Privacy Commissioner Wants Feedback on Biometrics
The Canadian Privacy Commissioner’s most recent newsletter refers to a document entitled “Data at Your Fingertips: Biometrics and the Challenges to Privacy“.
I believe that biometrics will ultimately be the right solution for authentication and identification, and will help reduce the use of passwords which, lets face it, are very difficult in practice to use to their best theoretical effectiveness.
There are however challenges in using biometrics relating to privacy and identity theft.
The document starts off by saying:
Canadians are witnessing a growing interest among government and private-sector organizations in adopting systems that use biometric characteristics to automatically identify people or verify their identity. But whether a fingertip, a face or an iris is being scanned, what’s being collected is personal information about an identifiable individual.
And that makes it our interest too.
The Office of the Privacy Commissioner of Canada has prepared this primer on biometrics and the systems that use them. It also describes some of the privacy implications raised by this emerging field, as well as measures to mitigate the risks.
The document invites comments on the issue of privacy and biometrics before March 31.
It would seem as if the only real way to prove you are who you claim you are to an automated system is through the use of biometrics as a means of authentication. Identity theft is exceedingly common these days. The use of biometrics, however, creates a whole new area of concern. When non-biometric security authentication elements are breached, security can be reestablished by selecting new authentication elements. The same cannot be done in an instance where stored biometric information is breached. Biometric information cannot be changed. Our fingerprints, face, retina and all, are what they are. The question we are faced with is how we can truly secure our biometric information. We can change our name or address, but we cannot change our body parts.
Turning the human body into the ultimate identification card is extremely dangerous. The possibility of fraud with electronic chips and biometric data should not be underestimated. Exposing or losing biometric property is a permanent problem for the life of the individual, since, as we’ve mentioned, there is no practical way of changing one’s physiological or behavioral characteristics. How do you replace your finger if a hacker figures out how to duplicate it? If your biometric information is exposed, in theory, you may never be able to prove who you say you are, who you actually are or, worse yet, prove you are not who you say you aren’t.