190 likes | 443 Views
Biometrics and The Privacy Paradox. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004. Privacy – What are the Issues?. Expanded surveillance Diminished oversight
E N D
Biometrics and The Privacy Paradox Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004
Privacy – What are the Issues? • Expanded surveillance • Diminished oversight • Absence of knowledge/consent • Loss of control
Privacy Defined • Informational Privacy: Data Protection • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual • An organisation’s responsibility for data protection and safeguarding personal information in its custody or control
OECD Guidelineson the Protection of Privacy and Transborder Flows of Personal Data • Collection Limitation Principle • Data Quality Principle • Purpose Specification Principle • Use Limitation Principle • Security Safeguards Principle • Openness Principle • Individual Participation Principle • Accountability Principle
Growth of Biometrics • U.S. Border Security Enhancement Act • International Civil Aviation Organization approved facial recognition for travel documents • EU to implement biometrics in passports and visas • CANPASS and INSPASS programs • AAMVA Unique Identifier Working Group
The Myth of Accuracy • The problem with large databases containing thousands (or millions) of biometric templates: • False positives • False negatives
Biometric Applications Identification: • one-to-many comparison Authentication: • one-to-one comparison
Biometric Identification: False Positive Challenge Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdf
Biometric Identification • False Negative Challenge: • Attackers could fool the system • Pay-offs high for compromising the system • Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably
Biometric Strength: Authentication The strength of one-to-one matches • Authentication/verification does not require the central storage of templates • Biometrics can be stored locally, not centrally – on a smart card, passport, travel document, etc.
Designing Privacy Into Biometrics The Privacy Challenges: • Central template databases • Unacceptable error rates • Unrelated secondary uses
Facial Recognition: the Dream “ Khalid Al-Midhar came to the attention of federal law enforcement about a year ago. As the Saudi Arabian strolled into a meeting with some of Osama bin Laden’s lieutenants at a hotel in Kuala Lumpur in December 1999, he was videotaped by a Malaysian surveillance team. The tape was turned over to U.S. intelligence officials and, after several months, Al-Midhar’s name was put on the Immigration and Naturalization Service’s “watch list” of potential terrorists. … The videotape of Al-Midhar also could have been helpful. Using biometric profiling, it would have been possible to make a precise digital map of his face. This data could have been hooked up to airport surveillance cameras. When the cameras captured Al-Midhar, an alarm would have sounded, allowing cops to take him into custody.” - Business Week, Sept. 13, 2001, p. 39
Facial Recognition: the Reality • Test results in place show less than stellar results -Logan Airport pilot had a 50% error rate in real world conditions - U.S. State Department has stated that facial recognition has “unacceptably high error rates” - U of Ottawa tests this summer resulted in accuracy rates between 75% to more than 90% - National Institute for Standards and Technology, under ‘ideal lighting and controlled environment conditions’ reported 90% accuracy - Superbowl facial recognition no longer considered ‘useful’ by subsequent Superbowl organizers “Biometrics Benched for Super Bowl” By Randy Dotinga, Wired Magazine
Comparison of Accuracy Rates • NIST Studies show for single biometrics: Facial recognition: - 71.5% true accept @ 0.01 false accept rate - 90.3% true accept @ 1.0% false accept rate Fingerprint: - 99.4% true accept @ 0.01% false accept rate - 99.9% true accept @ 1.0% false accept rate
Facial Recognition and Privacy Research • Confounding Facial Recognition systems: • Creating visual noise through: - Disguises, obstructions, light sources, face paint • Objective: - Creating a framework for facial recognition countermeasures • Results: - Research by James Alexander, U. Pennsylvania
Biometrics Can BePrivacy-Enhancing, if they: • Have privacy hard-wired into the deployed technology • Authenticate personal credentials without necessarily revealing identity • Do not facilitate surveillance or tracking of an individual’s activities – avoid the use of template-based central databases • Put control of the biometric in the hands of the individual • Provide excellent security without compromising privacy
Final Thoughts on Biometrics • Current off-the-shelf biometrics permit the secondary uses of personal information • The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” • Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption – Dr.George Tomko
“I am not a number, I am a free man” “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968
How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario, Canada M5S 2V1 Phone: (416) 326-3333 Web:www.ipc.on.ca E-mail:commissioner@ipc.on.ca