90 likes | 205 Views
“Lessons for Biometrics from SSNs & Identity Fraud”. Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005. Overview. Theme for today: Learn from SSNs & identity theft problems “Don’t release the keys”, in cryptographic systems or in biometrics
E N D
“Lessons for Biometrics from SSNs & Identity Fraud” Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005
Overview • Theme for today: • Learn from SSNs & identity theft problems • “Don’t release the keys”, in cryptographic systems or in biometrics • Proposal: law to prohibit the selling or sharing of individuals’ biometrics • Prevent loss of the keys that breed fraud
Swire Background • Now law professor at Ohio State • Teach computer security, privacy, cyber • Consultant, Morrison & Foerster • Was Chief Counselor for Privacy, OMB • 1999-early 2001 • Worked to fund CSTB study on authentication and privacy; discussed biometric study
Problems with SSNs • Technically weak identifier • No check sum • Easy to fake or to steal • Uses have spread dramatically over time • Despite earlier promises to use only for federal programs • Nonetheless, SSN is now the “key” information that gives access to credit system and authoritative credentials • ChoicePoint incident & data compromised for at least 145,000 persons
Algorithms and Keys • Modern crypto • Kerchkoff’s law and assume the algorithm should be public • Keep the key/password secret • If the key is copied/compromised, the system is wide open • Especially for online/remote applications • Also for fake drivers license • “A Model for When Disclosure Helps Security: What Is Different About Computer and Network Security?”, at www.ssrn.com
How to Prevent Loss of Keys • For SSNs, perhaps law this year prohibiting “sale or display” of SSNs • Goal of enhancing the security of the “keys” • For biometrics, why not have a law prohibiting the “sale or display” of plaintext of biometrics? • Goal of enhancing the security of the “keys”
Benefits of the No Display Law • Prophylactic rule, before have commercial enterprises who depend on the sale or display • Keep the keys more secure from the start • Bad enough to get a new SSN • Much harder to get a new finger, iris, etc. • Encourage encryption in storage and use of images of fingerprints, etc. • [Interlude – best practice should be to encrypt biometrics in storage]
Exceptions to the Law • Photos • Many non-security uses of photos • Faces are seen in public • DNA samples • When is transfer appropriate for medical treatment or research? • Burden on others to explain why the biometric “keys” should be made public
Conclusion • One-time opportunity for society to protect biometric keys before they are compromised • Let those who think display or sale is good explain precisely why, and craft exceptions • Without clear law, we will see proliferation of disclosures, in insecure applications • Without encryption, will have data leaks • If so, biometrics could become a failed approach, like SSNs today