Sunday, October 2, 2011

Biometrics: protection or violation? Part B

We'll now continue our previous post on biometrics. In this post we'll display the main disadvantages and concerns of biometrics. As stated in the previous post, the below isn't an opinion of Comsec.

First of all, a main concern is related to privacy issues. Many people believe that maintaining a biometric database in which different personal biometric attributes will be stored is a straightforward violation of their privacy. In this, they state that centralized control over these individual "assets" is a landslide waiting to happen. First, such a database gives control to autonomic organizations (at times) that may use these details for purposes other than security, and second, a security breach / leak may also expose these individuals to different violating actions. Privacy supporters are worried that databases that contain vast amounts of personal information will probably be used for purposes other than screening for airport security and to enforce immigration laws and regulations. Such purposes can be: pinpointing global positioning of individuals and different surveillance operations, minimizing a person's freedom.
Second, many find biometric interaction to also be violating. For example, having a retina scan for the purpose of identification makes some feel uncomfortable. These privacy advocates often claim that biometric systems are intrusive and that they do not enhance security much. To put it simply, security wise, the cons of biometrics overpower the pros.
We'll continue with a few more disadvantages:
1.       Biometrics devices and mechanisms are non-cancellable. Meaning, body parts that are damaged, cannot be as easily replaced like a password. This is why you have to enroll several attributes when activating biometric identification - different fingers, for example.
2.       System performance can also add to the advantages or disadvantages of a given biometric system. A system with a low "false accept rate" is beneficial and desired, the same goes for a system with a "false reject rate". However this performance isn't easily achieved, especially in different environments, such as field conditions, etc.
To sum things up, advocates of the topics above will probably feel empathy with Prof' Adi Shamir's quote:
"The government will give you full privacy, until they want information on you."