Will I know when and how my biometric has been used?

This is related to the covert use of biometrics (see “Can my biometric be collected
covertly?” previously), and to functional creep in applications. It is important to realise
that authentication does not necessarily imply consent, and it is consent which is the
issue of concern here. Any application could be affected though the concern will grow
with wider deployment of biometric systems and the opportunities and motivation for
sharing biometric data increase.
It is unlikely that biometric applications using different technologies could share
biometric data between them which will act as one limiting factor. Depending on future
template and image standards, applications using similar technologies from different
vendors may or may not be able to share data. The desire for integration and
interoperability of biometric systems is likely to grow and will act as a driver for
standardisation.
Functional creep and data sharing are not concerns that are limited to biometric
systems. They are common experiences in the modern world with interconnection of
systems, and address and lifestyle information is routinely traded as marketing
commodities. Biometric data may therefore be seen as just one more example, but its
intrinsically personal nature coupled with its role in defining and authenticating identity
may render it peculiarly sensitive.
Biometric Security Concerns produced for the UK Biometric Working Group. Last updated September
2003
22
This is likely to become an increasing problem with the growth in use of biometrics for
authentication. With the widespread use of networked applications, the opportunities
for sharing data will increase and controls will be harder to enforce.
Solutions
Legal and procedural constraints are the first line of defence against functional creep
and covert capture. The Data Protection Act requires that applications storing and
processing personal data adhere to the principles and that the purpose and operation
of the system is declared, not only to the Information Commissioner, but also to the
users. Changes in functionality are not allowed unless approved by the resubmission
and registration of the system.
Audit trails can provide users with evidence of proper implementation of the system
privacy policy and any violations that may have occurred.
Technology can provide solutions by cryptographic binding of templates to specific
applications, but successful employment will also depend on strict procedural
enforcement. It should be noted that, typically, biometric data will exist (transiently) in
clear form within the biometric system to allow the matching process to take place.

Related posts

• Does using biometrics increase likelihood of capture, coercion or (0)
• Biometrics should only be stored on smart-cards (2)
• Template integrity and confidentiality are distinctly different (0)
• Does publicising countermeasures make the systems less secure? (1)
• Can my biometric be stolen? (2)