320 likes | 787 Views
The Challenge of Biometrics. Laurence Edge. Proposition. Agenda. Biometrics – some definitions Technical background What are the issues? Solutions?. Definition - 1.
E N D
The Challenge of Biometrics Laurence Edge
Agenda • Biometrics – some definitions • Technical background • What are the issues? • Solutions?
Definition - 1 • “a general term for technologies that permit matches between a ‘live’ digital image of a part of the body and a previously recorded image of the same part usually indexed to personal or financial information” (Alterman - 2003)
Definition - 2 • “measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics” (Mordini - 2004)
Definition – 3 (mine!) • unique physical characteristic capable of being matched automatically • possible to match at acceptably low rates of error • possible to perform automatic one-to-many identification matching, with a high accuracy (near 100%) against a reference database consisting of tens or hundreds of millions of records; • accepted in a court of law as a legal proof of identity
Authentication • Identification – selection of one from many e.g. fingerprints from a crime scene • Verification – “I am who I claim to be” e.g. passports or ID cards
The Technologies - Types • Fingerprints • Hand/Finger geometry • Voice print • Signatures • Facial Recognition • Vein Patterns • Iris Recognition • Retina Scans • DNA • Others
The Technologies - Concepts • Generic method • Accuracy • General concerns
Generic Method - Enrolment • Measure • Generate template • Record
Generic Method - Operation Biometrics at the Frontiers: Assessing the Impact on Society (2005)
Accuracy? Biometric Product Testing: Final report, Issue 1.0 (2001): CESG/BWG
Performance Improvements- Facial Recognition Phillips et al. “FRVT 2006 and ICE 2006 Large-Scale Results”. (2007)
7 Pillars of (biometric) Wisdom • Universality • Uniqueness • Permanence • Collectability • Performance • Acceptability • Circumvention EC report: Biometrics at the Frontiers: Assessing the Impact on Society (2005)
The Technologies - Challenges • Spoofing / Mimicry / Residual Images • Usability • Accessibility • Hygiene • Safety • Secondary use • Public Perception
DNA • Physical sample required • Slow to process • Lowest FAR & FRR • FTE & FTA of 0%
DNA – Acceptability? • 97% were happy to include a photograph • 79% fingerprints • 62% eye recognition (no distinction was made between iris and retina scans) • 41% approved of the inclusion of DNA details Hiltz, Han, Briller. “Public Attitudes towards a National Identity "Smart Card:" Privacy and Security Concerns” (2003)
DNA – Foolproof? • Scene of crime samples in particular may be contaminated, degraded, and misinterpreted (especially if mixed). Human errors (e.g. sample mix-ups) will occur. • Need for corroborating evidence. • Expanding databases could lead to an over-reliance on ‘cold hits’. • Increased potential for ‘framing’ of suspects? • “The forensic use of Bioinformation: ethical issues” Nuffield Council on Bioethics (2007)
Privacy Assessment - 2 International Biometric Group – www.bioprivacy.org
Legal Background • Enabling Legislation • Constraints • Uses and Abuses • Challenges
Enabling Legislation • NDNAD's • UK – 3.8 million samples by Jan 2007 (6%) • Canada • Australia • NZ • USA • Prum: “Member States shall open and keep national DNA analysis files for the investigation of criminal offences”
Constraints • Privacy • Human Rights • US Constitution • Common Law • Privacy Acts • Data Protection Law
Challenges • UK – via HRA 1998 Articles 8 and/or 14 • R v Marper – now at ECHR (27 Feb 2008) • US – via 4th Amendment • US v Kincade • Johson v Quander • Canada – via s.8 of CCRF • R v Rodgers
Uses and Abuses • Collection and Retention • Forensic DNAD's • Other DNAD's • Data Sharing • Privacy Challenges • Evidence • Scope Creep • Ethics - What is identity?
Conclusion • ID fraud becomes worse if there is a single strong identifier • Biometrics do not offer non-repudiation • Biometrics should be confined to smart cards or encrypted if on databases • Biometrics are useless once compromised
Questions laurence.edge@resultex.co.nz