assume someone else's unique identity. It is a way of providing the same kind of security in the virtual neighborhood that we once had in rooted neighborhoods, where the uniqueness of individual identity was assured by neighbors authenticating each other through facial recognition.
We have to expect that people will see us when we are in public and that our open public acts will be just that. But we have to worry that, in an anonymous world without authenticated identity, privacy will be violated when others can assume our identifying characteristics and take control of transactions and interactions outside the home that are indeed personal and unique to us. This is a threat to the sphere of privacy we take with us outside our homes, including not only our interest in maintaining control of our names and reputations, but also of transactions and records that are highly confidential to us. Authenticated identity can address this threat, as well as the threat posed to society by strangers exploiting the vulnerability of anonymity to assume false identity.
Mark A. Shiffrin, a lawyer, is a former Connecticut state consumer protection commissioner.
Avi Silberschatz is Sidney J. Weinberg Professor and Chair of Computer Science at Yale.
Related news, commentary, and predictions:
- Mark A. Shiffrin and Avi Silberschatz: Making Wikipedia available anytime, anywhere
- Fred Wilson: Facebook and The Privacy Backlash
- News: Facebook beefs up privacy options, readies online chat
- News: Privacy advocate, ACLU hit new Virginia privacy law
Note: Anonymous comments on The Industry Standard are disabled. To leave a comment and participate in the Standard's prediction market, please register first.
Comments
It is said, a combination of What you have (a smart card), what you know (a PIN) and what you are (biometric - fingerprint, iris, palm vein, etc.) with adequate security gives unique identity to every person and every transaction, thereby making it tamper proof.
The transactions can be stored in a central server and cannot be accessed by any unauthorized person if proper security measures are built-in. The individual can have a complete record of transactions in his/her smart card and is fool proof as it is done using biometric and PIN.
This can give the necessary anonymity and yet full security against repudiation.
The authors describe biometric authentication as an "emerging technology" and repeat the all-too-common presumption that it "makes it virtually impossible to assume someone else's unique identity".
The word “unique” is bandied about far too casually in biometric discussions. Typical biometric products have False Detect Rates and False Reject Rates of 1 or 2 percent. How can these technologies relate to "unique" characteristics on the one hand (or be “virtually impossible” to spoof), and yet suffer one-in-a-hundred errors on the other?
Fundamentally, neither the voice nor the face are unique to an individual. Nor indeed are fingerprints. See Simon Cole: "Although conventional wisdom since the nineteenth century has accepted the doctrine that no two fingerprints are alike, no one has really proven the proposition's validity." Ref: The Myth of Fingerprints: A forensic science stands trial, Simon Cole, Lingua Franca 10(8) pp 54-62, 2000; http://fp.bio.utk.edu/evo-eco/resources-this_semester/Cole-fingerprints.....
Even if a given bodily trait is close to unique, we need to remember that all biometric systems involve measurement and information processing stages all of which are imprecise and fallible. The impact of measurement is clearest in the case of iris scanning. The proponents of iris recognition like to claim that the probability of two individuals' irises being the same is one in ten to the power of seventy eight. The denominator is truly a fantastic number -- much bigger than the number of atoms in the universe. But in practice, false match rates with iris technology can be 0.001%. Sounds pretty good but it is literally ten million million million million million million million million million million million million times worse than implied by the vendor's claim.
So before we entertain policy recommendations that would seek to protect privacy on the basis of the supposed perfection of biometrics, we should take great care to understand their limitations. The privacy intrusions that are bound to arise when innocent people are flagged by a supposedly perfect technology as being suspect will be enormous. Biometrics are indeed an "emerging technology". It should strike us all as very strange and worrying that national scale security projects with huge societal impacts are being touted on the basis of immature solutions that even on cursory examination fall so far short of expectations.
The authors spend a lot of time trying (poorly IMO) to disentangle privacy and anonymity. And then somehow this is supposed to support the need for biometrics? Perhaps I'm missing the point, but I think everyone will grant the need for robust authentication of identity. If their point is to support biometrics, their timewould be better used addressing the shortcomings of that approach. Stephen Wilson's comment points out one major problem--that as a practical matter biometrics does not yet work well. However there is a greater problem with biometrics--once your biometric identity *has* been compromised, there is no way to change it. If my password (what I know) is learned or my PKI token (what I have) lost, those can be revoked and replaced. If someone finds a way to forge my biometric identity for a given biometric authentication implementation, what can I do about that? What I am is a dangerous means of authentication.
Post new comment