Sunday, January 15, 2012

Biometric security

Thanks to gangster movies, cop shows and spy thrillers, people have come to think of fingerprints and other biometric means of identifying evildoers as being completely foolproof.

In reality, they are not and never have been.
And few engineers who design such screening tools have ever claimed them to be so.

Yet the myth has persisted among the public at large and officialdom in particular.

In the process, it has led—especially since the terrorist attacks of September 11th 2001—to a great deal of public money being squandered 
And, worse, to the fostering of a sense of security that is largely misplaced.

Authentication of a person is usually based on one of three things: 

Something the person knows, such as a password.
Something physical the person possesses, like an actual key or token
Or something about the person’s appearance or behaviour.

Biometric authentication relies on the third approach.

Its advantage is that, unlike a password or a token, it can work without active input from the user.

That makes it both convenient and efficient.
There is nothing to carry, forget or lose.

The downside is that biometric screening can also work without the user’s co-operation or even knowledge.

Covert identification may be a boon when screening for terrorists or criminals
But it raises serious concerns for innocent individuals.

Biometric identification can even invite violence.

A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock.

Another problem with biometrics is that the traits used for identification are not secret.

But exposed for all and sundry to see.

People leave fingerprints all over the place.

Voices are recorded and faces photographed endlessly.

Appearance and body language is captured on security cameras at every turn.

Replacing misappropriated biometric traits is nowhere near as easy as issuing a replacement for a forgotten password or lost key.

In addition, it is not all that difficult for impostors to subvert fingerprint readers and other biometric devices.
So no biometric devices are not fool proof.
Nor are they the answer to many security issues.

No comments: