Biometrics is an interesting topic and privacy and security experts around the world struggle with how to utilize the unique opportunity it presents while protecting users. There are two hitches with biometrics.
One, we have no systems (yet) that are accurate 100% of the time. So implementers of biometric systems have to find the trade-off between false positives and false negatives. Secondly a biometric is, by definition, something you are which never changes. So if someone steals your biometric profile they have that unique unchangeable identifier. In contrast if someone steals your password you can simply change it.
Biometrics is something I personally hadn’t given much though to in a while but in the last couple of weeks a handful of stories caught my attention. While I can’t quite wrap them into a single theme I thought they were worth sharing, simply for the exercise of provoking some thinking on the topic.
The Canadian government is moving toward using biometrics to vet all foreigners entering the country. As a first step, it soon plans to require applicants for a visitor visa, study permit or work permit to submit electronic fingerprints and a photo before they arrive in Canada. The prints will be searched against Royal Canadian Mounted Police databanks.
This will allow authorities to quick check the identity of these individuals at the border. The news last week was that they are just realizing that biometrics are imperfect (duh) and are putting an appeal process in place. It’ll be interesting to see whether this works well, or if it ends up like the public relations catastrophe of the “do not fly” list here in the US.
While Canada is starting to collect a biometric database, India is busy building the world’s largest database. In contrast to Canada, where they are trying to prevent criminals from entering the country, India is trying to assist their poorest citizens. The intention of this project is to give the poorest segment of the population a means to identify themselves.
For a large section of India’s population the inability to prove their identity is a reality which leads to their marginalisation. Birth certificates and school certificates are not universally available. The UID project addresses this critical issue by providing a universal, nationally portable identity to millions of residents who hitherto had no access to a proof of identity or to services based on such proof.
This project will help ensure that benefits reach the correct beneficiaries, subverting corruption.
Typing as a Biometric
What would be the privacy implications if a computer system could identify you just by the way you type? This is something that Paul-Jean Letourneau explores in a recent Wolfram|Alpha post. The post itself is a technical recap of what Letourneau does to explore the possibility that a person could be identified by the way he types. It’s an interesting post, if you are into such things, but he does conclude that there are unique enough aspects to identify individuals from a small pool of candidates.
It’s interesting to consider how such a technique could be used. I guess it would be similar to the capabilities we have to devine the author a written document by the handwriting or grammar.
The future of identification and authentication will most certainly involve biometrics. Whether that is a good thing with regards to privacy and security remains an open question.
Ninja edit a day later… Facebook acquires Face.com. What do you get when Facebook buys a facial recognition company? Not much really since they already have facial recognition capabilities. Maybe they just want the domain.