Criterion B: IT Background of the Issue
As previously mentioned, applications for Biometrics are many. One of them is iris scanning. Extensive research and experience demonstrated that the iris was the other (apart from the fingerprint) unique trait that each human differed from each other, including one’s other eye. First, a picture is taken using available CCD camera technology and locating the presence of and iris within the video image. Concentric circles are then created to distinguish zones of analysis. By the application of 2-D Gabor filters, the texture of the iris is examined to distinguished features within these zones. From this information, a 256-byte iris code is produced as a representation of the features of the individual iris2. Past technologies have based their critiques on common points. For example, fingerprint analysis; hand geometry, iris, retina scanning, and recently facial recognition our based on this technology. However, new forms of biometric like voice verification and signature verification take another approach using waveform and a number of unprecedented methodologies
Criterion C: Analysing the Impact of the Issue
A biometric such as a fingerprint can be used as a unique surrogate of one's identity which, as a unique identifier, can be used to trace people's transactions and link massive amounts of personal data about them. If my fingerprints are stored in a database, then my transactions, whereabouts and personal information can easily be tracked. It does not really matter for what purpose the biometric information was assembled -- whether it was for welfare registration or bank machine access, the same point applies.
If someone happens to be on welfare and innocently leave his latent fingerprints at a night club which later becomes the scene of a crime, any latent prints of his picked up could be matched to the fingerprint database compiled for welfare recipients. If he is identified, he will get a visit by a police officer. That is a clear infringement of his privacy. Now, one can say that the fingerprint database will be off limits to the police by virtue of legislation. That may be the case with the current government. Nevertheless, how can we ensure it will be the case with the next government? Moreover, that does not address the issue of unauthorized access to the database. The temptation for secondary or unauthorized uses of such a database beyond its primary purpose will be very great, especially if crime, tax fraud, and terrorism increases in our society.
Criterion D: Solutions to Problems Arising from the Issue
A solution is to have unique hardware and software algorithms for different organizations and government agencies so that the police cannot generate the same template.
However, if we want the privacy of these systems to be comparable to cryptographic systems -- and that is something we should insist upon -- their security cannot depend on the secrecy of the algorithm or unavailability of the hardware. The system should have an open design. The protection mechanism must not depend on the ignorance of potential attackers. The mechanism should be open to public scrutiny, just as cryptographic algorithms are subjected to.
A step in the right direction is to encrypt the digital templates stored in the database. These encrypted biometrics improve privacy protection since matching efforts could not be accomplished without access to the encryption key. In this case, essential management would be the weak link. Who is going to have control over the encryption keys? With essential management, as with key escrow in a security system, privacy is based on a trust model.
Criterion E: Selecting and Using Sources
1Mercer, Brandon. "Can Computers Read Your Mind?." TechTV 10/28/02. News. <http://www.techtv.com/news/computing/story/0,24195,3386341,00.html>.
2Ashbourn, Julian. Biometrics: Advanced Identity Verification. Great Britain: Springer-Verlag London Limited, 2000.
3N/A. "Biometric Identifiers." Biometrics. 08/07/02. Electronic Privacy Information Center. <http://www.epic.org/privacy/biometrics/default.html>.
---------------------------------------------------------------------
Walker, Steven M.. "Biometric Selection: Body Parts Online." SANS Institute 07/26/02. Security Awareness. <http://www.sans.org/rr/authentic/parts_online.php>.
Tomko, George. Biometrics as a Privacy-Enhancing Technology: Friend or Foe of Privacy?. 09/15/98. <http://www.dss.state.ct.us/digital/tomko.htm>.
Word Count (including titles, but excluding references):783