The Challenge of

dashingincestuousSécurité

22 févr. 2014 (il y a 3 années et 6 mois)

74 vue(s)

The Challenge of
Biometrics

Laurence Edge

Proposition

Over
-
optimism
re accuracy
Over
-
optimism
re accuracy
Enthusiasm
to deploy
Enthusiasm
to deploy
Threats to
Privacy
?
Threats to
Privacy
?
Immature
legal framework
Immature
legal framework
Agenda


Biometrics


some definitions


Technical background


What are the issues?


Solutions?

Definition
-

1



a general term for technologies that
permit matches between a ‘live’ digital
image of a part of the body and a
previously recorded image of the same
part usually indexed to personal or
financial information”



(Alterman
-

2003)

Definition
-

2



measuring relevant attributes of living
individuals or populations to identify active
properties or unique characteristics



(Mordini
-

2004)

Definition


3 (mine!)


unique physical characteristic capable of being
matched automatically


possible to match at acceptably low rates of
error


possible to perform automatic one
-
to
-
many
identification matching, with a high accuracy
(near 100%) against a reference database
consisting of tens or hundreds of millions of
records;


accepted in a court of law as a legal proof of
identity


Authentication


Identification


selection of one from many
e.g. fingerprints from a crime scene


Verification


“I am who I claim to be” e.g.
passports or ID cards


The Technologies
-

Types


Fingerprints


Hand/Finger geometry


Voice print


Signatures


Facial Recognition


Vein Patterns


Iris Recognition


Retina Scans


DNA


Others

The Technologies
-

Concepts



Generic method


Accuracy


General concerns


Generic Method
-

Enrolment


Measure


Generate template


Record



Generic Method
-

Operation

Biometrics at the Frontiers: Assessing the Impact on Society (2005)


Accuracy?

Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG

Performance Improvements

-

Facial Recognition

Phillips et al. “FRVT 2006 and ICE 2006 Large
-
Scale Results”. (2007)


7 Pillars of (biometric) Wisdom


Universality


Uniqueness


Permanence


Collectability


Performance


Acceptability


Circumvention


EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)


7 Pillars of (biometric) Wisdom

The Technologies
-

Challenges


Spoofing / Mimicry / Residual Images


Usability


Accessibility


Hygiene


Safety


Secondary use


Public Perception


DNA


Physical sample required


Slow to process


Lowest FAR & FRR


FTE & FTA of 0%

DNA


Uniqueness?




97% were happy to include a photograph


79% fingerprints


62% eye recognition (no distinction was made
between iris and retina scans)


41% approved of the inclusion of DNA details



Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and
Security Concerns” (2003)


DNA


Acceptability?

DNA


Foolproof?


Scene of crime samples in particular may be
contaminated, degraded, and misinterpreted
(especially if mixed). Human errors (e.g. sample
mix
-
ups) will occur.


Need for corroborating evidence.


Expanding databases could lead to an over
-
reliance on ‘cold hits’.


Increased potential for ‘framing’ of suspects?


“The forensic use of Bioinformation: ethical issues”
Nuffield Council on Bioethics (2007)

Privacy Assessment
-

1

Overt

1. Are users aware of the system's
operation?

Covert

Optional


2. Is the system optional or mandatory?

Mandatory

Verification

3. Is the system used for identification
or verification?

Identification

Fixed Period

4. Is the system deployed for a fixed
period of time?

Indefinite

Private Sector

5. Is the deployment public or private
sector?

Public Sector

Privacy Assessment
-

2

Individual,

Customer


6. In what capacity is the user
interacting

with the system?

Employee,

Citizen

Enrollee


7. Who owns the biometric information?

Institution

Personal
Storage


8. Where is the biometric data stored?

Database
Storage

Behavioral


9. What type of biometric technology is
being deployed?

Physiological

Templates


10. Does the system utilize biometric
templates, biometric images, or both?

Images

International Biometric Group


www.bioprivacy.org

Risk Assessment
-

DNA

Positive Privacy
Aspects

Negative Privacy
Aspects

Bioprivacy Technology
Risk Rating


Currently slow and
complex to process


Analysis device non
portable



Unchanging over
subject’s whole lifetime


Use in forensic
applications


Strong identification
capabilities


Not unique for identical
twins


Samples can be
collected without
consent/knowledge


Possible to extract
additional genetic
information


Identification: H

Covert: H

Physiological: H

Image: H

Databases: H


Risk Rating: H


Legal Background


Enabling Legislation


Constraints


Uses and Abuses


Challenges


Enabling Legislation


NDNAD's


UK


3.8 million samples by Jan 2007 (6%)


Canada


Australia


NZ


USA


Prum:

Member States shall open and keep national
DNA analysis files for the investigation of criminal
offences



Constraints


Privacy


Human Rights


US Constitution


Common Law


Privacy Acts


Data Protection Law


Challenges


UK


via HRA 1998 Articles 8 and/or 14


R v Marper


now at ECHR (
27 Feb 2008
)


US


via 4
th

Amendment


US v Kincade


Johson v Quander


Canada


via s.8 of CCRF


R v Rodgers

Uses and Abuses


Collection and Retention


Forensic DNAD's


Other DNAD's


Data Sharing


Privacy Challenges


Evidence


Scope Creep


Ethics
-

What is identity?


Conclusion


ID fraud becomes worse if there is a single
strong identifier


Biometrics do not offer non
-
repudiation


Biometrics should be confined to smart
cards or encrypted if on databases


Biometrics are useless once compromised

Questions

laurence.edge@resultex.co.nz