Will Biometrics Go Mainstream In 2012? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
12/21/2011
06:20 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Will Biometrics Go Mainstream In 2012?

IBM thinks so, and the US-VISIT program may give a glimpse into the future. But what about data theft?

As a kid, I marveled at movies featuring retina or hand scanners, or instant DNA analysis to authenticate the bad guy to his vault. As an adult, I figured these devices would mean the end of passwords and spoofing and would bring the collision of sci-fi future and real-world security. Sadly, I still don't have a retina scanner at my desk. What I do have are so many passwords that I need a password manager to keep them straight.

I don't blame companies for hesitating to invest--biometrics systems still have problems, despite IBM’s prediction of advances. A prime example is how some fingerprint readers fell victim to the highly advanced gummy bear attack, in which a user acquires a gummy bear, applies it to the reader, and presses down. The sensor reads the fingerprint from the last user, which has now transferred to the gummy bear. The reader is defeated, the gummy-wielding attacker is authenticated as the previous user, and the system has become worthless. Organizations have been forced to replace hardware and software in light of this attack and revert to legacy methods, such as passwords, that are not vulnerable to rubbery candy.

More secure, it's hoped, are the digital images the government is embedding in the newest version of the U.S. passport for use with facial-recognition software, to reduce the likelihood of someone successfully using a fake passport to enter the country illegally. Since 2004, the US-VISIT--for United States Visitor and Immigrant Status Indicator Technology--program has been collecting digital fingerprint and facial images of international visitors to be used for identification; this data is shared with a number of government agencies. The enrollment and validation of these attributes is fast and accurate enough for use in everyday, large-scale deployments, and the Department of Homeland Security just announced it will pay Accenture Federal Services $71 million over 13 months to further improve the system.

Though they should, most users never question the privacy, storage, handling, and sharing of their biometric data. What happens if people are enrolled in a system and their biometric data is compromised, sold, shared, or mined in some way? This topic came to the fore in 2009 when a company offering faster airport security checks closed its doors and didn't immediately state where the biometric data it had collected would end up. In return for allowing Clear (which has since been reopened) to keep biometric data on file, frequent fliers could move through airport security faster. It was great for those who fly often and don't want to waste time. It would also be great for those who want to steal this data to impersonate a frequent flier, for either malicious airport activity or use elsewhere. If a credit card is stolen, it's easy enough to close the account and get a new card. Not so much for a new fingerprint.

While some people will always like to think they're targets of a vast international conspiracy looking to frame them for a failed government takeover, in reality, I don't see biometric data being targeted in such a way. On the other hand, this data could be sold to and mined by companies with the ability to analyze our physical traits, compare that to other data sets, store in-depth information about us, and perhaps disclose it all in some way that would harm us.

The fact that these concerns are mainstream shows that biometrics has evolved to a point where enrollment, usage, cost, and user fears are no longer hindering adoption. I can see a future in which governments push for inclusion of digital photos to be used with facial recognition, require fingerprints for traveling, and eventually embed DNA attributes in identification documents to address everything from fraud to immigration control.

As a user, it seems great not to worry about someone impersonating me and not having to carry an access token or know a password. At the same time, though, it's scary to think my fingerprint, DNA attributes, and digital image will be shared across governments, vendors, and employers. Those futuristic movies never addressed the security and privacy aspects of our personal biometric data and what happens if it's compromised, altered, or goes missing. That's up to us.

Adam Ely is security director at TiVo and a Dark Reading and InformationWeek contributor.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Is the Computer Science Degree Dead?
Guest Commentary, Guest Commentary,  11/6/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll