The Challenge of Biometrics

1
The Challenge of Biometrics

• Laurence Edge

2
Proposition
3
Agenda

• Biometrics some definitions
• Technical background
• What are the issues?
• Solutions?

4
Definition - 1

• a general term for technologies that permit
  matches between a live digital image of a part
  of the body and a previously recorded image of
  the same part usually indexed to personal or
  financial information
• (Alterman - 2003)

5
Definition - 2

• measuring relevant attributes of living
  individuals or populations to identify active
  properties or unique characteristics
• (Mordini - 2004)

6
Definition 3 (mine!)

• unique physical characteristic capable of being
  matched automatically
• possible to match at acceptably low rates of
  error
• possible to perform automatic one-to-many
  identification matching, with a high accuracy
  (near 100) against a reference database
  consisting of tens or hundreds of millions of
  records
• accepted in a court of law as a legal proof of
  identity

7
Authentication

• Identification selection of one from many e.g.
  fingerprints from a crime scene
• Verification I am who I claim to be e.g.
  passports or ID cards

8
The Technologies - Types

• Fingerprints
• Hand/Finger geometry
• Voice print
• Signatures
• Facial Recognition
• Vein Patterns
• Iris Recognition
• Retina Scans
• DNA
• Others

9
The Technologies - Concepts

• Generic method
• Accuracy
• General concerns

10
Generic Method - Enrolment

• Measure
• Generate template
• Record

11
Generic Method - Operation
Biometrics at the Frontiers Assessing the Impact
on Society (2005)
12
Accuracy?
Biometric Product Testing Final report, Issue
1.0 (2001) CESG/BWG
13
Performance Improvements- Facial Recognition
Phillips et al. FRVT 2006 and ICE 2006
Large-Scale Results. (2007)
14
7 Pillars of (biometric) Wisdom

• Universality
• Uniqueness
• Permanence
• Collectability
• Performance
• Acceptability
• Circumvention
• EC report Biometrics at the Frontiers Assessing
  the Impact on Society (2005)

15
7 Pillars of (biometric) Wisdom
16
The Technologies - Challenges

• Spoofing / Mimicry / Residual Images
• Usability
• Accessibility
• Hygiene
• Safety
• Secondary use
• Public Perception

17
DNA

• Physical sample required
• Slow to process
• Lowest FAR FRR
• FTE FTA of 0

18
DNA Uniqueness?
19

DNA Acceptability?

• 97 were happy to include a photograph
• 79 fingerprints
• 62 eye recognition (no distinction was made
  between iris and retina scans)
• 41 approved of the inclusion of DNA details
• Hiltz, Han, Briller. Public Attitudes towards a
  National Identity "Smart Card" Privacy and
  Security Concerns (2003)

20
DNA Foolproof?

• Scene of crime samples in particular may be
  contaminated, degraded, and misinterpreted
  (especially if mixed). Human errors (e.g. sample
  mix-ups) will occur.
• Need for corroborating evidence.
• Expanding databases could lead to an
  over-reliance on cold hits.
• Increased potential for framing of suspects?
• The forensic use of Bioinformation ethical
  issues Nuffield Council on Bioethics (2007)

21
Privacy Assessment - 1
Overt 1. Are users aware of the system's operation? Covert
Optional  2. Is the system optional or mandatory? Mandatory
Verification 3. Is the system used for identification or verification? Identification
Fixed Period 4. Is the system deployed for a fixed period of time? Indefinite
Private Sector 5. Is the deployment public or private sector? Public Sector
22
Privacy Assessment - 2
Individual,Customer 6. In what capacity is the user interacting with the system? Employee,Citizen
Enrollee 7. Who owns the biometric information? Institution
Personal Storage 8. Where is the biometric data stored? Database Storage
Behavioral 9. What type of biometric technology is being deployed? Physiological
Templates 10. Does the system utilize biometric templates, biometric images, or both? Images
International Biometric Group www.bioprivacy.org
23
Risk Assessment - DNA
Positive Privacy Aspects Negative Privacy Aspects Bioprivacy Technology Risk Rating
Currently slow and complex to process Analysis device non portable Unchanging over subjects whole lifetime Use in forensic applications Strong identification capabilities Not unique for identical twins Samples can be collected without consent/knowledge Possible to extract additional genetic information Identification HCovert HPhysiological H Image H Databases H Risk Rating H
24
Legal Background

• Enabling Legislation
• Constraints
• Uses and Abuses
• Challenges

25
Enabling Legislation

• NDNAD's
• UK 3.8 million samples by Jan 2007 (6)
• Canada
• Australia
• NZ
• USA
• Prum Member States shall open and keep national
  DNA analysis files for the investigation of
  criminal offences

26
Constraints

• Privacy
• Human Rights
• US Constitution
• Common Law
• Privacy Acts
• Data Protection Law

27
Challenges

• UK via HRA 1998 Articles 8 and/or 14
• R v Marper now at ECHR
• US via 4th Amendment
• US v Kincade
• Johson v Quander
• Canada via s.8 of CCRF
• R v Rodgers

28
Uses and Abuses

• Collection and Retention
• Forensic DNAD's
• Other DNAD's
• Data Sharing
• Privacy Challenges
• Evidence
• Scope Creep
• Ethics - What is identity?

29
Conclusion

• ID fraud becomes worse if there is a single
  strong identifier
• Biometrics do not offer non-repudiation
• Biometrics should be confined to smart cards or
  encrypted if on databases
• Biometrics are useless once compromised

30
Questions
laurence.edge_at_resultex.co.nz