Over the past two years, there has been a significant increase in the use of biometrics for authentication. It is becoming more commonly used to purchase groceries, to gain access to physical premises, passing through passport control and for logging on to computers. There are some dangers with this trend and that's what this blog discusses.
First of all, a biometric is no secret. It's a piece of who you are. Therefore, the use of biometrics to authenticate an identity poses risk to the identity if their biometric is stolen. What are you going to do if your digital finger scans or prints are stolen? Relying solely on a biometric for authentication is therefore not recommended especially in instances where the identity is in one physical place and digitally logging on to access something that is held elsewhere,
There is also the issue of privacy. Let's say that the enterprise you work for uses a fingerscan to gain access to certain facility areas of the enterprise. You leave the enterprise. What current legal requirements are there on the enterprise to remove the digital fingerscan registration from their databases? In most countries currently....none. What happens to the identity when the database is broken into in the future and the data is compromised? Will the identity even be notified that the database has been compromised? In most cases currently, no.
I think that technology is moving far faster ahead of our current state, national and international laws. The identities need to know that when they givve up a portion of who they are to authenticate, that they can be sure that the identity data will not be mis-used and when they terminate or express to a commercial use to desist using their biometric (like for a grocery store checkout) will be deleted.
Regards,
Guy
del.icio.us