Post-biometric future?

It is often reminded on this blog that biometric applications create a range of new risks. We are not the only one who warns. Nevertheless, the growth of the biometric sector is tremendous. Let us take just today announcements. Japanese JCB introduces payments authorised by palm. In Cyprus, cards protected with fingerprint are introduced. Similar projects are started in Germany and Netherlands. Zimbabwe launches biometric e-passports. Airports in Australia start to apply face recognition. Some market analysts estimate market slowdown for this year but the prevailing tendency is still robust growth.

On the other hand, there is also growth in successful attacks resulting in compromising of biometric databases and imitation of biometric data.

Moreover, some biometric features may be abused even without compromising a database. Features like face and iris are always publicly displayed. It used to be that for taking biometric data you needed to sit into a special box and spend their tens of seconds. Now, it is sufficient to stop for a while or even pass a section very slowly. With the growth in quality, resolution and intelligence of video technologies, even it will not be needed. It may even happen that a user does not know that his/ her biometric data are captured.

Processing personal data will be more and more regulated, aside from prosperous black market with biometric data. Do you want to buy someone’s fingerprint? His face biometry? His voice? No problem. Anything can be bought. Anything can be imitation. Such future may be closer than we think today.

It is likely that biometric data will no be fully reliable. What is even worse, it is not possible to start a race in which manufacturers add stronger and stronger protection, and an attacker tries to imitate it. Regarding biometry, you can add more and more features but cannot create stronger features. You cannot enhance iris resolution or more sophisticated fingerprint lines.

It is surprising how little attention is paid to this problem. Optimistic prognosis says that identification and authentication will be separated again. If the task is „just“ identification (to say who is that person), biometry is o.k. If the task is authentication (to prove that the person is who he/she claims to be), physical id card and perhaps also a password will be required.

Optaglio offers, among others, the following.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s