By Paul Bentham, 23 November 2007 15:06
COMMENT
With the furore over 25 million missing child benefit records, the public sector's use of personal data has never been under greater scrutiny. Addleshaw Goddard's Paul Bentham says biometrics may be hailed as the ultimate security measure - but the technology is not without hazards.
Ten years ago, it would have been unthinkable to have a society where bank cards had been replaced by iris identification, where passports were a thing of the past and school dinners were paid for using vein recognition.
It would have seemed very Blade Runner or 1984. Well, that future has most definitely arrived with the burgeoning popularity of biometrics. And - surprisingly for IT take-up - the public sector seems to be the first in line.
Biometrics refers to technological methods for distinguishing and recognising humans based on intrinsic physical or behavioural traits. These traits are used to identify people by certain characteristics that are either physiological - such as faces, fingerprints, irises, veins and DNA - or behavioural - such as voices, signatures and keystrokes.
silicon.com's A to Z of Biometrics
Click on the links below to find out everything you'll need to know about biometric security.
A is for Accuracy
B is for Behavioural biometric
C is for Cash machine
D is for Database
E is for Ear
F is for Facial recognition
G is for Gummi bears
H is for Hand geometry
I is for Iris
J is for Juan Vucetich
K is for Keystroke dynamics
L is for Liveness testing
M is for Mobile phones
N is for Network security
O is for Oxford
P is for Palm
Q is for Queues
R is for Registration
S is for Signature verification
T is for Twins
U is for Universality
V is for Voice verification
W is for Walk
X is for X-ray
Y is for Young
Z is for Zurich Airport
There are numerous biometrics technologies, including fingerprint recognition, iris scans, face recognition, voice recognition and even vein and palm recognition.
And organisations can use biometrics in numerous ways. Integration with security systems is a key one, where a biometric measure in addition to standard measures can make systems as watertight as possible. For example, biometric solutions can also be used as a substitute to key cards. The idea is workers simply have their retinas scanned to let them into the building or into restricted areas of the workplace.
Fingerprint or iris recognition is being used at some organisations to enable employees to log on to the network, thus ensuring only authorised employees can access certain parts of the network.
There was an incident at a hospital a few weeks ago where a celebrity's health records were illicitly viewed by 50 employees. Apparently, systems that support electronic patient records - a central part of the National Programme for IT (NPfIT) - produce audit trails of who has accessed what information. NHS chiefs hoped this would be a preventative measure to stop employees accessing things they shouldn't.
But do time-strapped NHS staff have time to police audit trails? It's doubtful. This incidence could easily have been avoided if a biometric solution was used to verify the identity of the personnel accessing the data.
There have also been reports of doctors sharing smart cards, to save logging on and off each time. Abuse of this nature makes it really difficult to trace exactly who has accessed the data and it is a system that will inevitably be prone to security breaches. Again, a biometrics solution would be a much safer solution.
The public sector is of course adopting biometrics in a number of ways, none of which is more high profile and controversial than the ID card scheme.
The scheme, which recent reports say will cost a breathtaking £5.6bn to set up and run over the next 10 years, will use 13 different biometrics, including 10 fingerprints and both irises and face. This information will be recorded when people apply for a card and stored in the new National Identity Register, as well as on their identity cards.
Despite tough criticism, the government argues the scheme will make identity fraud much harder. Ministers claim it could help to kerb illegal immigration, stop large-scale financial fraud - anyone trying to make a big financial transaction would have their biometrics checked - and help to stem terrorist activities by hindering terrorists' use of false identities in money laundering and organised crime.
The scheme has come under harsh criticism, predominantly from civil rights organisations, the media and the opposition, over soaring costs and the threat of infringement of people's privacy.
But in a recent survey by Unisys, it seems that for the UK public, safeguarding personal data is absolutely crucial - out of eight EU nations, the British were the most concerned about data protection. Some 82 per cent thought it was acceptable for government agencies and banks to use biometrics to verify a person's identity.
This would imply the majority, whether they realise it or not, are in favour of the peace of mind and tightened security identity cards will bring.
And the government's use of biometrics in identity management extends beyond passports and workplace access. A school in Scotland has been the first in the UK to use palm vein authentication for paying for school meals.
The scheme is intended to make the school lunch experience more exciting for kids and make it much easier to recognise and speed through all the pupils in the lunch queue. It has also helped to dissolve the social barriers that exist in the school canteen, as there is no longer the need for meal tickets for children whose parents are on benefits or disability. The solution, developed by Yarg Biometrics and Fujitsu Services, has been a runaway success.
Government organisations are swiftly recognising the benefits biometrics can bring but the most crucial issues to do with this technology are the legal ones. And although there are evident advantages, biometrics does have its detractors and none more so than the civil liberty camp. This means the legal minefield has to be very carefully negotiated, particularly where employees, patients and students are concerned.
Data breaches are also an issue with biometrics. Organisations therefore have to ensure that all stored biometric data is absolutely airtight and as impervious to attacks and hacking as possible. This has to be very tightly bound from a contractual perspective, to protect people's data and the organisation from any fallout from data breaches.
Unfortunately, once a biometric is stored in digital form on a computer, any security offered by the biometric identification is at risk, because it can easily be copied from one computer to another.
If an individual's biometric information is compromised or stolen, that individual could no longer use those biometrics to prove his or her identity. Therefore, unless stringent security measures are put in place, the digital storage of biometric data could present a real security risk for facilitating identity theft.
The use of biometric systems must comply with the European Convention on Human Rights and the Data Protection Directive. The relevant legislation in the UK is the Human Rights Act and the Data Protection Act (DPA). Under the Human Rights Act each of us is entitled to respect in our private life, including our life at the workplace.
Under the DPA personal data is required to be processed fairly and for specific limited purposes. Two key principles come into play. First, the principle of proportionality, which means the interference with the private life of the individual must be justifiable by the benefits. Second, the principle of transparency - which means it must be clear how and why information is being used and it must not be used beyond this without prior agreement.
It is possible to deploy biometrics in ways that do not breach the DPA by - for example, justifying the processing on one of the grounds set out in the DPA. Organisations setting up biometric systems will need to be clear about the purpose of the system or scheme and consider carefully how data is collected, stored and accessed. Use of the biometric information will need to be proportionate to the benefits of the scheme
If you compare the UK with Japan, for example, where biometrics are widely used, or Brazil, where they have been using fingerprint identification for voting in elections for years, there is still a lot to do in terms of educating organisations and the general public about the benefits of biometrics.
But careful and sensitive handling of the legal issues will help to allay any fears that the public will have and help organisations feel confident about integrating biometric technology. And if the legalities are taken care of, who knows what the biometrics future will hold.
Paul Bentham is a partner in the technology and outsourcing group at Addleshaw Goddard www.addleshawgoddard.com
Comments
There are 9 comments. Join the discussion
1. Vladimir Mirchev
"... Unfortunately, once a biometric is stored in digital form on a computer, any security offered by the biometric identification is at risk, because it can easily be copied from one computer to another... "
This issue can be easily solved by using hashing algorithms.
2. Richard
"Ten years ago, it would have been unthinkable..."
Yes! Eventually we'll be rid of the current regime and able to return to ordinary, decent life.
It's very strange that this writer is still so "upbeat" even after all the scandals & failures caused by misusing technology as a "quick-fix" for society's problems;
Ten years ago, we had fewer enemies (within & without); we had more control of our own lives; we paid much less in taxes.
In another ten years, I do hope that we're once more at peace with ourselves.
Biometrics, DNA databases and ID cards are not the answer!
3. Guy Reynolds
The short answer to the question is 'No' and the problem is once they are compromised you are stuck with no alternative.
Any fixed dataset is at risked of captured and spoofed. With a pin number or a password once it is compromised, the data can be changed, however with biometric data there is no opportunity for the true holder to change it.
It has been demonstrated on many occasions that finger prints can be spoofed with something a simple as a photocopy. Whilst the government lives in denial of this and appears incapable of securing even the most sensitive of data we look to be going down a route where people will be disenfranchised and criminalised, for reasons beyond their control.
4. Jim Kerr
"Unfortunately, once a biometric is stored in digital form on a computer, any security offered by the biometric identification is at risk, because it can easily be copied from one computer to another."
This is not an issue. Biometric templates are stored using a unique algorithm that if hacked would still not grant an unauthorized person access. This is because the latest technology rejects an exact algorithm match as an attempted spoof. This added security measure is a result of never swiping your finger the same way twice. The reader picks up only pieces of the algorithm formula from your minutia points, not the entire algorithm. Therefore these concerns are unwaranted.
5. Jim Kerr
"It has been demonstrated on many occasions that finger prints can be spoofed with something a simple as a photocopy."
Your looking at very outdated technology. The readers today are looking for live tissue and an electrical charge that has not been spoofed despite rigorous attempts to do so. You should be more concerned with the passwords that you are using because of free programs like John the Ripper that can run the entire dictionary at your password in 45 seconds. The software is free. See Cain and Able as well. Passwords are easy to crack but fingerprints are not. Biometrics are much safer, more convenient and less expensive than traditonal passwords.
6. Karen Challinor
passwords may be easier to crack than fingerprints
but the incentive to crack fingerprints, once we are forced to use, them will result in them being cracked fairly easily too
and once someone can spoof your fingerprint at will what are you going to do
buy the WonKo random fingerprint gelpatch maker and issue yourself with new stick on fingerprints that rotate to a new setting once a week ? deluxe model has thinner gel for increased sensitivity
go to a hospital and have a new hand fitted (more complex fingerprints available on Bupa) ?
you want me to carry on with this ?
given any flat smooth surface you have touched in the last 24 hours it's possible to lift a print and create a gel patch that fits on a finger with that print on it and and lo, suddenly I pwn your bank account, and further it looks like you are the one taking the money out and not me
whereas cracking my password, which does not use any word in any dictionary anywhere should take you around 216500 days to crack using brute force techniques, less the few seconds you save not bothering with dictionary attacks
7. Jim Kerr
Again Karen the gel theory doesn't hold because the scanners today are using capicitence which looks for live tissue and an electrical charge. A lifted print will simply not work.
Your password can be cracked in about 24 to 48 hours using John the ripper if it is 8 characters or less. It's been proven time and time again which is why there is more money being made on identity theft in the US then the sale of all illicit drugs combined.
How many passwords do you have to remember and where do you write them down when they change? You will never forget your fingerprint but you will write down new passwords that constantly need to be changed and most attacks occur inside the firewall now. That's an easy target.
You suggest that we could no longer identify a person if a biometric was compromised. There are many other back ups we could use such as facial or retna or veins to biometrically identify an individual aside from the fact that the majority of has more than one finger to work with.
8. anonymous
Apparently people don't know anything about the biometric technology that is being used. The old technology was AFIS. Yes you could lift a finger and make a jel blah blah blah.
It don't work that way anymore. It is a swipe technology that takes the different points (minutia) from the finger. It turns those into a mathematical formula that is Hashed and Encrypted. So let’s say we could break the encryption… Which by the way you can’t. Then you get this mathematical string that really means nothing. But let’s say you could reverse engineer it…. All you would get is several points that are related to a finger. It is not going to tell you what kind of minutia points they are. Such as ridges, islands etc. It is just going to tell you there are points. Now just for the hell of it. Let’s say you could find some way to match that info and come up with the partial finger print. You say the finger is now useless. I say you’re wrong. You can change how many points a system pics up and you can swipe your finger in a different way. Remember we are not taking all the info from the finger.
The biggest problem that is occurring is the fact that people are ignorant to the technology. They see a show like myth busters and make a stupid comment when they have not done the research. The fact is I can break your password. I don’t have to use a dictionary attack I can use a brute force attack a cryptanalysis attack or even a rainbow attack. If you have a password that is less than 10 characters, I have a password cracker that will run more than a billion passwords in a day.
Unfortunately the hardest thing to do is to educate people on how technology works because they have to relearn what they thought they knew.
9. Karen Challinor
but no one has told me how to change my biometric when and not if it is compromised
my password has not been less than 10 characters for as long as I can remember, it gets changed regularly, I don't write it down, I use the full range of characters available including special symbols, no one else to date has successfully logged in as me on any machine I have set up
and I can (and do) change it at will
a thin enough gelpatch will still allow sufficient capacitative reaction for a life sensor as well as being thin enough for a pulse sensor, licking it before use will give sufficient conductivity for a sweat and conductivity sensor
and when HMG places an order for a couple of million fingerprint scanners for use by the general population, do you really think they will go for the all singing all dancing highly secure versions or the cheapest they can get their hands on you know the ones that just take a slit image of the fingerprint and come up with a number thats used for comparison, the ones you can fool with a photocopy
you really think HMG are going to use hashing algorithms when they don't even use encryption
businesses will go for the best solution and yes it will be pretty much bombproof, HMG will go for the cheapest
I suggest you have a look at the reasons why HMG rejected the use of fingerprint scanners to control access to the palace of westminster, now if fingerprint scanners are as advanced as you reckon and surely HMG would have looked at the very best for such a sensitive location why were they still rejected ?