We have warned several times on this blog that the massive application of biometry is a time bomb, especially if the data are stored in centralised databases. But we also see growth in a number of biometric technology vendors, marketing budgets and new products. Optimism thus prevails in the public space. Risks are underestimated, and they appear as sci-fi issue of a distant feature. But they actually happen.
Biometry data compromisation becomes a part of everyday life. During the most famous security incident, unknown hackers got access to fingerprints of 5,5 million employees of American federal government. We do not know what happened with stolen data, but usually, they are sold on the black market. It is quite likely that several criminal organisations have they now, passing to other parties. Nobody can stop them. Do the people know what happens with their fingerprint data?
Much more serious cases can appear. They are rooted in a wrong assumption that a record in a central database is the primary source of human identity. A person is authenticated through comparing a living person with the file. If he/she matches with biometric data, his/her identity is confirmed. Such concept is straightforward and logical from the technical point of view. But it is against common sense! A person is not a superstructure of a database record. And there is a formidable threat on the background. What if my record is wrong?
It is not just a theoretical possibility. Not long a time ago, a case of Olajide Ogunye, a son of Nigerian parents with Canadian citizenship, was published. He was a law abiding citizen, he held all required documents a felt safe. But he should not have felt safe. Somebody made a mistake while entering data into the database and Olajide´s fingerprint was assigned to a wanted person. Canadian law enforcement units work on principle „the truth is in the system“ so that Olajide was arrested and spent almost a year in a high-security prison. Genuine documents did not help. Testimonials of his neighbours were not accepted. Olajide was lucky that he had a persistent tireless lawyer.
A small data mistake can result in a nightmare. What if the error was not identified? What if a law-abiding person was replaced with an extremely dangerous killer? What if somebody cannot afford a good lawyer? And first of all – how frequent are smaller cases of „only“ rejecting the transaction, transferring property, or a short-term annoyance? Even if the error rate was lower than one per cent, millions are impacted.
We can expect a typical answer: a technological solution, such as adding supervisory steps, adding more authentication data or strong antivirus protection. But more checks cannot solve the fundamental mistake in the architecture. Human identity cannot be a database record from its very principle. It is a living human being with a place of living, history and relationship with other people. The role of the technical solution is to point at this person.
How can national or even international authorities and law enforcement units authenticate people with sufficient level of certainty? In the best case scenario, there is a continuity of confirmation. It means that there is a trusted person who can confirm knowing the authenticated person from his/her very childhood. Or he at least knows him/her for, let say, ten years. It should be the base for physical ID documents issuing. And the document should be the base for the creation of records in information systems.
Such architecture also ensures stability in case of a security incident. If the information system fails, a person can be authenticated using his/her physical ID document. If there is a disbelief in the genuineness of physical ID document, an investigation can be done in place of living. The police officers can ask in the neighbourhood: Do you know this person? Biometry and smart systems can enhance comfort and effectiveness but should be applied carefully and with awareness of risks.