The Challenge of Biometrics Laurence Edge Proposition Over-optimism Over-optimism re reaccuracy accuracy Enthusiasm Enthusiasm to todeploy deploy Immature Immature legal legalframework framework Threats Threatsto to Privacy? Privacy? Agenda Biometrics – some definitions Technical background What are the issues? Solutions?
Download
Report
Transcript The Challenge of Biometrics Laurence Edge Proposition Over-optimism Over-optimism re reaccuracy accuracy Enthusiasm Enthusiasm to todeploy deploy Immature Immature legal legalframework framework Threats Threatsto to Privacy? Privacy? Agenda Biometrics – some definitions Technical background What are the issues? Solutions?
The Challenge of
Biometrics
Laurence Edge
Proposition
Over-optimism
Over-optimism
re
reaccuracy
accuracy
Enthusiasm
Enthusiasm
to
todeploy
deploy
Immature
Immature
legal
legalframework
framework
Threats
Threatsto
to
Privacy?
Privacy?
Agenda
Biometrics – some definitions
Technical background
What are the issues?
Solutions?
Definition - 1
“a general term for technologies that
permit matches between a ‘live’ digital
image of a part of the body and a
previously recorded image of the same
part usually indexed to personal or
financial information”
(Alterman - 2003)
Definition - 2
“measuring relevant attributes of living
individuals or populations to identify active
properties or unique characteristics”
(Mordini - 2004)
Definition – 3 (mine!)
unique physical characteristic capable of being
matched automatically
possible to match at acceptably low rates of
error
possible to perform automatic one-to-many
identification matching, with a high accuracy
(near 100%) against a reference database
consisting of tens or hundreds of millions of
records;
accepted in a court of law as a legal proof of
identity
Authentication
Identification – selection of one from many
e.g. fingerprints from a crime scene
Verification – “I am who I claim to be” e.g.
passports or ID cards
The Technologies - Types
Fingerprints
Hand/Finger geometry
Voice print
Signatures
Facial Recognition
Vein Patterns
Iris Recognition
Retina Scans
DNA
Others
The Technologies - Concepts
Generic method
Accuracy
General concerns
Generic Method - Enrolment
Measure
Generate template
Record
Generic Method - Operation
Biometrics at the Frontiers: Assessing the Impact on Society (2005)
Accuracy?
Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG
Performance Improvements
- Facial Recognition
Phillips et al. “FRVT 2006 and ICE 2006 Large-Scale Results”. (2007)
7 Pillars of (biometric) Wisdom
•
•
•
•
•
•
•
Universality
Uniqueness
Permanence
Collectability
Performance
Acceptability
Circumvention
EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)
7 Pillars of (biometric) Wisdom
The Technologies - Challenges
Spoofing / Mimicry / Residual Images
Usability
Accessibility
Hygiene
Safety
Secondary use
Public Perception
DNA
Physical sample required
Slow to process
Lowest FAR & FRR
FTE & FTA of 0%
DNA – Uniqueness?
DNA – Acceptability?
97% were happy to include a photograph
79% fingerprints
62% eye recognition (no distinction was made
between iris and retina scans)
41% approved of the inclusion of DNA details
Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and
Security Concerns” (2003)
DNA – Foolproof?
Scene of crime samples in particular may be
contaminated, degraded, and misinterpreted
(especially if mixed). Human errors (e.g. sample
mix-ups) will occur.
Need for corroborating evidence.
Expanding databases could lead to an overreliance on ‘cold hits’.
Increased potential for ‘framing’ of suspects?
“The forensic use of Bioinformation: ethical issues”
Nuffield Council on Bioethics (2007)
Privacy Assessment - 1
Overt
1. Are users aware of the system's
operation?
Covert
Optional
2. Is the system optional or mandatory?
Mandatory
Verification
3. Is the system used for identification
or verification?
Identification
Fixed Period
4. Is the system deployed for a fixed
period of time?
Indefinite
Private Sector
5. Is the deployment public or private
sector?
Public Sector
Privacy Assessment - 2
Individual,
Customer
Enrollee
Personal
Storage
6. In what capacity is the user
interacting with the system?
7. Who owns the biometric information?
8. Where is the biometric data stored?
Employee,
Citizen
Institution
Database
Storage
Behavioral
9. What type of biometric technology is
being deployed?
Physiological
Templates
10. Does the system utilize biometric
templates, biometric images, or both?
Images
International Biometric Group – www.bioprivacy.org
Risk Assessment - DNA
Positive Privacy
Aspects
Negative Privacy
Aspects
Bioprivacy Technology
Risk Rating
Currently
Unchanging
Identification: H
Covert:
H
Physiological: H
Image:
H
Databases:
H
Risk Rating: H
slow and
complex to process
Analysis device non
portable
over
subject’s whole lifetime
Use in forensic
applications
Strong identification
capabilities
Not unique for identical
twins
Samples can be
collected without
consent/knowledge
Possible to extract
additional genetic
information
Legal Background
Enabling Legislation
Constraints
Uses and Abuses
Challenges
Enabling Legislation
NDNAD's
– 3.8 million samples by Jan 2007 (6%)
Canada
Australia
NZ
USA
UK
Prum: “Member States shall open and keep national
DNA analysis files for the investigation of criminal
offences”
Constraints
Privacy
Human
Rights
US Constitution
Common Law
Privacy Acts
Data Protection Law
Challenges
UK – via HRA 1998 Articles 8 and/or 14
R
v Marper – now at ECHR
US – via 4th Amendment
US
v Kincade
Johson v Quander
Canada – via s.8 of CCRF
R
v Rodgers
Uses and Abuses
Collection and Retention
Forensic
DNAD's
Other DNAD's
Data Sharing
Privacy Challenges
Evidence
Scope Creep
Ethics - What is identity?
Conclusion
ID fraud becomes worse if there is a single
strong identifier
Biometrics do not offer non-repudiation
Biometrics should be confined to smart
cards or encrypted if on databases
Biometrics are useless once compromised
Questions
[email protected]