One of the objections raised to the use of biometrics in an organisation is concern about the security of BioStore data while it is in use by an organisation. The following points attempt to address this issue:
- The BioStore database is stored on the organisation’s servers, not outside of the network.
- We would expect the organisation to apply the same level of physical security to biometric data as they do to other sensitive data held within the organisation.
- We would expect an organisation to destroy the records of individuals who have left the organisation.
- BioStore uses AES256 encryption – a US Government and worldwide encryption standard. This also applies to communication between different parts of the BioStore system.
- Each organisation has a unique key that is used for encrypting the database, so a database cannot be transferred to another system and viewed.
Another objection is caused by concern as to whether an identity thief, having stolen a BioStore database, may be able to reconstruct fingerprint images and use them to commit identity fraud.
- Because only certain points of a fingerprint are recorded, it would only ever be possible to recreate a partial fingerprint image.
- In order to recreate a partial fingerprint image, you would have to be able to decrypt the template data, have access to the template algorithm to be able to interpret the numerical string that is generated, and have a method of generating an image from the data.
- The important point in this scenario is that having an image of a fingerprint (partial or otherwise) is not much use anyway. The fingerprint scanners supplied by BioStore use ‘live finger detection’ technology, which can detect fake fingerprints. This technology will continue to develop and become even more sophisticated.
- It is worth noting that other institutions that use fingerprint technology are unlikely to rely on a single method of identification. This would certainly apply if banks were to adopt fingerprint technology. They would use (as they do now) multi-factor authentication and probably a mixture of biometrics (such as facial recognition, finger vein or iris scans), and ‘changeable’ data such as PIN and security codes, passwords and signatures. Should there be any suspicion that the integrity of a person’s fingerprint as a secure means of authentication has been compromised, it would be possible to use other methods of identification or even just different fingers.
If, in the future, there were significant concerns that fingerprint data had been or could be reverse engineered in such a way that it were possible to trick a fingerprint scanner, fingerprint recognition would be invalidated as a secure form of identification and would not be used in secure environments, such as banks.
Even if this was possible, reverse engineering template data is a very labour intensive way of getting a partial fingerprint image. It is possible to lift someone’s fingerprints from items they have touched.
The issue is not that of being able to obtain a fingerprint image, but that it is not a lot of use once you have it.
Another common objection is that fingerprint templates could be used in forensic investigation.
- At best, partial fingerprint images could be used to inform a police line of inquiry. Fingerprint images obtained from BioStore have never, and will never be used as admissible evidence in a court of law.
- When considering issues relating to banking and forensic investigation, it is worth noting that the false acceptance rate is approximately 0.00001%, or 1 in 100,000. This is low enough to give a very accurate and secure system within an organisation such as a school, but is not accurate enough to be able to pinpoint somebody within the wider population.
Although it is possible to change a signature, people rarely do. Signatures are on record at the passport office, the DVLA, banks etc. They are written or printed on driving licences, passports, letters, cheques and bank cards and could be copied should these items fall into the wrong hands. The reason that this is not a complete security disaster is similar; a photocopy of a signature is not an accepted secure identification method. A pen-and-ink signature is required in any secure context, and because multi-factor authentication in some shape or form is usually in operation, other proof of identity is also required alongside the signature.
Your face is a biometric form of identification and it is not changeable. Your face is recorded in a large number of places – Management Information Systems, passports, driving licences, CCTV footage, social networking sites, etc. In some cases you have given your permission, and in other cases you have not. Facial recognition may be used as a method of authentication in the future, so it is worth considering why we don’t (generally speaking) have the same reservations about images of our faces being recorded and stored in the same way that we do with our fingerprints.