Ann Cavoukian<\/a> has really thought about biometrics – and fingerprinting. As the Privacy Commissioner of Ontario, she hasn't hesitated to join the conversation we have been having as technologists – and has contributed to it in concrete ways. For example, beyond bringing the Laws of Identity to the attention of policy makers, she extended them <\/a>to make all the privacy implications explicit.<\/p>\n Now she and Alex Stoianov, a biometrics scientist, have published a joint paper called Biometric Encrypton: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy<\/a>. It is too early to know to what extent Biometric Encryption (BE) will achieve its promise and become a mainstream technology. But everyone who reads the paper will understand why it is absolutely premature to begin using “conventional biometrics” in schools – or pubs. The following table, taken from the paper, summarizes the benefits BE could hold out for us:<\/p>\n \n
| <\/td>\n | Traditional Biometrics:<\/span> \nPrivacy OR Security \nA Zero-Sum Game<\/span><\/td>\n | Biometric Encryption:<\/span> \nPrivacy AND Security – A Positive-Sum Game<\/span><\/td>\n<\/tr>\n 1<\/td>\n | The biometric template stored is an identifier unique to the individual.<\/td>\n | There is no conventional biometric template, therefore no unique biometric identifier may be tied to the individual. (pp. 16, 17)<\/td>\n<\/tr>\n | 2<\/td>\n | Secondary uses of the template (unique identifier) can be used to log transactions if biometrics become widespread.<\/td>\n | Without a unique identifier, transactions cannot be collected or tied to an individual. (pp. 17, 25)<\/td>\n<\/tr>\n | 3<\/td>\n | A compromised database of individual biometrics or their templates affects the privacy of all individuals.<\/td>\n | No large databases of biometrics are created, only biometrically encrypted keys. Any compromise would have to take place one key at a time. (pp. 23)<\/td>\n<\/tr>\n | 4<\/td>\n | Privacy and security not possible.<\/td>\n | Privacy and security easily achieved. (pp. 17-20, 26-28)<\/td>\n<\/tr>\n | 5<\/td>\n | Biometric cannot achieve a high level of challenge-response security.<\/td>\n | Challenge-response security is an easily available option. (pp. 26-28)<\/td>\n<\/tr>\n | 6<\/td>\n | Biometrics can only indirectly protect privacy of personal information in large private or public databases.<\/td>\n | BE can enable the creation of a private and highly secure anonymous database structure for personal information in large private or public databases. (pp. 19, 20, 27)<\/td>\n<\/tr>\n | 7<\/td>\n | 1:many <\/em>identification systems suffer from serious privacy concerns if the database is compromised.<\/td>\n | 1:many <\/em>identification systems are both private and secure. (pp. 17, 20)<\/td>\n<\/tr>\n | 8<\/td>\n | Users\u00e2\u20ac\u2122 biometric images or templates cannot easily be replaced in the event of a breach, theft or account compromise.<\/td>\n | Biometrically encrypted account identifiers can be revoked and a new identifier generated in the event of breach or database compromise. (pp. 17)<\/td>\n<\/tr>\n | 9<\/td>\n | Biometric system is vulnerable to potential attacks.<\/td>\n | BE is resilient to many known attacks. (pp. 18)<\/td>\n<\/tr>\n | 10<\/td>\n | Data aggregation<\/td>\n | Data minimization (pp. 17)<\/td>\n<\/tr>\n<\/table>\n | I'll be writing about the basic idea involved in BE. But I advise downloading the paper since beyond BE, it provides an excellent and well structured discussion of the issues with biometrics in general.<\/p>\n","protected":false},"excerpt":{"rendered":" Reading this paper will explain why it is way too early to use biometrics in schools – or pubs.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,17,3,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/733"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=733"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/733\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |