The Challenge of Biometrics Laurence Edge. Proposition.

The Challenge of Biometrics

Laurence Edge

Proposition

Over-optimism re accuracy

Over-optimism re accuracy

Enthusiasm to deploy

Enthusiasm to deploy

Threats to Privacy?

Threats to Privacy?

Immaturelegal framework

Immaturelegal framework

Agenda

Biometrics – some definitions Technical background What are the issues? Solutions?

Definition - 1

“a general term for technologies that permit matches between a ‘live’ digital image of a part of the body and a previously recorded image of the same part usually indexed to personal or financial information” (Alterman - 2003)

Definition - 2

“measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics” (Mordini - 2004)

Definition – 3 (mine!) unique physical characteristic capable of being

matched automatically possible to match at acceptably low rates of error possible to perform automatic one-to-many

identification matching, with a high accuracy (near 100%) against a reference database consisting of tens or hundreds of millions of records;

accepted in a court of law as a legal proof of identity

Authentication

Identification – selection of one from many e.g. fingerprints from a crime scene

Verification – “I am who I claim to be” e.g. passports or ID cards

The Technologies - Types

Fingerprints Hand/Finger geometry Voice print Signatures Facial Recognition Vein Patterns Iris Recognition Retina Scans DNA Others

The Technologies - Concepts

Generic method Accuracy General concerns

Generic Method - Enrolment

Measure Generate template Record

Generic Method - Operation

Biometrics at the Frontiers: Assessing the Impact on Society (2005)

Accuracy?

Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG

Performance Improvements- Facial Recognition

Phillips et al. “FRVT 2006 and ICE 2006 Large-Scale Results”. (2007)

7 Pillars of (biometric) Wisdom

• Universality• Uniqueness• Permanence• Collectability• Performance• Acceptability• Circumvention

EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)

7 Pillars of (biometric) Wisdom

The Technologies - Challenges

Spoofing / Mimicry / Residual Images Usability Accessibility Hygiene Safety Secondary use Public Perception

DNA

Physical sample required Slow to process Lowest FAR & FRR FTE & FTA of 0%

DNA – Uniqueness?

97% were happy to include a photograph 79% fingerprints 62% eye recognition (no distinction was made

between iris and retina scans) 41% approved of the inclusion of DNA details

Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and Security Concerns” (2003)

DNA – Acceptability?

DNA – Foolproof?

Scene of crime samples in particular may be contaminated, degraded, and misinterpreted (especially if mixed). Human errors (e.g. sample mix-ups) will occur.

Need for corroborating evidence. Expanding databases could lead to an over-

reliance on ‘cold hits’. Increased potential for ‘framing’ of suspects? “The forensic use of Bioinformation: ethical issues”

Nuffield Council on Bioethics (2007)

Privacy Assessment - 1

Overt1. Are users aware of the system's

operation?Covert

Optional  2. Is the system optional or mandatory? Mandatory

Verification3. Is the system used for identification

or verification?Identification

Fixed Period4. Is the system deployed for a fixed

period of time?Indefinite

Private Sector5. Is the deployment public or private

sector?Public Sector

Privacy Assessment - 2

Individual,Customer

6. In what capacity is the user interacting with the system?

Employee,Citizen

Enrollee7. Who owns the biometric information?

Institution

Personal Storage 8. Where is the biometric data stored?

Database Storage

Behavioral 9. What type of biometric technology is being deployed?

Physiological

Templates 10. Does the system utilize biometric templates, biometric images, or both?

Images

International Biometric Group – www.bioprivacy.org

Risk Assessment - DNAPositive Privacy Aspects

Negative Privacy Aspects

Bioprivacy Technology Risk Rating

Currently slow and complex to processAnalysis device non portable

Unchanging over subject’s whole lifetimeUse in forensic applicationsStrong identification capabilities Not unique for identical twinsSamples can be collected without consent/knowledgePossible to extract additional genetic information

Identification: HCovert: HPhysiological: H

Image: H

Databases: H Risk Rating: H

Legal Background

Enabling Legislation Constraints Uses and Abuses Challenges

Enabling Legislation

NDNAD'sUK – 3.8 million samples by Jan 2007 (6%)CanadaAustraliaNZUSA

Prum: “Member States shall open and keep national DNA analysis files for the investigation of criminal offences”

Constraints

PrivacyHuman RightsUS ConstitutionCommon LawPrivacy Acts

Data Protection Law

Challenges

UK – via HRA 1998 Articles 8 and/or 14R v Marper – now at ECHR

US – via 4th AmendmentUS v KincadeJohson v Quander

Canada – via s.8 of CCRFR v Rodgers

Uses and Abuses

Collection and RetentionForensic DNAD'sOther DNAD's

Data Sharing Privacy Challenges Evidence Scope Creep Ethics - What is identity?

Conclusion

ID fraud becomes worse if there is a single strong identifier

Biometrics do not offer non-repudiation Biometrics should be confined to smart

cards or encrypted if on databases Biometrics are useless once compromised

Questions

[email protected]