Presentation on theme: "The Challenge of Biometrics Laurence Edge. Proposition."— Presentation transcript:
The Challenge of Biometrics Laurence Edge
Agenda Biometrics – some definitions Technical background What are the issues? Solutions?
Definition - 1 a general term for technologies that permit matches between a live digital image of a part of the body and a previously recorded image of the same part usually indexed to personal or financial information (Alterman )
Definition - 2 measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics (Mordini )
Definition – 3 (mine!) unique physical characteristic capable of being matched automatically possible to match at acceptably low rates of error possible to perform automatic one-to-many identification matching, with a high accuracy (near 100%) against a reference database consisting of tens or hundreds of millions of records; accepted in a court of law as a legal proof of identity
Authentication Identification – selection of one from many e.g. fingerprints from a crime scene Verification – I am who I claim to be e.g. passports or ID cards
Performance Improvements - Facial Recognition Phillips et al. FRVT 2006 and ICE 2006 Large-Scale Results. (2007)
7 Pillars of (biometric) Wisdom Universality Uniqueness Permanence Collectability Performance Acceptability Circumvention EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)
7 Pillars of (biometric) Wisdom
The Technologies - Challenges Spoofing / Mimicry / Residual Images Usability Accessibility Hygiene Safety Secondary use Public Perception
DNA Physical sample required Slow to process Lowest FAR & FRR FTE & FTA of 0%
DNA – Uniqueness?
97% were happy to include a photograph 79% fingerprints 62% eye recognition (no distinction was made between iris and retina scans) 41% approved of the inclusion of DNA details Hiltz, Han, Briller. Public Attitudes towards a National Identity "Smart Card:" Privacy and Security Concerns (2003) DNA – Acceptability?
DNA – Foolproof? Scene of crime samples in particular may be contaminated, degraded, and misinterpreted (especially if mixed). Human errors (e.g. sample mix-ups) will occur. Need for corroborating evidence. Expanding databases could lead to an over- reliance on cold hits. Increased potential for framing of suspects? The forensic use of Bioinformation: ethical issues Nuffield Council on Bioethics (2007)
Privacy Assessment - 1 Overt 1. Are users aware of the system's operation? Covert Optional 2. Is the system optional or mandatory?Mandatory Verification 3. Is the system used for identification or verification? Identification Fixed Period 4. Is the system deployed for a fixed period of time? Indefinite Private Sector 5. Is the deployment public or private sector? Public Sector
Privacy Assessment - 2 Individual, Customer 6. In what capacity is the user interacting with the system? Employee, Citizen Enrollee 7. Who owns the biometric information? Institution Personal Storage8. Where is the biometric data stored? Database Storage Behavioral9. What type of biometric technology is being deployed? Physiological Templates10. Does the system utilize biometric templates, biometric images, or both? Images International Biometric Group –
Risk Assessment - DNA Positive Privacy Aspects Negative Privacy Aspects Bioprivacy Technology Risk Rating Currently slow and complex to process Analysis device non portable Unchanging over subjects whole lifetime Use in forensic applications Strong identification capabilities Not unique for identical twins Samples can be collected without consent/knowledge Possible to extract additional genetic information Identification: H Covert: H Physiological: H Image: H Databases: H Risk Rating: H
Legal Background Enabling Legislation Constraints Uses and Abuses Challenges
Enabling Legislation NDNAD's UK – 3.8 million samples by Jan 2007 (6%) Canada Australia NZ USA Prum:Member States shall open and keep national DNA analysis files for the investigation of criminal offences
Constraints Privacy Human Rights US Constitution Common Law Privacy Acts Data Protection Law
Challenges UK – via HRA 1998 Articles 8 and/or 14 R v Marper – now at ECHR US – via 4 th Amendment US v Kincade Johson v Quander Canada – via s.8 of CCRF R v Rodgers
Uses and Abuses Collection and Retention Forensic DNAD's Other DNAD's Data Sharing Privacy Challenges Evidence Scope Creep Ethics - What is identity?
Conclusion ID fraud becomes worse if there is a single strong identifier Biometrics do not offer non-repudiation Biometrics should be confined to smart cards or encrypted if on databases Biometrics are useless once compromised