deleting plaintext templates from a database — a process fraught with complications. Backups, replicas, log files, and cache layers can all retain copies of the biometric data long after the primary record is deleted. Proving that destruction was complete and irreversible is often impossible.
H33 never stores plaintext biometric data. Enrolled templates are BFV ciphertexts — encrypted
under a threshold public key where no single party holds the complete decryption key. The
unenroll() API call destroys the ciphertext record and invalidates the user's slot
in the SIMD-batched ciphertext. Because the ciphertext is the only representation of the biometric
that ever existed on H33's infrastructure, deleting it constitutes complete and irreversible destruction.
There is no plaintext to persist in backups or logs because no plaintext was ever created.
The FHE ciphertext lifecycle is well-defined: enrollment creates the ciphertext, verification operates
on the ciphertext homomorphically, and unenroll() destroys it. This maps directly onto
BIPA's requirement for a retention schedule with defined destruction criteria. The lifecycle is enforced
by the cryptosystem, not by an administrator remembering to purge records.
Section 15(b) — Informed Written Consent
Section 15(b) is the most litigated provision of BIPA. It requires that before collecting any biometric identifier or biometric information, the entity must: (1) inform the subject in writing that a biometric identifier or biometric information is being collected or stored; (2) inform the subject in writing of the specific purpose and length of term for which the data is being collected, stored, and used; and (3) receive a written release executed by the subject.
This is fundamentally a customer-facing obligation — the entity that interacts with the end user must obtain consent. H33 operates as a backend biometric authentication infrastructure provider. H33's architecture, however, is specifically designed to make the customer's compliance burden as light as possible.
Architecture That Simplifies Consent Compliance
In H33's pipeline, biometric embeddings are extracted client-side by the customer's own model (ArcFace, FaceNet, or any embedding model of their choice). The raw biometric image — the face scan, fingerprint, or iris capture — never leaves the customer's device or server. H33 receives only the encrypted embedding vector after the customer's application has already processed the raw biometric.
This means the consent obligation falls cleanly on the customer: they control the collection point, they interact with the subject, and they can present the required written disclosure before the embedding is extracted. H33 provides template consent language and integration guides, but the architecture ensures that the party closest to the subject (the customer) is the party responsible for consent.
Critically, because H33 never receives or processes the raw biometric image, the question of whether H33 itself is a "collector" under BIPA is substantially mitigated. H33 processes encrypted mathematical representations, not biometric identifiers in the statutory sense.
Section 15(c) — No Profiting from Biometric Data
Section 15(c) is blunt: "No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information."
This provision was designed to prevent the commoditization of biometric databases — the scenario where a company collects fingerprints for employee timekeeping and then sells that database to a data broker or advertising network. With traditional biometric systems, the prohibition is enforced only by policy and the threat of litigation. The technical capability to extract and sell the data exists; only the legal prohibition prevents it.
A plaintext biometric template database is a fungible asset. It can be copied, exported, sold, and monetized without the subject's knowledge. The entity possessing it has both the means and the temptation to profit. BIPA's 15(c) prohibition relies entirely on the entity's self-restraint and fear of litigation. This is a policy control, not a technical control.
H33's FHE architecture converts this policy control into a mathematical impossibility. The enrolled biometric templates are BFV ciphertexts encrypted under a threshold public key. The threshold decryption protocol requires k-of-n authorities to collaborate in order to decrypt any ciphertext. No single party — including H33 itself — possesses the complete decryption key.
This means H33 cannot extract the plaintext biometric embedding from the stored ciphertext, even under compulsion. The encrypted embeddings have zero commercial value to any party that does not control the threshold key quorum. Selling the ciphertext database would be selling noise — computationally indistinguishable from random data without the threshold key shares.
The prohibition in 15(c) is satisfied not because H33 chooses not to profit from biometric data, but because the architecture makes profiting from it computationally infeasible.
Section 15(d) — No Unauthorized Disclosure
Section 15(d) prohibits any private entity from disclosing, redisclosing, or otherwise disseminating a person's biometric identifier or biometric information unless: the subject consents, the disclosure completes a financial transaction requested by the subject, the disclosure is required by state or federal law, or the disclosure is required pursuant to a valid warrant or subpoena.
In H33's architecture, the biometric never leaves the encrypted domain. The entire authentication flow — enrollment, storage, comparison, and decision — operates on ciphertexts. The only output of the verification pipeline is a boolean match/no-match score, revealed through threshold decryption of a single comparison result. The actual biometric embedding is never decrypted at any point in the pipeline.
Data Flow: What H33 Receives and Returns
- IN Encrypted embedding vector (BFV ciphertext, ~32KB)
- OP Homomorphic inner product on ciphertexts (~1,375µs for 32 users)
- OUT Boolean match/no-match + Dilithium attestation signature
At no point does H33 decrypt, inspect, or have access to the plaintext biometric. The encrypted embedding enters, computation happens homomorphically, and a boolean exits. The biometric itself is never "disclosed" because it is never in a disclosable form.
Even under a valid subpoena or warrant, H33 could only produce the BFV ciphertext — which is computationally indistinguishable from random noise without the threshold key shares held by the distributed authority quorum. This is not obstruction; it is the mathematical reality of the cryptosystem. The data simply does not exist in a form that can be "disclosed" in the statutory sense.
Section 15(e) — Reasonable Standard of Care
Section 15(e) requires that biometric data be stored, transmitted, and protected "using the reasonable standard of care within the [entity's] industry" and "in a manner that is the same as or more protective than the manner in which the entity stores, transmits, and protects other confidential and sensitive information." This is the security obligation.
The phrase "reasonable standard of care" is deliberately vague — it is a negligence standard that evolves with industry practice. Courts will look to what similarly situated entities do. For biometric data in 2026, the baseline expectation includes encryption at rest, encryption in transit, access controls, and audit logging.
H33's security posture does not merely meet the reasonable standard of care. It categorically exceeds it by deploying a defense-in-depth stack that no other biometric authentication provider currently offers:
| Layer | Technology | Standard | Purpose |
|---|---|---|---|
| Computation | BFV FHE (N=4096) | Lattice-based (NIST PQ) | Biometric comparison on encrypted data |
| Transport | Kyber-768 (ML-KEM) | FIPS 203 | Post-quantum key encapsulation for data in transit |
| Attestation | Dilithium (ML-DSA) | FIPS 204 | Post-quantum signature on every auth result |
| Key Management | Threshold Decryption | k-of-n Shamir | No single party holds full decryption key |
| ZKP Verification | STARK Lookup | SHA3-256 (PQ-secure) | Proof of correct computation without revealing inputs |
The industry standard for biometric data protection in 2026 is AES-256 encryption at rest with TLS 1.3 in transit. H33 provides all of that plus fully homomorphic encryption (the data is never decrypted, even during computation), post-quantum transport encryption (resistant to future quantum attacks on key exchange), post-quantum attestation signatures (tamper-evident auth results), and threshold key management (no single point of compromise). This is not a marginal improvement over the standard of care — it is a fundamentally different security model.
If a BIPA 15(e) claim is ever brought, the defendant must show that its security measures met or exceeded the industry standard. H33 customers can demonstrate that their biometric data was protected by a cryptosystem where: (1) the data was never decrypted during processing (FHE), (2) transport used post-quantum key exchange (Kyber), (3) every authentication result was cryptographically attested (Dilithium), and (4) no single party could decrypt the stored biometrics (threshold). No court in Illinois or elsewhere has ever found such measures to be less than "reasonable."
BIPA Compliance Checklist
The following table maps each operative section of BIPA to H33's specific compliance mechanism and current status.
| BIPA Section | Requirement | H33 Mechanism | Status |
|---|---|---|---|
| 15(a) | Written retention & destruction policy | FHE ciphertext lifecycle + unenroll() cryptographic destruction |
Compliant |
| 15(b) | Informed written consent before collection | Client-side extraction; H33 never receives raw biometric (customer responsibility) | Architecture supports |
| 15(c) | No selling or profiting from biometric data | FHE threshold encryption makes extraction computationally infeasible | Compliant by design |
| 15(d) | No unauthorized disclosure | Encrypted domain only; output is boolean match/no-match, never the biometric | Compliant by design |
| 15(e) | Reasonable standard of care | BFV FHE + Kyber PQ transport + Dilithium attestation + threshold decryption | Exceeds requirement |
Enrollment & Verification API Flow
The following code blocks show the complete BIPA-compliant biometric lifecycle: enrollment, verification, and destruction. At no point does a plaintext biometric cross H33's API boundary.
Step 1: Client-Side Embedding Extraction & Encryption
import h33 from arcface import ArcFaceModel # Step 1a: Extract embedding CLIENT-SIDE (raw image never sent to H33) model = ArcFaceModel.load("arcface-r100") embedding = model.extract(face_image) # 128-dim float vector # Step 1b: Encrypt embedding with H33's FHE public key client = h33.Client(api_key="h33_pk_...") encrypted = client.encrypt_embedding(embedding) # The raw face_image and plaintext embedding STAY on the client. # Only the BFV ciphertext (~32KB) is transmitted to H33.
Step 2: Enrollment (Ciphertext Stored on H33)
curl -X POST https://api.h33.ai/v1/biometric/enroll \ -H "Authorization: Bearer $H33_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "user_id": "usr_8xKm2...", "encrypted_embedding": "base64_bfv_ciphertext...", "consent_timestamp": "2026-02-23T14:30:00Z", "retention_days": 1095 }' // Response { "enrolled": true, "user_id": "usr_8xKm2...", "slot": 14, // SIMD batch slot (0-31) "ciphertext_id": "ct_3fRn...", "retention_expires": "2029-02-23T14:30:00Z", "attestation": "dilithium_sig..." }
Step 3: Verification (Homomorphic Comparison)
curl -X POST https://api.h33.ai/v1/biometric/verify \ -H "Authorization: Bearer $H33_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "user_id": "usr_8xKm2...", "encrypted_probe": "base64_bfv_ciphertext..." }' // Response — boolean only, no biometric data returned { "match": true, "score_encrypted": true, // comparison done on ciphertexts "threshold_met": true, "latency_us": 48, "attestation": "dilithium_sig...", "zkp_proof": "stark_lookup_proof..." }
Step 4: Destruction (BIPA 15(a) Compliant Unenroll)
curl -X DELETE https://api.h33.ai/v1/biometric/unenroll \ -H "Authorization: Bearer $H33_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "user_id": "usr_8xKm2...", "reason": "user_request" }' // Response — cryptographic destruction confirmation { "unenrolled": true, "user_id": "usr_8xKm2...", "ciphertext_destroyed": true, "slot_zeroed": true, "destruction_timestamp": "2026-02-23T15:00:00Z", "attestation": "dilithium_sig...", // signed proof of destruction "recoverable": false }
Every operation — enrollment, verification, and destruction — produces a Dilithium-signed attestation. This provides a cryptographically verifiable audit trail that can be presented to regulators or in litigation to demonstrate the complete lifecycle of the biometric data, from creation through destruction, without ever revealing the biometric itself.
The Verdict
BIPA-Compliant by Architecture
H33 provides a biometric authentication system where compliance with BIPA is not a policy overlay bolted onto a fundamentally insecure architecture. It is a mathematical property of the cryptosystem itself. The biometric data cannot be extracted (15(c)), cannot be disclosed (15(d)), and can be provably destroyed (15(a)) because it never exists in plaintext on H33's infrastructure.
The FHE guarantees exceed BIPA's "reasonable standard of care" requirement under 15(e) by a margin that no traditional biometric system can match. And the client-side extraction architecture minimizes the consent complexity under 15(b) by keeping the raw biometric entirely within the customer's control.
When the math makes non-compliance impossible, compliance becomes the default state.
This article describes H33's technical architecture and how it relates to BIPA's requirements. It is not legal advice. BIPA compliance involves organizational, procedural, and contractual obligations beyond the technology layer. Entities processing biometric data for Illinois residents should consult qualified legal counsel to ensure full compliance with all applicable provisions.