The Challenge of Biometrics
description
Transcript of The Challenge of Biometrics
![Page 1: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/1.jpg)
The Challenge of Biometrics
Laurence Edge
![Page 2: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/2.jpg)
Proposition
Over-optimism re accuracy
Over-optimism re accuracy
Enthusiasm to deploy
Enthusiasm to deploy
Threats to Privacy?
Threats to Privacy?
Immaturelegal framework
Immaturelegal framework
![Page 3: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/3.jpg)
Agenda
Biometrics – some definitions Technical background What are the issues? Solutions?
![Page 4: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/4.jpg)
Definition - 1
“a general term for technologies that permit matches between a ‘live’ digital image of a part of the body and a previously recorded image of the same part usually indexed to personal or financial information” (Alterman - 2003)
![Page 5: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/5.jpg)
Definition - 2
“measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics” (Mordini - 2004)
![Page 6: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/6.jpg)
Definition – 3 (mine!) unique physical characteristic capable of being
matched automatically possible to match at acceptably low rates of error possible to perform automatic one-to-many
identification matching, with a high accuracy (near 100%) against a reference database consisting of tens or hundreds of millions of records;
accepted in a court of law as a legal proof of identity
![Page 7: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/7.jpg)
Authentication
Identification – selection of one from many e.g. fingerprints from a crime scene
Verification – “I am who I claim to be” e.g. passports or ID cards
![Page 8: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/8.jpg)
The Technologies - Types
Fingerprints Hand/Finger geometry Voice print Signatures Facial Recognition Vein Patterns Iris Recognition Retina Scans DNA Others
![Page 9: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/9.jpg)
The Technologies - Concepts
Generic method Accuracy General concerns
![Page 10: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/10.jpg)
Generic Method - Enrolment
Measure Generate template Record
![Page 11: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/11.jpg)
Generic Method - Operation
Biometrics at the Frontiers: Assessing the Impact on Society (2005)
![Page 12: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/12.jpg)
Accuracy?
Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG
![Page 13: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/13.jpg)
Performance Improvements- Facial Recognition
Phillips et al. “FRVT 2006 and ICE 2006 Large-Scale Results”. (2007)
![Page 14: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/14.jpg)
7 Pillars of (biometric) Wisdom
• Universality• Uniqueness• Permanence• Collectability• Performance• Acceptability• Circumvention
EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)
![Page 15: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/15.jpg)
7 Pillars of (biometric) Wisdom
![Page 16: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/16.jpg)
The Technologies - Challenges
Spoofing / Mimicry / Residual Images Usability Accessibility Hygiene Safety Secondary use Public Perception
![Page 17: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/17.jpg)
DNA
Physical sample required Slow to process Lowest FAR & FRR FTE & FTA of 0%
![Page 18: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/18.jpg)
DNA – Uniqueness?
![Page 19: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/19.jpg)
97% were happy to include a photograph 79% fingerprints 62% eye recognition (no distinction was made
between iris and retina scans) 41% approved of the inclusion of DNA details
Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and Security Concerns” (2003)
DNA – Acceptability?
![Page 20: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/20.jpg)
DNA – Foolproof?
Scene of crime samples in particular may be contaminated, degraded, and misinterpreted (especially if mixed). Human errors (e.g. sample mix-ups) will occur.
Need for corroborating evidence. Expanding databases could lead to an over-
reliance on ‘cold hits’. Increased potential for ‘framing’ of suspects? “The forensic use of Bioinformation: ethical issues”
Nuffield Council on Bioethics (2007)
![Page 21: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/21.jpg)
Privacy Assessment - 1
Overt1. Are users aware of the system's
operation?Covert
Optional 2. Is the system optional or mandatory? Mandatory
Verification3. Is the system used for identification
or verification?Identification
Fixed Period4. Is the system deployed for a fixed
period of time?Indefinite
Private Sector5. Is the deployment public or private
sector?Public Sector
![Page 22: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/22.jpg)
Privacy Assessment - 2
Individual,Customer
6. In what capacity is the user interacting with the system?
Employee,Citizen
Enrollee7. Who owns the biometric information?
Institution
Personal Storage 8. Where is the biometric data stored?
Database Storage
Behavioral 9. What type of biometric technology is being deployed?
Physiological
Templates 10. Does the system utilize biometric templates, biometric images, or both?
Images
International Biometric Group – www.bioprivacy.org
![Page 23: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/23.jpg)
Risk Assessment - DNAPositive Privacy Aspects
Negative Privacy Aspects
Bioprivacy Technology Risk Rating
Currently slow and complex to processAnalysis device non portable
Unchanging over subject’s whole lifetimeUse in forensic applicationsStrong identification capabilities Not unique for identical twinsSamples can be collected without consent/knowledgePossible to extract additional genetic information
Identification: HCovert: HPhysiological: H
Image: H
Databases: H Risk Rating: H
![Page 24: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/24.jpg)
Legal Background
Enabling Legislation Constraints Uses and Abuses Challenges
![Page 25: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/25.jpg)
Enabling Legislation
NDNAD'sUK – 3.8 million samples by Jan 2007 (6%)CanadaAustraliaNZUSA
Prum: “Member States shall open and keep national DNA analysis files for the investigation of criminal offences”
![Page 26: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/26.jpg)
Constraints
PrivacyHuman RightsUS ConstitutionCommon LawPrivacy Acts
Data Protection Law
![Page 27: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/27.jpg)
Challenges
UK – via HRA 1998 Articles 8 and/or 14R v Marper – now at ECHR (27 Feb 2008)
US – via 4th AmendmentUS v KincadeJohson v Quander
Canada – via s.8 of CCRFR v Rodgers
![Page 28: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/28.jpg)
Uses and Abuses
Collection and RetentionForensic DNAD'sOther DNAD's
Data Sharing Privacy Challenges Evidence Scope Creep Ethics - What is identity?
![Page 29: The Challenge of Biometrics](https://reader034.fdocuments.net/reader034/viewer/2022051401/56814442550346895db0dea6/html5/thumbnails/29.jpg)
Conclusion
ID fraud becomes worse if there is a single strong identifier
Biometrics do not offer non-repudiation Biometrics should be confined to smart
cards or encrypted if on databases Biometrics are useless once compromised