Biometrics are not perfect
First we need to define what is Privacy.
According to Wikipedia
“Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps with security, which can include the concepts of appropriate use and protection of information. Privacy may also take the form of bodily integrity. The right not to be subjected to unsanctioned invasions of privacy by the government, corporations, or individuals is part of many countries’ privacy laws, and in some cases, constitutions.”
Privacy has to do with the liberty of being yourself and deciding what you want to share and what you want to keep private. Author Carissa Véliz clearly states that
Privacy is about being able to keep certain intimate things to yourself – your thoughts, your experiences, your conversations, your plans.
Biometrics is obvious since it is simply part of a person’s bodily features, it is something you can see from other people. And since biometrics are visible at plain sight then biometrics is not an invasion of privacy.
Once this has been clarified we can jump on what has caused all the privacy concerns.
When we casually meet an acquaintance on the street we first identify that person because our brains have verified the identify of that individual based on their unique characteristics, and this is what is called authentication. We have done it as humans for millions of years, naturally and it has also been very important for our survival. When our ancestors would see a living tiger on the jungle they would flee, but they would probably search for usable parts of the body if what they identified was a dead tiger.
Since we cannot easily change the visible bodily features and we have as humans used biometrics as the first and most trusted way for identification, it makes sense to use biometrics for authentication.
There are however big concerns about how to use technology for biometric identification that will guarantee our privacy and avoid problems such as government abuse and identify theft, and since we don’t have a solid regulation framework yet for how to handle it there is are concerns among people that have a better understanding of this challenge, and also an understandable unrest among people who don’t clearly understand what we as a citizens have in front of us.
Biometrics are not perfect and their storage can be compromised. If compromised in identity theft they can become very lucrative, image if someone’s biometric chracteristics are spoofd and used to gain access to the victims accounts, cars, home, businesses, medical records, etc.
We believe that biometrics represent a wrong direction in solving identity theft. Instead of a universal identifier that can be used, and abused, everywhere and at any time (because in case of identify theft it is very difficult to change your bodily features!).
We should not set up specific unique identifiers that are used to create a single, public credential that everyone has to carry or display, just like a Universal ID that can easily be abused by governments, corrupt companies or data thieves.
We need a regulation that enables the usage of multiple, private credentials that people can use selectively, revealing only the information that they need to enroll or use a service, while maintaining their overall security and privacy.
These credentials should allow to prove an attribute such as age, credit rating, group membership, etc. without having to reveal unnecesary information that the person decides to maintain private.
This can be done by something that is called biometric encription, and we will talk about it in a future post.
The second area of concern is how is the biometric information going to be stored. We don have some kind of regulation for private information, but the laws don’t specify the real world cases, and we see this in the way governments, companies and banks currently manage their databases.
For example, since the first version of ISO270001 the need to cypher private information was documented, and there is also regulation for how to handle this information. In the real world we find databases that are partly secured (just enough so that they get their check marks by the auditors) in the Production environment, and this leaves the rest of the support environments out of the security standards. The support environments are needed for new feature development, for quality assurance and for performance tests, and due to these needs the Production environment gets copied over the support environments so that the former environments don’t get too different than the Production environment they need to support.
The Institutions that own the databases where our information is stored should process all the information from the Production database into each support environment database so that it is impossible to recypher the data back and clearly read the data in its original status. This process is called data masking and it is normally not performed by Institutions.
There is a black market for identity theft, and these data vultures blackmail database administrators and software developers that work at these Institutions so that they can steal the information that will later be sold to another corrupt company for further abuse.
If this is the way data is handled in typical databases, and these databases will (or are already) storing biometric data, then there is no realistic expectation that the same Institutions will handle the biometric data in a safer way, and this is the second major concern of how to use technology for biometric identification.
So we conclude that this is not a technical problem, it is a People Problem. People is not using tools ethically and other People whose data is being stored does not understand the risks that they are subject to.
The way of facing this challenge is through