Do you trust the management of the great big MegaFudCorp to safeguard your personal information? Well, we give such companies our credit- or bank-card information all the time — so what’s the big deal with a little bit of biometric data? The difference is that you can
cancel your credit card, but your unique biometric data changes slowly (or doesn’t ever change) — and once someone has it, there’s no way to make it invalid. Although it’s easy for organizations to acquire information, it’s quite another matter to completely purge that same information.
cancel your credit card, but your unique biometric data changes slowly (or doesn’t ever change) — and once someone has it, there’s no way to make it invalid. Although it’s easy for organizations to acquire information, it’s quite another matter to completely purge that same information.
This concept is really at the heart of several battles over biometric identification
systems proposed everywhere. From the perspective of the person or company
collecting biometric information to identify or authenticate you, it’s the same as
a password or a challenge response. (You know the typical gambit: “What’s your
mother’s maiden name?”) For you, it’s potentially a key to your finances, front
door, and medical records all rolled into one — which can never be recalled or
changed if it’s stolen. No surprise if you consider this data critical to protect —
but it would also be no surprise if MegaFudCorp didn’t consider it nearly that
critical.
Proponents of using biometrics have good arguments for why this isn’t as big a
problem as it may sound — especially for the most widely used technology, fingerprints.
Fingerprint-identification systems almost never actually store a fingerprint
in its entirety; instead, they only store a few data points that correspond
with the representation of minutiae that the system chose as best for identification
purposes. Since you don’t have the actual picture of a fingerprint, the theft
of the fingerprint data isn’t a problem, right? With fingerprints, a hash of the
print data is all that’s really required for authentication, but identification really
requires the whole print to be available since a one-to-many match can require
additional analysis. A hash function takes relatively complex information (like
your fingerprint information) and turns it into an integer (the hash) which can
be used as an index — in this case, an index into a biometric database.
Without the original fingerprint image, you couldn’t re-create a fingerprint
that would fool a human examiner for long, but theoretically you could create
a bogus print that would fool the specific system that collected the data.
Since you know what it’s looking for, that’s all you really need to re-create.
For most of the other forms of biometric information, a lot more detail is captured
and stored, but they are in turn far harder to imitate or falsify. For those
forms, though, possession of the information is the direct harm to your privacy.
There’s no good reason anyone that you haven’t shared it with should know
about the vein structure of your hand or the metal pin in your index finger
No comments:
Post a Comment