CSC 379:Week 4, Group 4: Difference between revisions
No edit summary |
|||
Line 31: | Line 31: | ||
These systems are not flawless though. Depending on what characteristic is being measured, there is often a significant chance of error. Each biometric has its own false accept rate and false reject rate. A false accept rate is the chance that the biometric verifies that you are who you claim to be, when you actually aren't. The higher the percent chance for a false acceptance, the easier the system is to fool. A false reject rate is the chance that a system says you are lying about who you claim to be when you are telling the truth. The false accept rate and false reject rate of a particular biometric should be taken into account when designing an identification or verification system. | These systems are not flawless though. Depending on what characteristic is being measured, there is often a significant chance of error. Each biometric has its own false accept rate and false reject rate. A false accept rate is the chance that the biometric verifies that you are who you claim to be, when you actually aren't. The higher the percent chance for a false acceptance, the easier the system is to fool. A false reject rate is the chance that a system says you are lying about who you claim to be when you are telling the truth. The false accept rate and false reject rate of a particular biometric should be taken into account when designing an identification or verification system. | ||
==Physiological Biometric Systems== | |||
===Facial Identification=== | |||
Facial identification can either identify people based on the image of their face or a thermal scan of their face. At first glance this seems to be a sound method, after all it's how people identify each other without technology. Unfortunately, there are several issues with implementing it as a technology. For cosmetic scans, the image can look very different based on lighting or could be fooled with makeup. In addition, both facial and thermal scans will change as people age. While one of the easiest and least obtrusive means of identification, it is also one of the least accurate and most easily fooled. | |||
===Fingerprint=== | |||
Fingerprint identification is one of the most widely used biometric means of identification in the world today. The ridges of the skin on the finger are taken and compared to known records taken in the past. It is well suited to its task for several reasons. A person's fingerprints do not change as they age nor are they easily copied. In addition they are completely unique. Due to its widespread use there are fewer personal issues with the scanning of fingerprints than some other biometric identifiers. | |||
===Hand veins=== | |||
Similar to fingerprints, the lines of the hand may also be used for identification. It is harder to fool than a fingerprint scan, but also slightly less accurate. It is also more vulnerable to changes over time than fingerprints and sometimes harder to tell the difference between the scans of two individuals. | |||
===Eye scans=== | |||
There are two kinds of eye scans, one that scans the retina(blood vessels) and the other that scans the iris(colored part). Both of these share the advantage of scanning an internal organ which is less vulnerable to damage over time. Both suffer from a difficulty in building a database to compare to due to how they have to scan in addition to a lack of public approval for getting their eyes scanned. People associate the technology with something they would see in a movie and pair it will a loss of privacy as is the case in such movies. | |||
===DNA scans=== | |||
DNA is the most accurate way of identifying a person. Nobody, with the exception of identical twins, will have the same DNA. Unfortunately, a sample from someone else will allow a fraudulent person to trick the system. In addition, collecting information for a database to compare scans to would be a major issue, as most people do not want to go in to a government office to have their DNA sampled. This brings up the next issue, because it is so accurate there is would be a massive loss of anonymity which would receive large public backlash. | |||
==Ethical Issues Surrounding Biometrics== | ==Ethical Issues Surrounding Biometrics== | ||
Line 36: | Line 51: | ||
Many forms of biometric data do not expire. While a person's face or voice may change some as they age, for the most part your physical and behavioral characteristics are going to stay the same throughout your life. | Many forms of biometric data do not expire. While a person's face or voice may change some as they age, for the most part your physical and behavioral characteristics are going to stay the same throughout your life. | ||
With current forms of identification your can, for example, change your password or get a new credit card or driver's licence or passport. For the most part with biometric identification, you can't simply change your information (short of surgery). This posses a large privacy issue. Not only will anonymity be almost impossible in a world were biometric identification is the norm, but identity theft will be every more devastating because one can't simply adopt new identifying data to defeat the | With current forms of identification your can, for example, change your password or get a new credit card or driver's licence or passport. For the most part with biometric identification, you can't simply change your information (short of surgery). This posses a large privacy issue. Not only will anonymity be almost impossible in a world were biometric identification is the norm, but identity theft will be every more devastating because one can't simply adopt new identifying data to defeat the thief. | ||
===Biometrics as a Means of Discrimination=== | ===Biometrics as a Means of Discrimination=== |
Revision as of 17:38, 28 July 2007
Biometrics and Privacy of Genetic Data
A concern with ID cards that contain biometric information is that once one is stolen, it would be more difficult for someone to reclaim their identity as the nature of the representation of biometric data that would be used would be something that would not change over a person’s lifetime (e.g. fingerprints or eye-scan)[1]. Thus for technologies that rely solely on the biometric data contained within the IDs to establish identity, once a card is stolen, ones “identity” may never be able to be reclaimed.
Ethical issues related to privacy of genetic data follow closely with this topic since it suffers from similar issues as biometrics, although genetic data is much more invasive to ones privacy as society becomes more able to interpret it. There have been discussions of a constitutional amendment to prohibit genetic discrimination. If ones genetic information is made available, or information derived from, it opens the person to an increased threat of discrimination (jobs, insurance, social), as well as other threats to privacy not yet realized, but that will likely be realized within ones lifetime as there becomes a greater capability to interpret genetic data.
What types of protections should be afforded to biometric data compared to other types of data? For genetic data? Should biometric/genetic data be incorporated into various technology from ID cards to diagnostic equipment? Examine ethical issues related storage and use.
Resources
Relevant External Links:
The National Science and Technology Council some good resources related to biometrics and privacy issues.
Wikipedia's article on biometrics: http://en.wikipedia.org/wiki/Biometrics
EFF has an introduction to some concerns voiced about biometrics: http://www.eff.org/Privacy/Surveillance/biometrics/
Relevant Class Website Links:
What are Biometrics?
A biometric is a measure of some physical or behavioural characteristic of an individual. These measurements can then be used to identify and individual or at least aid in confirming a claimed identity. Some examples of human characteristics that can be conveniently captured in a biometric include: Fingerprints, Retinal scan, Voice, Signature, DNA, Gait. After your individual information is recorded it can be used in a biometric system.
The Purpose of Biometrics
Biometric systems have several purposes. They can verify that a person is who they claim to be by checking your information against the data the system has on you. A biometric system can identify you without you telling the system who you are by your physiological or behavioral characteristics. And biometric systems can also be used to screen individuals. The system may raise a flag or alert the police if it identifies you as being on its watch list.
Flaws in Biometric Systems
These systems are not flawless though. Depending on what characteristic is being measured, there is often a significant chance of error. Each biometric has its own false accept rate and false reject rate. A false accept rate is the chance that the biometric verifies that you are who you claim to be, when you actually aren't. The higher the percent chance for a false acceptance, the easier the system is to fool. A false reject rate is the chance that a system says you are lying about who you claim to be when you are telling the truth. The false accept rate and false reject rate of a particular biometric should be taken into account when designing an identification or verification system.
Physiological Biometric Systems
Facial Identification
Facial identification can either identify people based on the image of their face or a thermal scan of their face. At first glance this seems to be a sound method, after all it's how people identify each other without technology. Unfortunately, there are several issues with implementing it as a technology. For cosmetic scans, the image can look very different based on lighting or could be fooled with makeup. In addition, both facial and thermal scans will change as people age. While one of the easiest and least obtrusive means of identification, it is also one of the least accurate and most easily fooled.
Fingerprint
Fingerprint identification is one of the most widely used biometric means of identification in the world today. The ridges of the skin on the finger are taken and compared to known records taken in the past. It is well suited to its task for several reasons. A person's fingerprints do not change as they age nor are they easily copied. In addition they are completely unique. Due to its widespread use there are fewer personal issues with the scanning of fingerprints than some other biometric identifiers.
Hand veins
Similar to fingerprints, the lines of the hand may also be used for identification. It is harder to fool than a fingerprint scan, but also slightly less accurate. It is also more vulnerable to changes over time than fingerprints and sometimes harder to tell the difference between the scans of two individuals.
Eye scans
There are two kinds of eye scans, one that scans the retina(blood vessels) and the other that scans the iris(colored part). Both of these share the advantage of scanning an internal organ which is less vulnerable to damage over time. Both suffer from a difficulty in building a database to compare to due to how they have to scan in addition to a lack of public approval for getting their eyes scanned. People associate the technology with something they would see in a movie and pair it will a loss of privacy as is the case in such movies.
DNA scans
DNA is the most accurate way of identifying a person. Nobody, with the exception of identical twins, will have the same DNA. Unfortunately, a sample from someone else will allow a fraudulent person to trick the system. In addition, collecting information for a database to compare scans to would be a major issue, as most people do not want to go in to a government office to have their DNA sampled. This brings up the next issue, because it is so accurate there is would be a massive loss of anonymity which would receive large public backlash.
Ethical Issues Surrounding Biometrics
The Permanence of Biometric Identification
Many forms of biometric data do not expire. While a person's face or voice may change some as they age, for the most part your physical and behavioral characteristics are going to stay the same throughout your life.
With current forms of identification your can, for example, change your password or get a new credit card or driver's licence or passport. For the most part with biometric identification, you can't simply change your information (short of surgery). This posses a large privacy issue. Not only will anonymity be almost impossible in a world were biometric identification is the norm, but identity theft will be every more devastating because one can't simply adopt new identifying data to defeat the thief.
Biometrics as a Means of Discrimination
If a particular biometric can not be measured on a person-- they are missing a finger, for example-- then inherently that person is going to seem more suspicious. Administrators of the system might think: "Sure maybe they have a legitimate reason for not doing the fingerprint ID, but maybe they are trying to bypass the system."
Biometrics systems could be used in small scale discriminatory screening processes such as stores using a biometric ID system to deny business to those found guilty of shoplifting in the past.
Steps to Take to Mitigate Invasion of Privacy
Paraphrased from the IBG BioPrivacy Initiative
- Biometric systems should only be expanded when absolutely necessary.
- Systems should not be expanded without public knowledge.
- Biometric information should not be used as a universal unique identifier.
"Universal unique identifiers facilitate the gathering and collection of personal information from various databases, and can represent a significant threat to privacy if misused." - These systems should not store more information about an individual than is absolutely necessary to verify or identify the individual.
Links and Resources
- Biometrics and Privacy by Roger Clarke
- Who's watching you? by William Abernathy and Lee Tien
- IBG BioPrivacy Initiative
- Biometric News Portal
- Biometrics: Security Boon or Busting Privacy? by Saumya Roy
- Good ol' Wikipedia