The authors spend a lot of time trying (poorly IMO) to disentangle privacy and anonymity. And then somehow this is supposed to support the need for biometrics? Perhaps I'm missing the point, but I think everyone will grant the need for robust authentication of identity. If their point is to support biometrics, their timewould be better used addressing the shortcomings of that approach. Stephen Wilson's comment points out one major problem--that as a practical matter biometrics does not yet work well. However there is a greater problem with biometrics--once your biometric identity *has* been compromised, there is no way to change it. If my password (what I know) is learned or my PKI token (what I have) lost, those can be revoked and replaced. If someone finds a way to forge my biometric identity for a given biometric authentication implementation, what can I do about that? What I am is a dangerous means of authentication.
The authors spend a lot of time trying (poorly IMO) to disentangle privacy and anonymity. And then somehow this is supposed to support the need for biometrics? Perhaps I'm missing the point, but I think everyone will grant the need for robust authentication of identity. If their point is to support biometrics, their timewould be better used addressing the shortcomings of that approach. Stephen Wilson's comment points out one major problem--that as a practical matter biometrics does not yet work well. However there is a greater problem with biometrics--once your biometric identity *has* been compromised, there is no way to change it. If my password (what I know) is learned or my PKI token (what I have) lost, those can be revoked and replaced. If someone finds a way to forge my biometric identity for a given biometric authentication implementation, what can I do about that? What I am is a dangerous means of authentication.