Privacy and ethical issues in Biometric Systems

Privacy & Ethical issuesin Biometric Systems

Francesco [email protected]

5 January 2015Biometric Identification & Verification

Craig [email protected]

Introduction

- important topic inthe last 15 years

- lots of discussions

- but things haven’t changed so much

- for which reasons?

2

img3.wikia.nocookie.net images.gizmag.com

Biometric systems

- match “live” image with recorded part of the body

- who you are and what you dowhat you know or what you have

3

zvetcobiometrics.com

Biometric technology

- 2000: “barrier between personal data and unauthorized access”

human body→ passport

4

img3.wikia.nocookie.net chatelaine.com

Biometric identifiers5

wikimedia.com

intechopen.comfingerchip.fr

cl.cam.ac.uk

heyce.com

smartinsights.com

thefeetnesscentres.com

Verification

- User claims identity- System verifies- “1 to 1”

- Identifies user out of a database set

- “1 to many” (harder)

Identification6

hitachi.com

- Negatives -

Negative connotations

- Privacy rejects Biometrics- Criminality (fingerprints/DNA sampling)

- Culturally undignified?

- Religious Objections

8

mcallen.net

“A piece of yourself”

- Identification → Image is a tool to permit recognition of the body

- Offering this “piece of yourself” objectifies the body

9

Loss of Privacy

- Fundamental privacy interest in control of:- Use of our own image- How/when we are represented to others

- Large number of biometric representations- Loss of privacy

10

Abuse & Misuse

- Violation of right to anonymity- Murphy’s Law → if any technology can be

misused, it will be- Positive identification of a biometric

- Third party gaining access

- Linking it to other information →

Secondary uses without consent

11

Data storage

- Required for Identification- Possible to be stolen- Law Enforcement- Pin-pointing and tracking

- Potential to be linked together → Detailed profile

- Third-party purchase- Direct marketers

12

Extra Information

- Extra, unauthorized information ends up being collected

- People’s age, gender and ethnicity - Emotional state detection, as reflected in their

expressions- Possible to detect medical history

13

Function creep

- ‘Function creep’ is the term used to describe the expansion of a process or system, where data collected for one specific purpose is subsequently used for another unintended or unauthorized purpose

14

unisoncctv.co.uk

Stealing Biometrics

- Possible to fool - Biometrics can be stolen- Duplicates can be made

- Quite complicated

- Biometric characteristics are not secrets

15

rt.com

Other Concerns

- Hygiene of biometric sensors

- Disabilities/Missing biometrics

- Personal image anxiety

- Unwanted identifications

- Witness Protection

16

+ Positives +

Convenience

- Less fallible and potentially much faster

- High accuracy- No longer have to

remember passwords- User is present at

time/place of recognition

18

computerhowtoguide.com

Security

- Difficult to copy, share, or distribute

- Security level is equal

- Hard to lose - Cannot be forgotten- One account is no easier to break than another

19

Enhances Privacy?

- Immune from security breaches

- Properly designed and regulated, biometrics can protect privacy

- Gives power back to the individual

20

Conclusions

Conclusions

1. Technology improved but same old issues

2. Foolproof recognition does not exist

3. Fake attacks → serious concern

Deep influence on daily life

22

blog.bio-key.com

Recommendations

Legal perspective

1. Biometrics id’s exchange closely regulated

2. Severe penalties for unauthorized use

3. Authorities surveillance not allowed

4. Vendors should adhere to guidelines

24

Design perspective

1. Storing non-invertible data (hash)

2. Complete control to the individual

3. Multimodal-biometric system as in

http://youtu.be/iOpH6E7T6I0?t=31s

25

Thanks!

References▪ Alterman A., “A piece of yourself”: Ethical issues in biometric identification, Kluwer

Academic Publishers, 2003▪ Prabhakar S., Pankanti S., Jain A., Biometric Recognition: Security and Privacy

Concerns, IEEE, 2003▪ Mordini E., Massari S., Body, Biometrics and Identity, Bioethics, 2008▪ Valenza G. et al., Revealing Real-Time Emotional Responses: a Personalized Assessment

based on Heartbeat Dynamics, Nature.com Scientific Reports, 2014▪ A. Cavoukian, Privacy and Biometrics, Information and Privacy

Commissioner/Ontario, 1999▪ S. Shaikh, C.Dimitriadis, My Fingers are all mine: Five reasons why using biometrics

may not be a good idea, IEEE, 2008▪ http://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-

ministers-fingerprints-using-photos-of-her-hands▪ http://rt.com/news/218587-hacker-fingerprint-minister-photo ▪ http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm

27