180 likes | 359 Views
Biometrics & the Privacy Paradigm: Separating Fact from Fiction. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security and Privacy: Friends, Foes or Partners? Victoria, B.C. February 11, 2004. September 11, 2001. Public safety must be balanced
E N D
Biometrics & the Privacy Paradigm:Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security and Privacy: Friends, Foes or Partners? Victoria, B.C. February 11, 2004
September 11, 2001 Public safety must be balanced against privacy: • Security measures must be real, not illusory • New measures must be analyzed to determine their actual effectiveness and utility http://www.ipc.on.ca/userfiles/page_attachments/1517136_pub01-e.pdf http://www.cbc.ca/news/indepth/usattacked/essay_privacy.html
Privacy – What are the Issues? • Expanded surveillance • Diminished oversight • Loss of anonymity • Absence of knowledge or consent
Privacy Enhances Security Freedoms and liberties actually provide security. People living in open societies like the U.S. and the E. U. are more secure—as a whole—than people living in countries where surveillance and restrictions on personal actions are commonplace, and liberty and the rule of law are weak. Bruce Schneier, Beyond Fear, p. 246
Submission to the Standing Committee • Submission to the House of Commons Standing Committee on Citizenship and Immigration re: privacy implications of a National Identity Card and Biometric Technology – November 4, 2003 • Interim Committee report questioned the value of introducing a national ID card
National ID Card Issues • No business case justifying ID Cards • Enormous cost of design and roll-out • Security vulnerabilities: • high demand for access to associated databases • target for identity theft
National ID Card • Only one plausible rationale: U.S. requirements for biometric identifiers at border crossings by end of 2004 • Enhanced Boarder Security and Visa Entry Reform Act of 2002 • Canada presently exempted
Biometrics • Definition: The automated use of physiological or behavioral characteristics to determine or verify identity • Far from foolproof: myths abound, don’t believe the movies
The Myth of Accuracy • The problem with large databases containing thousands (or millions) of biometric templates: • False positives • False negatives
Biometric Applications Identification: • one-to-many comparison Authentication: • one-to-one comparison
Biometric Identification False Positive Challenge • Even with a 99.9% accuracy rate, everyone will have at least one false positive match • “The false alarm rate would overwhelm the system...” Bruce Schneier, Beyond Fear, p.253
The Fallacy of the Accuracy Re: Biometric Identification Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdf
Biometric Identification • False Negative Challenge: • Attackers could fool the system • Pay-offs high for compromising the system • Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably
Biometric Strength: Authentication The strength of one-to-one matches • Authentication/verification does not require the central storage of templates • Biometrics can be stored locally, not centrally – on a smart card, passport, etc.
Designing Privacy Into Biometrics • The Privacy Challenges: • Central template databases • Unacceptable error rates • Unrelated secondary uses
Final Thoughts on Biometrics • Current off-the-shelf biometrics permit the secondary uses of personal information • The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” – George Tomko • Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption
“I am not a number, I am a free man” “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone:(416) 326-3333 Web:www.ipc.on.ca E-mail:commissioner@ipc.on.ca