Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Challenge of Biometrics

Similar presentations

Presentation on theme: "The Challenge of Biometrics"— Presentation transcript:

1 The Challenge of Biometrics
Laurence Edge

2 Proposition 1 – challenge the belief that all biometrics are accurate
2 – rush to deploy regardless of the privacy considerations 3 – within a legal framework which is still actively evolving

3 Agenda Biometrics – some definitions Technical background
What are the issues? Solutions?

4 Definition - 1 “a general term for technologies that permit matches between a ‘live’ digital image of a part of the body and a previously recorded image of the same part usually indexed to personal or financial information” (Alterman )

5 Definition - 2 “measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics” (Mordini )

6 Definition – 3 (mine!) unique physical characteristic capable of being matched automatically possible to match at acceptably low rates of error possible to perform automatic one-to-many identification matching, with a high accuracy (near 100%) against a reference database consisting of tens or hundreds of millions of records; accepted in a court of law as a legal proof of identity

7 Authentication Identification – selection of one from many e.g. fingerprints from a crime scene Verification – “I am who I claim to be” e.g. passports or ID cards for identification, the system must ensure the uniqueness of each member of the target population and as the size of the population grows, so does the probability that more than one user will fall within the match criteria, whereas when used for verification, a token is provided to allow the system to determine which identity is being claimed, and therefore which specific template to check against

8 The Technologies - Types
Fingerprints Hand/Finger geometry Voice print Signatures Facial Recognition Vein Patterns Iris Recognition Retina Scans DNA Others Others includes Gait BO ! Ear prints

9 The Technologies - Concepts
Generic method Accuracy General concerns

10 Generic Method - Enrolment
Measure Generate template Record

11 Generic Method - Operation
Biometrics at the Frontiers: Assessing the Impact on Society (2005)

12 Accuracy? Key concept is to understand that the matching process is probabilistic and is subject to statistical error Ideal is to reduce FRR without raising FAR - FTE – Failure to Enrol FTA – Failure to Acquire FMR/FNMR – False Match Rate / False Non-Match Rate FAR – False Acceptance Rate FRR – False Reject Rate FAR & FRR are the key ones operationally Graph - Top left good, bottom right is bad Standard way of quoting is FRR at a standard FAR (typically 0.001) FAR represents a direct security threat while FRR is more of a usability issue What do these error rates mean in real terms? If we consider the prospect of using a biometric identifier to control access to air travel, an FAR of 1% could allow at least one “bad guy” to board virtually any full commercial jet flight, and four or more on a jumbo jet, while conversely, an FRR of 1% could result in at least one innocent person on every flight being falsely matched to someone in a database of suspicious people. FAR Strength (CESG/BWG suggestions) 1 in 100 Basic 1 in Medium 1 in High Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG

13 Performance Improvements - Facial Recognition
Facial Recognition rate of improvement Phillips et al. “FRVT 2006 and ICE 2006 Large-Scale Results”. (2007)

14 7 Pillars of (biometric) Wisdom
Universality Uniqueness Permanence Collectability Performance Acceptability Circumvention EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005) Universality All human beings are endowed with the same physical characteristics - such as fingers, iris, face, DNA – which can be used for identification Uniqueness For each person these characteristics are unique, and thus constitute a distinguishing feature Permanence These characteristics remain largely unchanged throughout a person's life Collectability A person's unique physical characteristics need to be collected in a reasonably easy fashion for quick identification Performance The degree of accuracy of identification must be quite high before the system can be operational Acceptability Applications will not be successful if the public offers strong and continuous resistance to biometrics Circumvention In order to provide added security, a system needs to be harder to circumvent than existing identity management systems

15 7 Pillars of (biometric) Wisdom

16 The Technologies - Challenges
Spoofing / Mimicry / Residual Images Usability Accessibility Hygiene Safety Secondary use Public Perception Spoofing etc – incorporation of “liveness” tests, multi-mode biometrics, biometrics+passwords/PINs UKPS figures: Average time for all enrolments (pass or fail) was 8 minutes 15 seconds (10 minutes 20 seconds for disabled participants); Verification times for non-disabled participants were 39 seconds for facial recognition, 58 seconds for iris scanning and 1 minute 13 seconds for fingerprint scanning. Hygiene concerns about contact sensors (fingerprints and some handprint devices) Think what this would mean for 400 passengers on a jumbo Safety doubts related to illuminating the eye for iris or retina scanning Fears about secondary medical use of genetic information derivable from DNA samples or iris scans

17 DNA Physical sample required Slow to process Lowest FAR & FRR
FTE & FTA of 0% A small portion of the extracted DNA is used to obtain a DNA profile. A standard laboratory technique (the polymerase chain reaction, or PCR) is used to make millions of copies of specific parts of the original DNA, the ‘markers’. These markers consist of repeated short sequences of DNA that vary in length between different people. The current standard profiling technique in the United Kingdom, SGM+, uses ten markers of a type called short tandem repeats (STRs) DNA differs from standard biometrics in several ways. 1)     DNA requires a tangible physical sample as opposed to an impression, image, or recording. 2)     DNA matching is not done in real-time, nor are all stages of comparison always automated (though this is not likely to be the case fairly soon). 3)     DNA matching does not employ templates or feature extraction, but rather represents the comparison of actual samples. Regardless of these basic differences, DNA is a type of biometric inasmuch as it is the use of a physiological characteristic to verify or determine identity. Furthermore, it is one biometric which may become usable as a unique identifier, as consistent "templates" may eventually be generated from DNA. For this reason, as well as the theoretical ability to determine information about a user from DNA, render its usage highly problematic from a privacy perspective.  Whether DNA will find use beyond its current use in forensic applications is uncertain. Intelligent discussion on how, when, and where it should and should not be used, and who will control the data, and how it should be stored, is necessary before its use begins to expand into potentially troubling areas. These definitions will vary by application: it illogical to suggest that the usage of DNA in public benefits programs, which nearly all would view as highly problematic, should be viewed as an equivalent to the use of DNA in a criminal investigation. Thinking about the dangers of DNA as a biometric is helpful as it underscores the tremendous variety of biometric technologies available, and makes clear that blanket statements about biometrics are generally misleading.

18 DNA – Uniqueness?

19 DNA – Acceptability? 97% were happy to include a photograph
79% fingerprints 62% eye recognition (no distinction was made between iris and retina scans) 41% approved of the inclusion of DNA details Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and Security Concerns” (2003)

20 DNA – Foolproof? Scene of crime samples in particular may be contaminated, degraded, and misinterpreted (especially if mixed). Human errors (e.g. sample mix-ups) will occur. Need for corroborating evidence. Expanding databases could lead to an over-reliance on ‘cold hits’. Increased potential for ‘framing’ of suspects? “The forensic use of Bioinformation: ethical issues” Nuffield Council on Bioethics (2007) Familial Searching Ethnic Inferences DNA Photofit (hair colour + eye colour + skin colour) Surname!! Y-chromosome and surname both come down the male line therefore possible correlation

21 Privacy Assessment - 1 Overt
1. Are users aware of the system's operation? Covert Optional  2. Is the system optional or mandatory? Mandatory Verification 3. Is the system used for identification or verification? Identification Fixed Period 4. Is the system deployed for a fixed period of time? Indefinite Private Sector 5. Is the deployment public or private sector? Public Sector International Biometric Group have proposed “BioPrivacy Application Impact Framework” (see Low risk on left (green) High Risk on right (Red)

22 Privacy Assessment - 2 Individual, Customer
6. In what capacity is the user interacting with the system? Employee, Citizen Enrollee 7. Who owns the biometric information? Institution Personal Storage 8. Where is the biometric data stored? Database Storage Behavioral 9. What type of biometric technology is being deployed? Physiological Templates 10. Does the system utilize biometric templates, biometric images, or both? Images International Biometric Group –

23 Risk Assessment - DNA Positive Privacy Aspects
Negative Privacy Aspects Bioprivacy Technology Risk Rating Currently slow and complex to process Analysis device non portable Unchanging over subject’s whole lifetime Use in forensic applications Strong identification capabilities Not unique for identical twins Samples can be collected without consent/knowledge Possible to extract additional genetic information Identification: H Covert: H Physiological: H Image: H Databases: H  Risk Rating: H

24 Legal Background Enabling Legislation Constraints Uses and Abuses

25 Enabling Legislation NDNAD's
UK – 3.8 million samples by Jan 2007 (6%) Canada Australia NZ USA Prum: “Member States shall open and keep national DNA analysis files for the investigation of criminal offences” - UK- PACE 1984, amended by CJPOA 1994 & CE(A) 1997, CJPA (2001), CJA (2003), SOCPA (2005) now only “suspicion of a recordable offence” , indefinite retention of samples, no right to destruction - Canada only convicted offenders - Australia is on a state by state basis and inter-state matching only started in 2005 NZ is Criminal Investigations (Bodily Samples) Act 1995, amended in from convicted offenders or volunteers, destruction within 12 months if not charged or acquitted Prum convention between 15 states in 2005, to be incorporated by June 2007. “Where, in ongoing investigations or criminal proceedings, there is no DNA profile available for a particular individual present within a requested Member State's territory, the requested Member State shall provide legal assistance by collecting and examining cellular material from that individual and by supplying the DNA profile obtained” Implications of Prum

26 Constraints Privacy Data Protection Law Human Rights US Constitution
Common Law Privacy Acts Data Protection Law

27 Challenges UK – via HRA 1998 Articles 8 and/or 14
R v Marper – now at ECHR US – via 4th Amendment US v Kincade Johson v Quander Canada – via s.8 of CCRF R v Rodgers US: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

28 Uses and Abuses Collection and Retention Data Sharing
Forensic DNAD's Other DNAD's Data Sharing Privacy Challenges Evidence Scope Creep Ethics - What is identity? Other DNADs NZ - H v G (2000) - a very specific case of forensic use of a non-forensic database Alterman[1] listed three privacy concerns that he associated with biometrics Threats to one’s person; The use of biometric id’s to collect and collate data for purposes not intended or desired by the individual; Unauthorised access to personal information through abuse or theft of data. It is through the defence of the right to privacy that the existence and growth of DNA databases have faced their strongest challenges to date, but the majority of cases have occurred in jurisdictions without specific privacy laws and defences have instead adopted the vehicles of Human Rights and Constitutional protections. [1] Anton Alterman, “A piece of yourself”: Ethical issues in biometric identification, Ethics and Information Technology 5: p141, 2003 Potential for “Familial Matching” once NDNAD is large enough!! Evidence: DNA carries sufficient power to sway judges to attach uneven weight to its value “privacy is control over how and where we are presented to others. The proliferation of representations that identify us uniquely thus represents a loss of privacy and a threat to the self-respect which privacy rights preserve”.

29 Conclusion ID fraud becomes worse if there is a single strong identifier Biometrics do not offer non-repudiation Biometrics should be confined to smart cards or encrypted if on databases Biometrics are useless once compromised Non-repudiation of authentication typically rests on 2 considerations: · Strength of binding of the authenticator to the individual in question · Informed consent of the individual at the time the authentication was given

30 Questions

Download ppt "The Challenge of Biometrics"

Similar presentations

Ads by Google