Professional Documents
Culture Documents
Innovya R&D
Adopting the above traceless guidelines, using real-time reactive authentication process
or method for the current biometrics authentication systems will present an efficient and
friendlier authentication solution. Obviously, privacy is an issue, which is potentially
solved, Biometric scan as is necessary for a function or activity to authenticate the subject
should be sufficient. The new traceless authentication systems should after the
authentication process, dismiss all the biometric information or traces from the scanning
devices and must not use any storage systems or leave unique information behind.
One of the main logical paradoxes, governments needed to address with the current
biometrics is, traceable biometrics are clonable...all our data – fingerprints, body parts,
personal characteristics and imaging can be exploited by businesses or criminals [3]. How
do you replace your finger if a hacker figures out how to duplicate it?[4] If your biometric
got exposed, theoretically you will never be able to prove you are who you say you are or
more unfavorable situation, prove you are not who you say you are not. The subject is
always carrying his biometrics with him, why then unique biometrics information, should
be collected and stored in databases [5] or smart cards, or other external devices, in order
to make it useful?
[6]
Many body parts, personal characteristics and imaging methods have been suggested
and used for biometric systems: fingers, hands, feet, faces, eyes, ears, teeth, veins, voices,
signatures, typing styles, gaits and odors. A fingerprint for example is a biometric, which
if compromised (i.e. obtained in an unauthorized manner) cannot easily be controlled by
the individual. An unretouched or altered photograph of a face and a physical signature
are biometrics, which can be checked using the eyes and experience of the verifier. These
biometrics have been in use routinely and efficiently throughout human history. The use
of automation to authenticate people is new and is being tested on consumers without
precautions regarding their privacy.
The following fact remains: there are no legal restrictions on biometrically identifying
information, or biometric authentication systems. However: there are severe restrictions
on collecting, creating, maintaining, using, or disseminating records of identifiable
personal data. One immediate conclusion that we should draw is that biometrics
authentication must be traceless.
If unique biometric properties are stored somewhere, for example on a smart card or on a
computer system, either if it is stored in an encoded, scrambled or ciphered form, it is still
a unique biometric identifier[16]. Once a unique biometric identifier has being stored
anywhere, at any time, on any external[17] media (including media that is associated with
the boundaries of the individual, such as a smartcard held by the individual), the privacy
of that biometric property owner is violated or can easily be violated. As noted
previously, exposing or losing a biometric property is a permanent problem for the life of
the individual[18], as there is no way to cancel the physiological or behavioral
characteristics of the individual. Biometric technology is inherently individuating and
interfaces easily to database technology, making privacy violations easier and more
damaging.[19]
Privacy fears are justified not only in the context of identifiable fingerprints of the kind
commonly used by the police, where there is centralized retention. A fingerprint, and the
broader family of biometrics, offer irrefutable evidence of one’s identity since they are
unique biological characteristics that distinguish one person from another, and that
mistakenly can be linked to one individual which is NOT necessarily the original
biometric presenter or the rightful owner of the unique biological characteristics!!.
References
1. “System and method for traceless biometric identification”, A device, system and
method for identifying an individual with a biometric identifier that at least one
other individual in a given population has the identical biometric identifier. The
biometric identifier according to the present invention, also referred to herein as a
“BIdToken”, is implemented to be biometrically traceless, such that an exact
image or copy of the biometric information is preferably not maintained by the
present invention. Shafir (Micha) Michael et at, 2006.
2. Cancelable Biometrics - Wikipedia
(http://en.wikipedia.org/wiki/Biometrics#Cancelable_Biometrics)
3. ^ Proposed biometric ID cards won't prevent fraud or terrorism (IEEE Spectrum,
Jan 2006)
4. How to fake fingerprints? October 26, 2004 (starbug) Simple instructions how
copy and fake fingerprints
(http://www.ccc.de/biometrie/fingerabdruck_kopieren?language=en)
5. ACLU - The government and corporations are aggressively collecting information
about your personal life and your habits.(http://www.aclu.org/pizza)
6. (WO/2008/001373) SYSTEM AND METHOD FOR TRACELESS BIOMETRIC
IDENTIFICATION - BACKGROUND, Shafir et al, 2006
(http://www.wipo.int/pctdb/en/wo.jsp?IA=WO2008001373&WO=2008001373&
DISPLAY=DESC)
7. FAIR INFORMATION PRACTICES - Robert Gellman
(http://bobgellman.com/rg-docs/rg-FIPshistory.pdf)
8. Introduction to Fair Information Practices - Pam Dixon
9. Ethical and Legal Requirements Associated with Data Dissemination
10. Economic aspects of personal privacy
11. Information Technologies and the Shifting Balance between Privacy and Social
Control
12. THE PRIVACY ACT OF 1974, "Records maintained on individuals
" (http://www.usdoj.gov/oip/privstat.htm)
13. Personal Privacy in an Information Society: The Report of the Privacy Protection
Study Commission
14. Privacy and Accuracy of Personal Information
15. Technology and Privacy: The New Landscape By Philip E. Agre, Marc Rotenberg
16. Biometrics from a legal perspective (Dr. Ronald Leenes TILT - Tilburg Institute
for Law, Technology, and Society)
17. U.K. researchers devise smart-card hack - Tom Espiner ZDnet 2007
(http://news.zdnet.com/2100-1009_22-6156601.html)
18. Bank loses tapes with data on 4.5M clients - Brian Fonseca, Computerworld
(http://www.computerworld.com/action/article.do?command=viewArticleBasic&
articleId=9091318&source=NLT_PM&nlid=8)
19. Computers and new information technologies have greatly increased the power of
surveillance by government and large corporate entities, Douglas Kellner -
University of Texas at Austin