Public Venue Security 09/03: Biometrics Beat - Protecting Your Privacy and Identity

Protecting Your Privacy and Identity

By Oliver Tattan

Maintaining a healthy balance of privacy and stringent enterprise security standards without tipping the scale in either direction has been a sensitive and long-lasting struggle among security vendors and privacy advocate groups. Now, biometrics, a technology used for measuring and analyzing human body characteristics such as fingerprints, irises and voice patterns, has the means to end this age-old debate and provide a safe harbor for enterprise users worldwide.

Biometrics enhances privacy by protecting the identity of its users. Protection is executed by enrolling users into a biometric infrastructure, which assures their identity cannot be falsely duplicated. Unlike passwords, which can easily be shared, guessed or stolen, a user’s biometric identifiers never changes and empowers him with complete control of his own data. There is no way to reverse-engineer a biometric to find out who the user is, and it cannot be used to link records together. In fact, the technology, by definition, prevents it.

Biometrics encryption makes standard character encryption obsolete by replacing or supplementing the normal key characters with a user’s unique personal identifier. Without this biometrics key, the information is inaccessible. In other words, the only way the user’s identity can be pulled out of the database and applied to an application is by the user actually being present and putting his finger on a device.

Additionally, biometrics provides a clear audit trail if someone tries to obtain data from a record. This additional security layer allows the user to create a record to see who has looked at it. For example, if someone from the FBI, the INS or the IRS looks at the user’s file, biometrics leaves an ineradicable audit trail identifying who accessed the information. This feature reinforces the fact that biometrics is a privacy enhancer rather than a deterrent. Privacy is about keeping the user’s data with him at all times. Privacy can be enhanced by protecting data in a better way, either keeping it with the user or by creating a record of who looked at it.

Although the concept of privacy remains difficult to define, it is fair to say that many of the commonly perceived views regarding the sanctity of the right to privacy are at odds with the reality of the technological society in which we live, where the disclosure of personal information — such as bank numbers, addresses, age, etc. — is commonplace in modern daily life. Biometrics presents users the ability to protect and secure their privacy despite the ubiquitous nature of Internet and almost all forms of commerce.

While the debate revolving around all the many interpretations of privacy can linger forever, adoption of biometric security standards is an international order that needs to be taken seriously. More companies throughout a wide range of industries, including financial services, travel/transportation, public sector and pharmaceutical markets, have made biometrics integration a top priority. Enterprises are beginning to understand that privacy and security go hand-inhand and that biometrics enhances privacy by protecting the identity of users and making it virtually impossible to cheat the system.

Federal bodies worldwide are also starting to be cognizant of privacy by establishing sector-specific regulations and legislation to enable, support and ensure the effective rollout of biometric identity solutions. Although more and more federal bodies are beginning to work together on consolidating their citizens’ data for homeland security, the biometric enrollment process assures users that privacy will not come at the expense of security and vice versa. In fact, privacy can be safeguarded in that kind of environment by protecting one’s consolidated file biometrically.

The most significant U.S. legislation to date supporting biometrics is the Enhanced Border Security and Visa Reform Act, which was signed and approved by President George W. Bush on May 14, 2002. The law requires that all travel and entry documents including visas issued to aliens by the United States be machine-readable and tamperresistant and include a standard biometric identifier. In addition, it requires federal law enforcement and intelligence agencies to share data on aliens with the INS and the State Department. Although this is a significant step forward for biometrics adoption, the U.S. government will need to be aware of the privacy concerns of nonnationals and other jurisdictions, each with their own regulations. Insensitivity to this matter could result in certain other countries being reluctant to participate.

It’s no secret that today’s world presents issues for the scope and protection of individual rights that could not have been imagined even 30 years ago. Biometrics increases the relationship between security and privacy and allows global organizations to run smoothly in today’s high-tech era without network intrusion or interference. Embracing the use of biometrics in all areas will allow users to strengthen their grip of their identity while making it nearly impossible for outsiders to infringe on their privacy rights.

Oliver Tattan is the CEO of Daon Inc., a biometric-identity management company. Tattan drives Daon’s strategic direction and assesses emerging business opportunities. He is also responsible for building strategic relationships with Daon’s partners and clients. For more information, visit www.daon.com .