Privacy, Biometrics and DNA

In my field, one of the holy grails of proper authentication is finding a unique identifier for each and every user in a data processing system.   While the term 'user' is generally seen as applying to a person, it could also be more broadly applied; to a server, an application, et cetera.   While this search (for the Grail) is, generally, appropriate, I want to talk about the dangers that should be considered. This ‘blog entry is not meant as a technical guide. If you have more technical questions, ask me to help. I would be delighted.

The most common way to access data systems is the password.   Regardless of us calling it a password, a pin, or a secret, we use some sort of password everyday.  We all change our passwords from time to time (and not nearly as often as we should).   And sometimes we change these passwords because we have to. 

One of the reasons we may have to change our passwords is formally known as "unauthorized disclosure".  When we know of an unauthorized disclosure, we typically call our help desk, our bank, or our credit bureau This sometimes involves a degree of panic, an sometimes endangers our privacy, our work product, or our very safety.

Technical developments

Over the last few decades, and with rapid acceleration these last few years, biometric technology has been developed and introduced to augment, and in some cases replace, our password-based authentication mechanisms. While quite a bit has been written and shown in movies, biometric technology has typically remained out of the main-stream. The slow adoption of biometric technology has been mostly due to cost issues. For example, a decent biometric reader used to cost upwards of a $1,000 to install, with one or two needed per door. Imagine that cost for an entire building...

Biometric technology today exists in many forms. Some of these forms are easily understood, some are complex, and some simply sound far-fetched Let’s review some of these briefly:

1. Thumb (or finger) print recognition

2. Hand geometry analysis

3. Face recognition

4. Eye blood-vessel pattern recognition

5. Voice recognition

6. Facial bone-structure recognition

7. Keyboard typing speed analysis

8. Scent (smell) recognition, and

9. DNA analysis.

Items 1-5 above are favorites of many science fiction or thriller type TV and movie shows, and are thus the most familiar to the public. They are not, however,  the only ones used. The list above is not meant to be comprehensive. There are quite a few other technologies out there.

Developments in Security

Partially prodded by terrorist attacks, the legislatures of some countries are pursuing the idea that biometrics can guarantee uniqueness and heal all their authentication ills. They want to use a positive, one of a kind, biometric identification as a means to perfectly and uniquely identify a perpetrator of a crime – or of an innocent bystander.  While most countries do not have privacy laws preventing such a use (see my Privacy Law

You do not have flash or javascript support.

Average (1 vote)

Reply