1 / 19

Biometrics and The Privacy Paradox

Biometrics and The Privacy Paradox. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004. Privacy – What are the Issues?. Expanded surveillance Diminished oversight

long
Download Presentation

Biometrics and The Privacy Paradox

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Biometrics and The Privacy Paradox Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004

  2. Privacy – What are the Issues? • Expanded surveillance • Diminished oversight • Absence of knowledge/consent • Loss of control

  3. Privacy Defined • Informational Privacy: Data Protection • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual • An organisation’s responsibility for data protection and safeguarding personal information in its custody or control

  4. OECD Guidelineson the Protection of Privacy and Transborder Flows of Personal Data • Collection Limitation Principle • Data Quality Principle • Purpose Specification Principle • Use Limitation Principle • Security Safeguards Principle • Openness Principle • Individual Participation Principle • Accountability Principle

  5. Growth of Biometrics • U.S. Border Security Enhancement Act • International Civil Aviation Organization approved facial recognition for travel documents • EU to implement biometrics in passports and visas • CANPASS and INSPASS programs • AAMVA Unique Identifier Working Group

  6. The Myth of Accuracy • The problem with large databases containing thousands (or millions) of biometric templates: • False positives • False negatives

  7. Biometric Applications Identification: • one-to-many comparison Authentication: • one-to-one comparison

  8. Biometric Identification: False Positive Challenge Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdf

  9. Biometric Identification • False Negative Challenge: • Attackers could fool the system • Pay-offs high for compromising the system • Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably

  10. Biometric Strength: Authentication The strength of one-to-one matches • Authentication/verification does not require the central storage of templates • Biometrics can be stored locally, not centrally – on a smart card, passport, travel document, etc.

  11. Designing Privacy Into Biometrics The Privacy Challenges: • Central template databases • Unacceptable error rates • Unrelated secondary uses

  12. Facial Recognition: the Dream “ Khalid Al-Midhar came to the attention of federal law enforcement about a year ago. As the Saudi Arabian strolled into a meeting with some of Osama bin Laden’s lieutenants at a hotel in Kuala Lumpur in December 1999, he was videotaped by a Malaysian surveillance team. The tape was turned over to U.S. intelligence officials and, after several months, Al-Midhar’s name was put on the Immigration and Naturalization Service’s “watch list” of potential terrorists. … The videotape of Al-Midhar also could have been helpful. Using biometric profiling, it would have been possible to make a precise digital map of his face. This data could have been hooked up to airport surveillance cameras. When the cameras captured Al-Midhar, an alarm would have sounded, allowing cops to take him into custody.” - Business Week, Sept. 13, 2001, p. 39

  13. Facial Recognition: the Reality • Test results in place show less than stellar results -Logan Airport pilot had a 50% error rate in real world conditions - U.S. State Department has stated that facial recognition has “unacceptably high error rates” - U of Ottawa tests this summer resulted in accuracy rates between 75% to more than 90% - National Institute for Standards and Technology, under ‘ideal lighting and controlled environment conditions’ reported 90% accuracy - Superbowl facial recognition no longer considered ‘useful’ by subsequent Superbowl organizers “Biometrics Benched for Super Bowl”  By Randy Dotinga, Wired Magazine

  14. Comparison of Accuracy Rates • NIST Studies show for single biometrics: Facial recognition: - 71.5% true accept @ 0.01 false accept rate - 90.3% true accept @ 1.0% false accept rate Fingerprint: - 99.4% true accept @ 0.01% false accept rate - 99.9% true accept @ 1.0% false accept rate

  15. Facial Recognition and Privacy Research • Confounding Facial Recognition systems: • Creating visual noise through: - Disguises, obstructions, light sources, face paint • Objective: - Creating a framework for facial recognition countermeasures • Results: - Research by James Alexander, U. Pennsylvania

  16. Biometrics Can BePrivacy-Enhancing, if they: • Have privacy hard-wired into the deployed technology • Authenticate personal credentials without necessarily revealing identity • Do not facilitate surveillance or tracking of an individual’s activities – avoid the use of template-based central databases • Put control of the biometric in the hands of the individual • Provide excellent security without compromising privacy

  17. Final Thoughts on Biometrics • Current off-the-shelf biometrics permit the secondary uses of personal information • The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” • Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption – Dr.George Tomko

  18. “I am not a number, I am a free man” “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968

  19. How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario, Canada M5S 2V1 Phone: (416) 326-3333 Web:www.ipc.on.ca E-mail:commissioner@ipc.on.ca

More Related