I do find it a bit ironic that the same Senator Schumer seeking to force Facebook to change its privacy policies – rightly so I might add - is simultaneously leading the push in Congress to require all Americans to have national ID cards.

The concept for a National ID Card with biometric identifiers – like fingerprints, facial, and/or iris scans – is being proposed for inclusion in the coming immigration reform legislation. There are a number of reasons why this concerns me, most notably the fact that its part of much larger pattern of government expansion of power through increasingly intrusive assaults on our civil liberties. All of course, in the name of keeping us safe, and protecting us usually from one kind of brown person or another. Now, instead of pandering to those afraid of “terrorists” on every street corner, this seems to be pandering to those unduly afraid of the “illegal immigrant threat”.

Consider, biometrics technology is the computerized matching of an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file (often called a sample), and compares it to the original template or tries to find a match in its database. Because every sample is a little different, biometrics really asks whether the sample is similar enough to the template.

So let’s be real clear, creating a database with 100′s of millions of facial scans and thumbprints raises a host of surveillance, tracking and security questions, and consumer hassles with the DMV - never mind the enormous cost.

Privacy expert Bruce Schneier recently pointed out some of pro’s and con’s of a biometric based ID:

Biometrics can vastly improve security, especially when paired with another form of authentication such as passwords. But it’s important to understand their limitations as well as their strengths. On the strength side, biometrics are hard to forge. It’s hard to affix a fake fingerprint to your finger or make your retina look like someone else’s. Some people can mimic voices, and make-up artists can change people’s faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they’ve touched, and posted them on the Internet. We haven’t yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they’re not secrets.

And a stolen biometric can fool some systems. It can be as easy as cutting out a signature, pasting it onto a contract, and then faxing the page to someone. The person on the other end doesn’t know that the signature isn’t valid because he didn’t see it fixed onto the page. Remote logins by fingerprint fail in the same way. If there’s no way to verify the print came from an actual reader, not from a stored computer file, the system is much less secure.

…

A more secure system is to use a fingerprint to unlock your mobile phone or computer. Because there is a trusted path from the fingerprint reader to the stored fingerprint the system uses to compare, an attacker can’t inject a previously stored print as easily as he can cut and paste a signature. A photo on an ID card works the same way: the verifier can compare the face in front of him with the face on the card.

Fingerprints on ID cards are more problematic, because the attacker can try to fool the fingerprint reader. Researchers have made false fingers out of rubber or glycerin. Manufacturers have responded by building readers that also detect pores or a pulse.

The lesson is that biometrics work best if the system can verify that the biometric came from the person at the time of verification. The biometric identification system at the gates of the CIA headquarters works because there’s a guard with a large gun making sure no one is trying to fool the system.

…

One more problem with biometrics: they don’t fail well. Passwords can be changed, but if someone copies your thumbprint, you’re out of luck: you can’t update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you’re stuck. The failures don’t have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities.

Biometrics are easy, convenient, and when used properly, very secure; they’re just not a panacea. Understanding how they work and fail is critical to understanding when they improve security and when they don’t.

So, from Schneier’s perspective, it does seem that requiring ALL AMERICANS to carry these, particularly with the fingerprint or the iris as the biometricidentifier, doesn’t make much sense, and poses a significant threat to onesidentity being stolen – not protected.

The Consumer Federation of California joined with the ACLU and a host of other organizations to oppose the transition to biometric drivers licenses here in California not long ago. Some of the privacy concerns we raised during that debate include:

Right to Privacy – Personal Freedom and Security

o Whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes are the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

o The Creation of Dossiers about Individuals and their Activities: Where a biometric identifier is used as a unique identifier to catalogue personal information about an individual, it would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Threat to Anonymity and Anonymous Speech: Unless current law is changed, the biometric thumbprints and facial scans from the DMV will be used in criminal investigations, and as public and private surveillance cameras become more ubiquitous, the likelihood rises of using facial recognition to identify andsurveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

o What is the “bang for the buck” that California (or in this case the US) would get from undefined changes being proposed in the nature and use of these biometric databases? How much is the whole system going to cost? How much would be borne by the state, how much would be borne by individuals?

We do know that creating biometric database systems (facial image and thumbprint) will be very costly, and even more costly to do correctly (in addition to the technology, staff needs be trained, and there must be technical and due process protections in place to ensure that people’s licenses are not wrongly denied or taken away because of an error).

The Legislative Analysts Office raised their own privacy concerns,particularly regarding whether the data would be stored by a private vendor, and whether states that have experienced a 5-10 percent reduction in fraud using biometrics is necessarily relevant to state’s that already have secure cards and issuance processes. In other words, the Legislature (or Congress in this case)would need to assess costs of implementing a biometrics system in light of the cost of implementing other solutions and the actual number of fraudulent IDs prevented.

EFF, in its opposition to this concept as a component of PASS ID (a slightly scaled back version of REAL ID), wrote:

Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure “real” drivers’ licenses. PASS ID creates new risks — it calls for the scanning and storage of copies of applicants’ identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data,prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database.

…proponents of the national ID effort seem blissfully unaware of the creepy implications of a “papers please” mentality (think Arizona) that may grow from the issuance of mandatory federal identification cards.

Do we really want to create a multibillion-dollar program – at a time of economic recession and growing deficits – that enhances opportunities for identity theft, turns state motor vehicle departments into arms of U.S. Immigration and Customs Enforcement and will almost certainly lead to harassment of immigrants, legal or otherwise?

It would also complicate efforts by some states to issue driver’s licenses to illegal immigrants, because such licenses would require special markings to signal that the bearer is here illegally. Sensible measures to enforce our immigration laws is one thing, but anything that discourages undocumented immigrants from getting driver’s licenses endangers all drivers on the road and raises insurance costs for everyone.

So if we put everything into that one document – make it the be-all and end-all of identification for most Americans – what might we have? An invasion of ordinary citizens’ privacy and phony documentation in the hands of identity thieves and potential terrorists that we believe too readily is authentic.

Let’s remember too the state reaction to REAL ID, with at least 42 states have considered anti-Real ID legislation, and another 25 states have enacted anti-real ID bills or resolutions, and fourteen of those states have passed binding legislation prohibiting participation in the Real ID program. Six more states have already passed resolutions or statutes in 2009.

Imposing a first-ever national identity card system, even if just for employment, would violate privacy by helping to consolidate data and facilitate tracking, and over time its use will almost certainly expand to cover other activities necessary to participate in society.

Here’s a couple clips from an article in United Press International this week:

On a five-year timetable the biometric cards would replace Social Security cards and would be used to prove eligibility for employment. Card scanners would be issued to all U.S. employers. The cards would at least have the capability of being linked to a central data system.

Like all controversial government programs, the proposed national ID card has an innocuous name: When Senate Democratic leaders unveiled the new program last month they called it Biometric Enrollment, Locally Stored Information and Electronic Verification of Employment – or “Believe,” for short.

…

The difference would be in the biometric information and the universality of the employment requirement. However, the opportunities for abuse by unscrupulous government employees are obvious.

The proposal rang alarm bells at the American Civil Liberties Union in Washington. While criticizing several aspects of proposed immigration reform, the group is concentrating its criticism on the ID cards.

“If the biometric national ID card provision of the draft bill becomes law, every worker in America would have to be fingerprinted and a new federal bureaucracy — one that could cost hundreds of billions of dollars — would have to be created to issue cards,” the organization said in a statement. “The ACLU strongly opposes the inclusion of a biometric national ID in this or any comprehensive immigration reform bill and urges senators to reject such an ID card.”

In his own statement, Christopher Calabrese, ACLU legislative counsel, said: “Creating a biometric national ID will not only be astronomically expensive, it will usher government into the very center of our lives. Every worker in America will need a government permission slip in order to work. And all of this will come with a new federal bureaucracy — one that combines the worst elements of the (Department of Motor Vehicles) and the (U.S. Transportation Security Administration). America’s broken immigration system needs real, workable reform, but it cannot come at the expense of privacy and individual freedoms.”

Click here to read more.

So my position is clear. What I particularly don’t like about it is the pattern for which it is a part of…a pattern of deteriorating privacy, increasing government and corporate powers and authority, and the expanding number of ways in which “security” and “safety” are used to scare people into giving up those very things.

If nothing else, before anything remotely like this becomes law, I would like to see an open, vigorous debate, and if the public goes and the legislature truly goes for it, then a series of steps need to be taken to implement it in a way that is fair, reasonable and secure.

Posted by CFC at Thursday, May 13, 2010

Issues Corporate Accountability, Data Protection, Government Surveillance, Records Privacy, Social Security Numbers

WRITTEN BY: ALEX NEWMAN

Dilemma

The Government(s) intend to use Biometrics as an ultimate authentication tool, can they let the private sector use, collect or even share “Governmental” Biometric records?

Are they wonder whether companies will sell biometric data of our body parts the way they sell email addresses and phone numbers?

A bipartisan group of U.S. Senators is teaming up with the Obama administration to legalize illegal immigrants and require biometric national ID cards for every American worker, prompting a swift and bipartisan backlash across the nation.

The proposal would unconstitutionally force nearly all Americans to obtain the new “tamper proof” Social Security cards while purporting to require that all employers purchase new $800 ID scanners. It would also provide a “path to citizenship” for the estimated 12 million to 20 million illegal immigrants currently living in America.

Led by Republican Senator Lindsey Graham of South Carolina and Democratic Senator Charles Schumer of New York, pro-amnesty and national ID legislators have already started the public relations campaign to build support for the “new and improved” version of “comprehensive immigration reform.” In a column published by the Washington Post entitled “The right way to mend immigration,” the two architects provided a superficial glimpse at their agenda. And though the piece is lacking in details, it reveals a dangerous agenda that Americans must oppose in order to maintain freedom.

“Our plan has four pillars: requiring biometric Social Security cards to ensure that illegal workers cannot get jobs; fulfilling and strengthening our commitments on border security and interior enforcement; creating a process for admitting temporary workers; and implementing a tough but fair path to legalization for those already here,” wrote Graham and Schumer. “We would require all U.S. citizens and legal immigrants who want jobs to obtain a high-tech, fraud-proof Social Security card.”

The national ID cards would include a “unique biometric identifier,” according to Graham and Schumer. Some of the likely candidates include finger prints, retinal scans, or even the layout of a person’s veins in the top of their hand. Employers who refuse to “swipe the card” would face “stiff fines” and “prison sentences,” the Senators noted. “Our blueprint also creates a rational system for admitting lower-skilled workers,” they added.

President Obama promptly signaled his approval and pledged to “act at the earliest possible opportunity.” The White House released a statement noting that the President would do everything in his power to push the issue, and Obama called the Schumer-Graham proposal “a promising, bipartisan framework which can and should be the basis for moving forward.”

After the Democrats recent success in ramming through the wildly unpopular health care “reform,” analysts suggested the “momentum” from that victory could help Obama and the Democrats in their efforts to pass a variety of legislation – including immigration “reform.” And despite broad opposition by a majority of Americans, the agenda marches forward.

But the proposals are already meeting fierce resistance from legislators, citizens and non-profit groups. “This so-called comprehensive immigration reform really means amnesty for the 10 to 20 million illegal immigrants in America today,” explained Republican Representative Brian Bilbray of California, the chairman of the House Immigration Reform Caucus. “What part of the word ‘illegal’ doesn’t the president understand?”

Congressman Ron Paul’s Campaign for Liberty sent out an e-mail to supporters vowing to battle the proposal as well, warning that it was a “statist’s dream” and that the immigration issue was being used as “cover” for an even bigger agenda.

“Instead of controlling the border and enforcing the rule of law, these statists want to control you,” explained the group’s president, John Tate. “Allowing our government to have this much ‘prying power’ in our lives will ultimately result in the TOTAL loss of freedom.”

Tate noted in the letter that this sort battle often determines whether a country will remain free or descend into tyranny. “You see, once ‘well-meaning’ government bureaucrats know exactly how we live our lives, it won’t be long until they try to run them,” added Tate. “In fact, it will only be a matter of time until they spend their workdays making sure you and I don’t go anywhere we ‘shouldn’t,’ buy anything we ‘shouldn’t,’ read anything we ‘shouldn’t,’ eat anything we ‘shouldn’t’ or smoke anything we ‘shouldn’t.’”

In the media, commentators have also blasted the proposal. “Graham’s [Republican In Name Only] tactics will enable the President to turn illegal aliens into documented Democrats.  And in the process, hand the Federal Government yet another way to monitor and control our lives,” explained Roger Hedgecock in a piece for Human Events. “Opposition to this tyranny will come from all parts of our divided political spectrum,” he predicted.

And indeed, even the liberal American Civil Liberties Union is gearing up to fight the “bipartisan” effort. “It is fundamentally a massive invasion of people’s privacy,” said Chris Calabrese, the ACLU’s legislative counsel. “We’re not only talking about fingerprinting every American, treating ordinary Americans like criminals in order to work. We’re also talking about a card that would quickly spread from work to voting to travel to pretty much every aspect of American life that requires identification.”

These amnesty and biometric national ID proposals are dangerous for a lot of reasons. And this battle is a crucial one. The Social Security cards will quickly go from being required to work — which is bad enough itself — to being needed for everything imaginable, from health care to everyday purchases. But the problem is not a lack of biometric ID cards for the serfs; it is the wide open Southern border and the unconstitutional incentives encouraging illegal immigration.

Legalizing the tens of millions of illegal immigrants will harm America on several fronts. Not only does it send a loud message that the rule of law means nothing (except if it furthers statist aims), it will also fundamentally alter the voting dynamics of America. The true solution to the illegal immigration crisis is to stop providing perks like welfare to law breakers, and to properly police the border and defend the states from invasion.

Citizens must unite to defeat this effort. If Obama and his allies like Senator Graham manage to force this monstrosity on the American people, the last remaining semblances of freedom will be in critical danger. Americans already said no to amnesty under former President George W. Bush. Why would adding an unconstitutional national ID scheme with biometric data make it any more desirable? This is not the “change” people voted for, and it must be opposed.

Photo of Senators Schumer (left) and Graham: AP Images

By Jennifer Carlisle

A national biometric database in place of our current flawed identification systems could prevent the loss of liberty and autonomy.

Defending the privacy of our personal data has become more challenging since September 11. Our lives are already tracked and measured in so many ways and our identities can be stolen and abused so easily that the addition of biometric identifiers, as being implemented this year in Hong Kong, seem like the proverbial “last straw.” Paradoxically, a true national biometric identification system may hold the key to guaranteeing and protecting our rights to privacy. A single national biometric database, replacing the currently flawed systems used for drivers’ licenses, Social Security and passports, may be the best way to protect our privacy and enable us to regain control over who tracks us and who gets access to what data about us.

While writing an honors thesis at USC, I conducted a year-long research study on personal data privacy. Neither legislation nor technology seemed to offer a solution that was both feasible and acceptable to all parties. Most special interests in this country favor weak legislation, and new “security technology” tends to facilitate invasion of privacy rather than its protection. I first examined in detail the EU Privacy Directive and various US responses and then focused on the privacy aspects of the 2001 HIPAA legislation. No major breakthroughs or improvements seemed likely.

As my research progressed, I realized that one of the greatest threats to privacy is flawed security of information, which is compounded by our inability to reliably identify individuals. The fundamental flaws in our identification system allow personal data to be incorrectly correlated, accessed by individuals without the proper clearance and, worse, for others to pretend to be someone they are not. I realized that a significant improvement in personal privacy could be achieved by fundamentally improving the way we identify ourselves. Instead of relying on passwords, tokens, smart cards and other identifiers, which can easily be stolen or forged, we need to be able to identify ourselves based on biometrics (i.e., the use of physical or behavioral characteristics such as fingerprints, iris scans, voice signatures, face scans, etc).

Since the terrorist attacks on the World Trade Center and the Pentagon, there have been numerous proponents of biometric identifiers. But if we have many systems (e.g., DMV, INS, criminal system, airports, sports arenas, schools and Social Security — all of whom now propose to begin using such identifiers in parallel) then who is to say which is the correct identifier and who is to validate the accuracy of the ID databases? I am loath to trust the DMV and airport security to verify identities.

I came to realize that the greatest risk to society is not the creation of databases — many of which are essential to our modern lifestyles; rather it is the inadequate protection of data. This led me to a paradox; that our privacy can be better protected though the creation of a universal biometric identification database and that our privacy is far more likely to be compromised by the current plethora of poorly managed, decentralized identity databases. Most Americans have already contributed data to dozens of databases and we are enticed daily to sign away our rights to protect those data. Concealing our identity is not really an option. Rather, the first step in privacy protection is to provide a means of absolute identification, thereby preventing others from impersonation and identity theft. The second step is to overhaul the laws protecting the data collected about us and the third step is to improve cyber security.

There is a great fear of databases by privacy experts due to the increasing access of corporations, the government, hackers and criminals to our personal data. While some of this access is legitimate, in many cases, data can be misused for unauthorized secondary purposes. Corporate and government abuse can be prevented by stronger laws limiting the use of personal data and by better enforcement of these laws. The European Union has passed a comprehensive Privacy Directive, with which US firms must comply when doing business there. The US has adopted a similar model in recent HIPAA legislation, defining the methods for protecting and sharing health data. US laws protecting privacy of financial data leave a great deal to be desired. Our greatest protection from government abuse seems to be the unwillingness of agencies to share data and the primitive nature of the systems they use. Laws and government regulations will not stop hackers and criminals, who gain illegal access to personal data in many ways. Sometimes individuals are careless (e.g., we sell a computer without erasing the disk, send email to the wrong address, leave a list of passwords on our desk or throw it away.) Devious people can access our personal data by gaining access to an administrator account, by hacking into a system or by identity theft. Carelessness can be discouraged through education and penalties, but theft and misuse of the data can only be reduced by means of a better system of identification and access authorization.

In America today, it is far too easy to conceal our own identity or assume the identity of another for the purpose of doing wrong. An individual can steal an identity by obtaining some easily discovered pieces of information about a person or by stealing a card or token that is used to identify the individual. To protect our identity, which is crucial in protecting our privacy, there must be a form of identification that cannot be learned, stolen or forged. The only effective means of accomplishing this is the use of biometrics.

Biometrics uses a digital measurement of a physical characteristic or personal behavioral trait to recognize the identity, or verify the claimed identity, of an individual. Some characteristics that apply themselves well to biometrics are iris scans, fingerprints, voice signatures, retinal scans and face prints. Unless a thief is willing to undergo reconstructive surgery or has extremely sophisticated electronic equipment, it is extremely difficult to fake biometrics, especially if biometrics identification is combined with human monitoring. By this I mean that a security team is checking to ensure that individuals are actually presenting themselves for identification, and not say, hooking up a small computer loaded with other people’s biometrics, to try to fool the scanner. Even if biometrics are less than 100 percent perfect, they offer far better identity verification than the easily-counterfeited driver’s licenses, Social Security numbers and passports.

There is a great distrust of biometrics by privacy advocates. There is a strong fear of Orwell’s Big Brother. However, these concerns can largely be alleviated with the creation of laws, enforcement agencies and monitoring to ensure that the government and corporations do not misuse the data. We do not live in an authoritarian country, but rather a democracy with numerous checks and balances. The key to preventing the loss of our liberty and autonomy is not to prevent the spread of technology, but rather to ensure that it is used properly and in a transparent nature. The development of biometrics should be treated similarly to the development of genetics. It is for the good of society that we learn how to use these technologies, but it needs to be done with observation from government and private watchdog groups to ensure that the technology is not abused. Biometrics is one of the areas that should not be left to market forces and self-regulation as it has been so far.

Once we have reached agreement on the need for biometrics to be used for identification, we still need to prevent a thief from attaching his biometrics to your identity in the many databases that currently exist and are under development. The only viable solution is to have a single, universal biometric identity database, which in turn provides verification to multiple, diverse and distributed databases. Establishing biometric identities with dozens of organizations is inefficient, wasteful, and fails to solve the main problem of preventing identity theft.

The DMV, the Social Security office, the passport office, our local airport and our various dentists and doctors are ill suited to establishing a person’s identity. They would benefit from having that identity pre-established and using it to issue their own cards and administering their systems. They could each use a different numbering system, confident that each person is uniquely and accurately identified biometrically. Repeating our information to every group opens the door to forgeries and allows aliases in different systems. How would we settle identity disputes? Are we to carry as many biometric smart cards as we currently carry credit and ID cards?

The logical solution to these problems is the creation of a single system devoted to identification. This National Biometric Identification System should be managed and certified by a government agency, to ensure accuracy and so that identifiers of known criminals, terrorists and holders of passports, travel visas, etc. can be integrated. This system must be managed at a national level, but would be linked into other national and international systems by common standards. To get it approved by Congress, new legislation would be required to define access, security and strong redress for abuses. Rather than threatening our liberty, this may actually be a catalyst for increasing our protection rights regarding our personal data, most of which we have little control over today. I had to get special permission to focus on and advocate such a system for my honor’s thesis, but I believed it was more important to follow my instincts and passion and propose something constructive and innovative, than to do a traditional policy analysis. It amazed me that in this age of databases, public debate is still focused on the idea of a national ID card rather than an ID database.

Unlike an identity card, which can be stolen or forged, a national database would provide the necessary structure to certify the identity of all Americans and legal visitors. The government should create and maintain a database of biometric identifiers along with each person’s name, unique identification number and several other identifying characteristics, such as eye color and birth date. But that is all. This national database could be carefully guarded and offered via a distributed system for remote verification and for generation of identity cards. This would replace the use of the SSN in many databases.

A national biometric identification system (BIS) should not be used to store behavioral or judgmental data. The BIS should not be used to record and store health, criminal, motor vehicle registration, social security, financial or travel data. Separate systems should continue to manage such databases — each of which should be regulated and secured appropriately. Assembly of behavioral data into one large database should be prohibited. Sharing and aggregating data should be done under strict regulations.

The new universal identity database must be kept simple and secure so it can support many different applications efficiently. For example, the airline industry could access this system to verify the identity of individuals checking in. First, the airline would access the BIS to confirm each passenger’s identity by running a one-to-one match against the biometric database. Then they could check him in for his flight. A third step would be to use the identity number to search a travel alert database to see if each individual is on a risk list of criminals or terrorists. This would allow rapid, yet comprehensive, security checks. The use of biometrics, checked against a secure national database, makes it almost impossible for individuals to use forged identification papers. Of course the database must be developed under strict federal guidelines and maintained in utmost security.

Efficient use requires technology similar to that used for site name recognition on the Internet. A distributed, redundant, secure, high-speed access network can serve many database applications simultaneously. Security is accomplished in two parts, physical and technical. Physical security protects the actual building from intrusion, which is critical in preventing the theft of passwords and access codes. Technical security protects the system from electronic invasion, usually through a network or over the Internet.

It has long been argued that technology is leading to the end of privacy. Rather it is our desire for convenience and our dependence on medical, financial, travel and government systems that has led to the creation of databases that, if poorly managed and protected, threaten our privacy and the loss of our very identity. The best solution to ensure that we can protect our personal data in the future would be national legislation to establish a universal biometric identification system — concurrent with strict restrictions on use of data in all systems that access it.

---

Jennifer Carlisle – University of Southern California.

By Brian Padden – Washington

Computer keyboard

Canadian researchers say they have uncovered a China-based electronic spying operation that infiltrated computers in 103 countries.  While they say they have no conclusive evidence of Chinese government involvement, the targets of the computer espionage were political.  The cyber spying operation is one of the biggest and most sophisticated ever discovered.

Researchers at the University of Toronto call it Ghostnet – an electronic spying operation that infiltrated more than 1,000 computers around the world.  They say it targeted NATO, the Indian Embassy here in Washington and Tibetan exile centers in India, Brussels and London.  Researchers say that in addition to stealing computer files, the cyber spies could turn on the internal camera on a remote computer to eavesdrop on live conversations.

Nart Villeneuve is with the University of Toronto’s Munk Center for International Studies.  He says that while the operation was sophisticated in its organization and scope, it used readily available Internet viruses called Trojans, attached to email messages to infiltrate computers.

“From a purely technical point of view, no, it was not that sophisticated,” said Nart Villeneuve. “The Trojan, the attacker favors, the ‘ghost rat;’ it’s open sourced.  You can go and download it.  It’s not like it is some clever special new way of doing it.  But the way in which the attacker was able to leverage these tools was sophisticated.”

The Toronto researchers uncovered the cyber spying operating when they were asked by the exiled Tibetan leader, the Dalia Lama to examine his organization’s computers for malware – malicious software that can infiltrate or damage a computer system.

Although the group cannot say whether the Chinese government was involved, they add that Ghostnet’s computers were almost exclusively located in China and that the targets were political.  They found infected computers in the Dalai Lama’s organization and were able to trace stolen correspondence back to the spy network’s computer servers in China.

The Chinese government has denied any involvement in the operation.

But James Lewis, a technology expert with the Center for Strategic and International Studies in Washington says cyber spying is nothing new for the Chinese government.

“We know that they are interested as a government,” said Lewis. “We know that they’ve done it in the past as a government.  And the things that are being collected are of interest to the Chinese government.”

Lewis notes that many countries, including the United States and Russia, use computer technology to gather intelligence.

The University of Toronto researchers say an international agreement is needed to protect privacy rights and prohibit cyber spy operations like Ghostnet in the future.

Q&A: NANDAN NILEKANI

Business Standard / New Delhi September 14, 2009, 0:55 IST

There are concerns on technology, cost and privacy in the decision to allot a unique identification number to every Indian. In a talk with Karan Thapar on the CNN-IBN television channel’s Devil’s Advocate programme, NANDAN NILEKANI, who has agreed to head the newly-created Authority to plan and implement this project, concedes these are legitimate concerns. And, that these can be addressed and the project is worthwhile. Edited excerpts:

Eighty per cent of Indians have Election Commission identity cards, others have ration cards, some people have BPL cards, others have driving licences and passports, there are even PAN cards. Why on top of this do we need a unique identification number?

We need one single, non-duplicate way of identifying a person and we need a mechanism by which we can authenticate that online anywhere, because that can have huge benefits and impact on public services and also on making the poor more inclusive in what is happening in India today.

In addition to name, age, sex, date of birth and address, you actually have the biometrics which are unique to that individual?

Absolutely. It is a combination of, most probably, fingerprints and picture and a biometrics committee will finalise that, but finally that makes it unique. And we will make sure there are no duplicates.

The London School of Economics (LSE) did an analysis of a similar project being considered by the British government and this is their conclusion: “The technology envisioned for this scheme is, to a large extent, untested and unreliable. No scheme on this scale has been undertaken anywhere in the world. Smaller and less ambitious systems have encountered substantial technological and operational problems that are likely to be amplified in a largescale national system.” IIf that is true of Britain, it has to be true of India in spades.
There is no question that we are going into uncharted territories, the technological challenges are immense and one of the risks is the technology.

Not just uncharted territory, this could end up being a case of India’s ambition outstripping its ability. Even today, we can’t issue identity cards with a guarantee that the name is correct or the address isn’t misspelt. We could end by making a complete hash of biometric details.
There are risks but, given the enormous opportunity and developmental benefits it can give, it’s worth taking on so that we get the outcomes we want.

You accept the technology is not just uncharted but not actually fully known?
There is no other country where a billion peoples’ biometrics have been captured and stored in an online database. We don’t have to invent the technology; we have to scale up the existing technology to work at this scale.

The second problem inherent is cost. Once again, the LSE did an analysis of a similar project the British government was thinking of and that is a country one-twentieth the size of India. The LSE concluded the probable cost for Britain would be between 10 and 20 billion pounds. Frontline magazine believes the government in India has a guesstimate of somewhere around Rs 1.5 lakh crore. Is it worth it at that cost?
I don’t know what the exact figure is, but it is much less than that by a factor of 10.

If you don’t know the exact figure, how can you say it is lesser by a factor of 10?
The bulk part is certainly going to be lesser than that.

But it’s a guess?
An informed and educated guess.

So, we don’t know what the exact cost will be?
We don’t know, but I am very confident that whatever the cost, the social, economic and efficiency benefits would make it well worth it.

India is a poor country. This order of money could be better spent if you expand education, health and sanitation, or if you use it to feed the 40 per cent of Indian children who are chronically malnourished.
We don’t want to take away money from important social programmes. But, as we expand our social programmes, their efficiency depends on their reaching the right people and that there are no duplicates taking away the benefits. You need the infrastructure at the bottom to make that happen.

You can only target better those actually availing the benefits but not receiving these fully. Take BPL. The real problem is not leakage, but that there is a vast number who qualify and are not included in the BPL threshold at all. How will you be addressing the second problem?
Today, in a particular state, there may be more BPL cards than the population of the state, because there are multiple cards issued to an individual. With the UID, you will be able to actually trim that down to one card per individual and therefore we will actually know who is not getting this now.

But you can’t identify those who should have BPL cards and do not because they are outside the system, they have been ignored. Technology won’t improve that.
This (UID) is not a panacea for all the problems. This is an enabler which will allow more effective public delivery.

Which is why the order of money involved could be better spent in targeting education, sanitation and health, not to mention child malnutrition, because you would actually then get real benefits rather than what I am describing as notional benefits.
In a country where we are spending Rs 1,00,000-2,00,000 crore a year on different kinds of subsidies and social benefits, to make investment which is a part of that, one-time, to make those investments more efficient, is definitely well worth it.

Is it a one-time investment? Frontline magazine says the government’s estimate of Rs 1.5 lakh crore does not include recurring cost. And we don’t know by how much.
On the scale of money that we spend on public programmes and the ability of the project to deliver better public programmes, it will be well worth it.

I put it to you again, there are so many imponderables about technology, size and cost, that is it wise for a poor country like ours, where there are huge levels of poverty (the Arjun Sen Gupta Committee report says 80 per cent of India live under Rs 20 a day), to be spending this sort of money on this project?
The government has come to the conclusion that this project is strategic and worth it. I have been invited to lead this project. I believe it is viable and I will do my best to make it viable.

How can you ensure the database you are creating will be secure, that it won’t be misused and won’t result in an invasion of privacy?
A very legitimate concern. We are looking at how to make it secure. We are saying nobody can read this database. All they can do is verify the authenticity of an identity. You can ask a question like, is X, X? and the only answer we will give is yes or no. But there is no question that once the UID is implemented and becomes ubiquitous in many applications, then there are challenges of privacy. And, with this project, we have to put in other checks and balances, including laws.

Professor Ian Angle of the LSE, a world renowned authority on precisely the creation of such a database, says with relevance to England, and it will apply even more to India, that what you are going to end up with is the “Olympic games of hacking”. You are going to provide people the biggest challenge to hack through. No one believes in the perfectability of computers, so hackers will hack and succeed.
A legitimate concern and we will have to design it as good as possible. The important thing is — is the risk of hacking and privacy large enough not to do this project? And the view is that the project has so many significant benefits for the poor, in making it inclusive and in giving them a chance to participate in the country’s progress, that it is worth it and we have to mitigate those risks.

You are creating a system which, in the wrong hands, would be a powerful tool for either religious or caste profiling. How can you ensure unscrupulous politicians won’t misuse it?
We are not keeping any profiling attributes in our database. No details of people’s caste?
No. In which case, how can you say to me that you will better target benefits at BPL and other categories? If you don’t know someone is SC or ST, if you don’t know they are OBC, how can you ensure better targetting?
That is the responsibility of the applicant that provides those services.

So, then they will add in that feature into your detail?
That is outside our system. Our system has only basic attributes like the name, address, date of birth. You are creating a weapon which you may not misuse but others could?
Today, we have electronic databases in the country which potentially can be used the way you are suggesting. We are not doing something different from what already exists.

In the UK, the US and in Australia, because the authorities couldn’t respond to public concerns about misuse, they have effectively put on the backburner consideration of similar schemes. If developed countries cannot tackle misuse, how can India, where 35 per cent of the people are illiterate and 22 per cent live below the poverty line?
What these developed countries have put on hold is giving national ID cards to people. But both the US and UK, have a number. In the US, you have the social security number; in the UK, there is the national insurance number. They already have a numbering system, which is what we are going to propose.

Except that it is nowhere near as extensive or as complete in terms of the biometeric details as what you are proposing in India. The national insurance in Britain has been around and developing slowly but it doesn’t have any details that could lead to an invasion of privacy. It doesn’t have any details that can be misused for profiling. Yours could have both.
These are legitimate concerns and we have to address them. But the social benefit, the inclusivity, this project will provide for the 700 million people in this country who are outside the system is immense enough to justify doing this project.

How will you handle the inevitable problems of internal migration or illegal immigration? How will you ensure the wrong people aren’t captured in your system and given an identity and made Indian?
Having this number does not confer any rights, benefits or any entitlements. All it does is confirm that X is X.

There are 100 ways of doing that. Why are we spending close to Rs 1.5 lakh crore just to be able to claim X is X?
To have a system which uses a unique identifier like biometrics, having a system which ensures there are no duplicates and having a system that provides online authentication is, we believe, something that can have a lot of social benefits for the poor.

The LSE conclusion, when they reviewed a potential British concept along the lines of what you are doing in India, was: “The success of a national identity system depends on a sensitive cautious and cooperative approach involving all key stakeholders, including an independent and rolling assessment and regular review of management practices”, and the LSE concluded that did not exist in the UK. If it does not exist there, that environment certainly doesn’t exist in India.
We are trying to make sure all the checks and balances are there. We will have a very wide consultative process. We will involve everybody. We will make it public. All these are legitimate concerns and we have an obligation to meet these concerns

Michael (Micha) Shafir the Founder & Inventor of Innovya
Traceless Biometric technology, is demonstrating to Governor
Kaine, how easy, stored information can be leaked out without
connection to any public network, and why it is so dangerous
to collect sensitive Biometric Information about innocent citizens.
Proving that there is no better security for sensitive data
than not collecting it in the first place.

12 Sep 2009, 1824 hrs IST, ET Bureau

NEW DELHI: In view of the National Unique ID project initiated by the government, and its bearing on the smartcards, RFID, biometrics, e-Security

sectors in India, SmartCards Expo 2009 has been organised in the capital from September 11-12.

The government may use biometric features like iris scan and hand geometry for recording secondary details for the National UID project, said officials at the SmartCard Expo 2009. Face readers which can scan even the face of a hijab clad woman, or a man wearing a beard from his or her original face, new smart cards, iris scanners and printing technology, were showcased at the event in this regard.

Technology majors like NXP, ST Microelectronics, Texas Instruments, Sagem, Base Systems, Bartronics, Lipi Data Systems Ltd, HiTi Digital, Infineon participated in the event. However the absence of any representative of the UIDAI (Unique ID Authority of India) was severely felt at the event, inspite of the importance of this Conference, which was fully devoted to the subject of UID.

Greg Pote, Chairman, Asia Pacific Smart Cards Association mentioned the in his view, various governments are still searching for what they can do with the national ID cards beyond ID. But most governments have a privacy commissioners and monitors, and they limit what the government can do with the details. He said that the registration number is the key driver for the card. That creates problems, with resistance from privacy bodies. His estimate is that smart cards in India are 5 years behind Europe.

Dr B K Gairola, Director General, National Informatics Centre touched upon the role of the government and the importance of the UID Project to India as a whole. He mentioned the it is like a 16 lane highway on which all applications could ride. He talked about the earlier experience of the MNIC – Multi Application National ID Project and also the importance of the creation, operation and maintenance of a Unique ID Database and the challenges associated with it.

Accenture’s Ravinder Pal Singh mentioned that Bluecasting might be a better alternative to start with because people have mobile phones, especially in villages in north India. Mobile phone is much more authentic and secure, according to him.

Biometrics involving fingerprints and other biometrics feature such as face recognition, DNA shape identification, etc were also extensively discussed.

Gemini Ramamurthy, Chairman of Cyber Society of India said that a set of 12 parameters has been issue by the UID, but the only parameter that cannot be duplicated is the biometric one. While it is important to achieve uniqueness in identification of persons, it is equally or more important to be able to establish secure identification. This means the identification of a person has to protected against misuse.
The challenges to the ID project are many. Mere possession of a unique identification number belongs to that person. It has to be established beyond doubt that the particular unique identification number belongs to the particular person and no one else. In other words, there should be a secure way to ensure that no other person can carry that identification number.

And then, if these security features have to be matched with the database contents of a particular individual, it requires a very efficient and robust facility of data base storage and retrieval with a highly reliable remote connectivity.

A more plausible is to provide a smart card, which will carry the unique identification number and the various additional security features that can be checked to further establish the uniqueness of identification of the individual. Many countries have already implemented smart card based identification programmers emphasizing the unparallel security provided by smart cards.

The government is thus considering splitting the UID database into two sets of paramters – the primary database will be accessible on the Internet and used for access purposes and verification, while the secondly database is likely to be kept offline, and in multiple formats, and be used only if the primary data is in dispute. Secondary data could have multiple biometric features including Iris scan, hand geometry, and additional data including names of grandparents and great grandparents, because the hacker may not be aware of these things, Mr Ramamurthy added. Since the UID data is in digital form, it may be useful to include an email ID as an additional data parameter.

“The appropriate audit trail, and what was the value of the data before and after the access needs to be stored, as well as the mode of access to that data. These should be available for judicial scrutiny, and certified for integrity. Companies from countries suspected of cyberwarfare against India should be avoided in case of this project.” Mr Ramamurthy said adding that a pilot project for the UID is being planned in Bangalore.

An eminent panel of experts debated with a sizable audience about the UID andtechnologies of relevance to India. The Panel was chaired by Pradeep Kumar, Vice President, Asia Pacific, STMicroelectronics. Panelists were from Sagem Securite, WYSE Biometrics, UNISYS, Bartronics, NXP Semiconductors, Barnes International, and ASK France.

What a shock: Your e-passport isn’t secure after all

By Bryce Longton – BlackBook Magazine

The US State Department is backpedaling like crazy from their earlier statement that the RFID-enabled passports are safe and secure. In fact, now they’re urging travelers to keep these passports in “radio-opaque sleeves” to protect owners from having their information skimmed by unauthorized readers within a 30-foot range. The State Department’s warning comes with the caveat that “hackers won’t find any practical use for data,” because personal information is encrypted. But that encryption has already been cracked.

As Marc Rotenberg, executive director of the Electronic Privacy Information Center, notes, “By obliging Americans to use these sleeves [...] the government has, in effect, shifted the burden of privacy protection to the citizen.” Who wanted an RFID-chipped passport anyway? No one knows. But if you do happen to have one, do what Mark Ashley of Upgrade: Travel Better suggests “Break the chip. Pound it with a hammer.” I’ll add in there, as a message to the government: if it ain’t broke, don’t fix it.

By Tom Espiner ZDNet.co.uk

Posted on ZDNet News

Security expert and BT chief security-technology officer Bruce Schneier has attacked the US-Visit border-biometrics program, saying it has had “zero benefit” in terms of security.

Speaking to ZDNet UK last week, Schneier said that there was little evidence that the US-Visit program, which takes fingerprints and retinal scans from all visitors to the United States, had made any impact on reducing the threat from criminals and terrorists.

“If the Department of Homeland Security had apprehended any terrorists [through US-Visit], they would have kicked up a huge press stink,” said Schneier. “There has been zero benefit from the program.”

A long-time critic of the US-Visit program, Schneier first questioned the cost-effectiveness of the scheme in 2006. At the time, just under 1,000 people had been apprehended for criminal or immigration violations, yet the program had cost $15 billion (£9.4bn) up to that point.

“Take that $15 billion number,” wrote Schneier in a 2006 blog post. “One thousand bad guys, most of them not very bad, caught through US-Visit. That’s $15 million per bad guy caught. Surely there’s a more cost-effective way to catch bad guys?”

However, Robert Jamison, undersecretary at the US Department of Homeland Security’s National Protection and Programs Directorate, which oversees US-Visit, told ZDNet UK at the RSA Conference Europe 2008 on Wednesday that the border-biometrics program had been effective.

“There have been several instances of someone applying for entry under one name, being denied, applying under another name, and again being denied [due to biometrics records],” said Jamison. “In a few cases, criminal activity and, in some cases, terrorist activity have been prevented.”

Jamison declined to say exactly how many terrorists had been caught as a direct result of the program, saying the information was “classified”. However, Department of Homeland Security figures show that more than 2,400 immigration “violators” and criminals have been identified since the inception of the program in January 2004.

In February, US-Visit was claimed to have helped identify two terrorist suspects, now being held in Iraq, from fingerprints lifted from an improvised explosive device.

By: Michael (Micha) Shafir – Security Park

Current Biometric documents are useless. ePassports don’t make much sense without one-only or unequalled biometric passport reader. Let’s face it once and for all, any electronic data storage method by which content can be read (e.g. RFID, smart/storage cards, etc.), gives it the obvious potential to be hacked, copied and cloned. There’s a reason why “Random Access”, “Write Only Memory” (“WOM”) devices have never sound logical. What purpose would there be to store data that cannot be read? Let’s take this one step further. If stored information is designed to be read, then a device must exist with the ability to read the stored information for it to be of any value.

Now, let us apply that simple logic to stored information that’s meant to be read in a widespread application. In this type of application, multiple standardized reading devices must exist in order to always yield the same result from that stored information. As an example, standardization gives us the ability to use our credit cards regularly because each and every point of sale reader is reading the information contained within the card’s magnetic strip in the exact same way.

We must therefore recognize that these same benefits of standardization create reciprocal risks of fraud. Once the ability to read stored information exists, the ability to either reverse engineer the reading process or clone the coded stored information exists as well. What purpose does, a means of identification serve, if we cannot be near certain that it has not been compromised? Further, once that ID has been compromised, how can it be prevented from yielding positive identification where not intended? To illustrate the point, let us use your everyday ATM cash withdrawal as an example. After inserting the card into the ATM, one is prompted to enter the PIN associated with that card.

If the correct PIN is entered, even by someone other than the authorized user, the ATM will approve the transaction because its predetermined means of authentication is a combination of a card and its associated PIN. As we are well aware, magnetic strip cards and the like can be easily read, thus creating the opportunity for thieves to create a copy of that card. All that’s left is the PIN. For professional thieves, that’s less of a challenge than we’d like to believe.

For years, as technology developers would have it, much effort has been focused on providing more and more secure methods of storing sensitive information, without addressing the root of the problem. Regardless of how securely information is stored, because it is designed to be read, illicit methods by which to read the information will be found. Once that has been accomplished, the ability to create both fake and cloned ID’s exists. ePassport readers are addressing the standards and recommendations of predefined requirements like the Machine Readable Travel Documents (MRTD). In order to make them usable, they must be consistent.

If you have a set of identical targets (e.g. ePassports or National IDs or Driving Licenses or Employee cards etc.), breaching one of them is a breach of all of them. Identical electronic device is a single point of failure. It is unfathomable for governments to change their entire population’s ID’s and documents every time someone, somewhere across the globe hacks and clones a single chip.

It would seem as if the only real way to prove you are who you claim you are to an automated system is through the use of biometrics as a means of authentication. Identity theft is exceedingly common these days. The use of biometrics, however, creates a whole new area of concern. When non-biometric security authentication elements are breached, security can be reestablished by selecting new authentication elements. The same cannot be done in an instance where stored biometric information is breached. Biometric information cannot be changed. Our fingerprints, face, retina and all, are what they are. The question we are faced with is how we can truly secure our biometric information. We can change our name or address, but we cannot change our body parts.

Turning the human body into the ultimate identification card is extremely dangerous. The possibility of fraud with electronic chips and biometric data should not be underestimated. Exposing or losing biometric property is a permanent problem for the life of the individual, since, as we’ve mentioned, there is no practical way of changing one’s physiological or behavioral characteristics. How do you replace your finger if a hacker figures out how to duplicate it? If your biometric information is exposed, in theory, you may never be able to prove who you say you are, who you actually are or, worse yet, prove you are not who you say you aren’t.

The best secrets are secrets that are never shared. Storing those secrets on a readable electronic card from which any simple RF dump reader can extract that information, in the same way as international border readers do, or storing your personal information together with your biometric characteristics on a readable electronic device is like sticking a label with your PIN on the back of your ATM card!

Biometric authentication is a powerful tool, able to bridge the gap between human and machine interaction in everyday instances such as ATM withdrawals, on-line banking and credit card transactions and all sorts of general user authentication. The use of biometric authentication enables a high threshold of security by reducing identity fraud incidences of unauthorized user access. It is also an easy method of authentication from the user’s point of view because a user’s biometric information is always with them. The most critical flaw in the use of biometrics as a means of authentication, however, is that the authentication process cannot work if the subject is a stranger to the system.

We’ve already concluded that storing the biometric information on an external device carried by the user, such as a smart card, is far too risky in that it risks losing one’s biometric information forever. Alternatively, databases are breach-prone, and inefficient, especially when used in large scale applications. Databases also require real-time access to be of any value, communication with which may not always be available. Where then can such sensitive information be stored? Furthermore, why risk storing that unique biometric information in a database, smart card, or other external devices to make it useful?

Another problem with common biometric systems is that the most effective way to achieve maximum system matching is to compare biometric images to a template by using raw data. Biometric Encryption is the process of using a characteristic of the body as a method to code or scramble/descramble data. Since these characteristics are unique to each individual, the biometric information readers, cameras and sensors must all yield identical results.

Most biometric authentication systems use a similarity score as an internal variable, whereby if enough numbers of starting points are given, it is possible to find the highest point without being trapped by local minima. However, different readers, cameras and sensors, manufactured by different manufacturers, generate ever so slightly different biometrics results. Varying starting results, when encrypted alike, will not yield the exact same decrypted result.

Biometric standards can be obtained only if the common information is unconcealed. That, in and of itself, creates system wide vulnerability, and thereby renders the system unsecure. At present, each biometric scanner’s vendor generates their own encryption method. Raw biometric data is critical data. It should not be exposed or stored in public space. As difficult as it might be to create a secure standard for identical encryption paths, it is seemingly not possible to create standards for non-identical encryption paths. Overcoming the encryption matching hurdle is the see-saw that creates the security blind spots because the template can be tapped during the authentication process.

Traceable biometric authentication systems extract features from scanned biometric elements and pattern match it with an enrolled template. Theoretically, a system cannot authenticate strangers to its data store. The other side of that theory is exactly where the hackers look. The inability to “recognize” strangers is an opportunity to breach the authentication barrier. If a biometric authentication system has a blind spot, it can then be take advantage of and used to clone or rob ID. It also means that when the real ID owner will try to use their legitimate ID, they might find that they have been revoked from the system without understanding why. An electronic chip that contains identity elements is only one of the many threats facing traceable biometric authentication systems.

Template leakage is an even bigger problem because once that information is gotten a hold of, the ability to prevent illegitimate copies and “fake originals” of legitimate ID’s is gone unless the template is changed. Any change to the template requires changing ALL associated ID’s, just as is the case when a “master key” is lost. The only solution is to change the key and distribute new keys to all who use it. Can one possibly imagine if such an instance were to occur with Driver’s Licenses? Now try to imagine if it were to happen with Passports. Unfathomable! At least with keys, the ability to change the template or lock is not ideal, but possible. That is not the case with biometrics as biometric elements are with the individual for life. Dear security decision maker, how can you sleep at night?

People want to be able to draw a circle around their personal information, and do not want parts of their body electronically stored in databases. Our system of government tells us that we are entitled to control all that falls inside this circle; we ought to be able to regulate how, to whom, and for what reasons the information within this circle is disseminated. Some people object to biometrics for cultural or religious reasons. Others imagine a world in which cameras identify and track them as they walk down the street, following their activities and buying patterns without their consent. They wonder whether companies will sell biometric data of their body parts the way they sell email addresses and phone numbers. People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there.

Cloneable, traceable or collectable biometric systems could be designed to have the capability to store and catalog information about everyone in the world. The violation of privacy created by the collection of biometric data creates a prophylactic paradox; the bigger the privacy violation, the farther away it moves away from its intended goal.

How then can the power of biometric authentication be made useful without bumping up against these numerous serious challenges?

Innovya’s Traceless Biometrics approach, using non-unique remedies and a Real Time Reactive Authentication process solves all such cloneable, deflectable and privacy challenges. The Traceless Biometric workflow uses the time tested photo ID concept, wherein you match a picture to a person, no different than in any typical biometric authentication process. In a very simplistic way, just as in a mirror reflection, anyone can “authenticate” a stranger’s reflection without the need to compare the reflection against any other source of stored information. It does so, however, in a manner that is, as its name suggests, traceless, without storing any biometric data anywhere.

Innovya’s Traceless Biometric Authentication process consists of a comparison of only a portion of predetermined biometric elements against the users’ associated access device, wherein the “instructions” for which such portions and their mathematical modifiers are stored on the access device, somewhat similar, in an oversimplified sense, to the PIN on an ATM card. Unlike the ATM card, however, the system will not authenticate unless that specific user is the one seeking authentication because positive identification is derived from biometric elements on the user’s person, and therefore becomes useless without the user. Should the access device be hacked exposing the numerical string derived in the Traceless Biometric Authentication process, an alternative Traceless Biometric Authentication element can easily be programmed and reissued to the user.

Therein lays the essence of Innovya’s novel approach. Innovya has overcome the major challenge of creating a secure and efficient authentication solution that is stronger and less disturbing than electronically cloning human intrinsic characteristics on databases or electronic chips by eliminating them from the equation altogether. Additionally, because only a portion of the total biometric data is used in the process, should that data be compromised, the ability to recreate the biometric element from which it was derived is simply impossible.

Today, most systems are designed to work specifically in place where they are located, like office buildings or hospitals. The information in one system isn’t necessarily compatible with the other’s, although several organizations are trying to standardize biometric data. Once identical information is stored outside of governmental boundaries, the potential of using it commercially is huge, especially by hostile governments that might be willing to pay a lot for these otherwise indiscoverable information elements. Above all the advantages and disadvantages this technology, we will unintentionally be creating ripples in the field of security and privacy.

Adopting traceless guidelines by using real-time reactive authentication process methods for current biometric authentication systems will result in an efficient and unobtrusive authentication solution, wile treating personal privacy as the critical issue that it is. Biometric scanning, not storage, as is necessary for the limited purpose of authenticating a user should suffice. Authentication systems should dismiss all biometric information or traces thereof from the scanning devices immediately after the authentication process, and mustn’t use any external storage systems. Innovya has developed the solution to all of these challenges.

Although there are severe restrictions on collecting, creating, lodging, maintaining, using, or disseminating records of identifiable personal data, there are no legal restrictions on the processing of biometric authentication systems. Biometric authentication processes must be recognized for the risk that they pose, and must therefore be done so only in ways that are Traceless and Anonymous.