Benefits & Risks of using Biometric ID’s

The use of biometric data is the latest suggested improvement in securing our identities and transactions. It’s used for example with our passports when travelling outside of Australia, by the ATO and Services Australia (CentreLink), as a feature on many mobile devices, and to access laptops/PC’s.

The biometrics in common use include voice recognition, finger print scanning, and facial recognition, (FR). In difference to a pin or pass phrase which can be changed, biometric data which also includes DNA are fixed.

The OVIC (Office of the Victorian Information Commissioner) has released a discussion paper on the use of biometrics. It suggests there are legislative gaps considering how biometric data is saved and potentially used. In particular FR data which can be acquired and used without agreement of the owner. Further comment includes once a biometric identifier is compromised it cannot be reset like a pin or pass phrase.

How do others see the use of biometrics for ID?

  • as an improvement to security of personal information,
  • of greater benefit to third parties than the individual,
  • more convenient than a pass phrase or pin
  • still dependant on digital security, IE only as secure as the systems that store the biometrics and capture the biometrics

Several of the examples of how biometrics are now being used include instances where opting out is not practical or possible. Choice took on concerns with the use of FR by several large retail chains. It’s just one example that asks whether the use of personal biometric data is adequately regulated and controlled in other consumer settings.

3 Likes

Interesting that the Office of the Victorian Information Commissioner raises some issues with the use of biometric data, and in particular, facial recognition, when one of the largest users of this technology by far is the Victorian Government and their police force.

1 Like

The OVIC was in particular concerned about how businesses might collect FR and use it ways to advantage the business or on sell services.

Whether as individuals we accept how governments including all levels from the Commonwealth down use FR, any use by government is more a political issue than specific to services and products we use as consumers.

One of my key takes from the paper is we should not come to rely on biometric recognition alone to authenticate for services or payments. It’s also suggested it’s not evident whether key biometric data in each instance it is used is adequately secured against loss or fraudulent use, (within the limits of the current available technologies).

1 Like

My understanding is that this was a requirement of the US, for continuing visa-less entry the favoured nation(s) must use biometrics in passports. (This is from several years ago, and I am happy to be corrected.)

The US of course has had its own problems with biometrics, when its Office for Personnel Management managed to lose control of at least 5.6 million fingerprints of federal employees!

Don’t store raw biometric data, people - treat it like passwords and secure it properly! Oh, and make sure access is only provided on an absolute ‘need-to-know’ basis and not to the entire database.

2 Likes

No. I see essentially all risks and no benefits.

Yes, that’s probably the only benefit, in a classic security–convenience trade-off.


It’s bad for authentication because it can’t be changed. Once compromised, it is compromised forever.

It’s bad for authentication because it is effectively forcing you to use the same “password” across multiple sites, which is something we are told not to do.

It is also weak in a coercive situation i.e. where the user is physically forced to unlock whatever is locked using biometrics. (A token, the second factor, is best in a coercive situation.) In the case of fingerprints it may even be possible to unlock after you are dead.

(Conversely, this also raises questions for your executor e.g. if you locked something using a voiceprint or using robust facial recognition, it may be impossible to unlock after you are dead - although I guess that may be intentional on the part of the deceased.)

The owner of a mobile device may voluntarily decide to use e.g. facial recognition to unlock the device. Even then it raises the question as to whether predatory companies like Google and Apple may siphon off a copy of the biometric id used, and potentially store it outside of Australia and beyond the reach of (some) Australian law.

And of course there’s “agreement” and then there’s “agreement”.

If all banks got together and said that they were introducing 3FA for greater security, requiring some kind of biometric id in addition to passphrase and token (or the government compelled the banks to act in that way) … it could hardly be said that all bank customers agreed to that.

If the agreement is hidden in 40 pages of fine print legalese, it could hardly be said that customers agreed to that.

Yes, the ATO has been doing voiceprint for many years. So far it has always been optional and so far I have always chosen to skip that.

2 Likes

PS I wonder also whether either facial recognition or voiceprint are reliable over the lifetime of a person? of an adult? It seems to me that there could be a risk that the ageing process, or some misadventure, locks you out of your own locked item.

PPS Facial recognition is obviously fairly dodgy in the sense that there are literally hundreds of copies of your “password” created every year, from every security camera that captures your face.

1 Like

How much detail do those copies capture and is it sufficient to compromise the code? It’s a challenging question. Allowing for our human eye and brain to be the judge, how reliably can we identify people we know in a crowd?

For Apple and others is the acid test the capability to distinguish between identical twins? And if we were wondering identical twins apparently do not have identical DNA.

1 Like

Another complication are the individuals who are a chimera, a sample from one area of their tissue is not necessarily the same as from another.

I once worked with a fellow who had one brown eye and one blue, “he” was actually two non-identical brothers he had been told.

1 Like

Definitely a fair question. Obviously if there’s money to be made then the level of detail captured will increase.

I could be wandering around the city, wearing tech like the Google Glass and capturing faces at close range.

Even so, it seems unlikely that you would want to grant Border Security the unfettered right to unlock your iPhone (and by “Border Security” I mean whoever runs the up-close facial scanners at the airport that are used to validate passports). etc. etc. etc.

1 Like

Before I go on a rant, my understanding is that Apple makes sure you are alive/your face is moving when using facial recognition to unlock iDevices. In fact, it also uses depth of field information that would not appear in a photo.

Now for the rant: better be careful which borders you cross. US Border Security has the right to demand that you unlock your device. My understanding is:

  • If you are a US citizen then you can say no - at which point they take your device into another room and copy all of the data it contains. I have no idea whether they have the ability to decrypt that data, but if anyone does…
  • If you are not a US citizen, then you can get back on that plane if you refuse to unlock your device when asked.

No idea whether Australian officials are able to do the same thing, but I seem to recall them getting in trouble recently for not using their search powers appropriately. Obviously you would need to check whatever country you are visiting, but if I wanted to travel outside Australia I would take a burner phone.

2 Likes

Yes, robust facial recognition for authentication has “liveness detection” - so you can’t just use a photo to unlock. Obviously though, when you are submitting to the passport validation, you are alive.

Regarding depth of field, smartphones are already coming with multiple cameras. It should be assumed that it is only a matter of a little time before that is widely available.

Not all facial recognition for authentication is necessarily robust in this way.

However it is worse than that. Let’s say I take your comments to heart and I therefore choose to leave all my mobile phones at home when I cross borders (thereby completely avoiding the problem you mention). In the process they are all capturing my live 3D face. Later on, they can use that to unlock phones / log in to others of my accounts - anything that I am silly enough to lock with my face.

1 Like

You’re fine as long as you’re wearing your Juggalo face.

Oh, wait - depth perception facial recognition is not affected by that :frowning: .

1 Like

Another situation where people might have more than one DNA: Getting a bone marrow transplant could give you new DNA, too | Medical Xpress.

You’d expect the recipient’s blood to have the donor’s DNA after a bone marrow transplant. Apparently it can find its way into body cells other than blood as well.

“Research has found indications of donor DNA in nail cells and urine. Still other studies have suggested donor DNA migrating into the epithelial cells that line the mouth and other cavities and organs.”

1 Like

Recent experience with a new mobile device suggests the FR at that level is imperfect. Over a number of weeks it became less reliable. Sometimes it may have been the viewing angle for the camera. On others face apparel (different glasses), head wear etc seemed to confuse the system. I also suspected glare and reflection when near a window. The best may have been not shaving for a number of days.

Ultimately I turned it off, having never used it for any other purpose. For every time it did not work there were another 3-4 times it unlocked prematurely and without notice. I assume Apple and others are promoting the convenience of never having to think about unlocking your device. It’s always seamlessly there. Unfortunately some other features enabled by default don’t require any biometrics or pin to become active. A different biometric that assumes the human presence is you!

If face recognition systems had thermal infrared face recognition (TIR) that can also compare the person’s facial vascular structure (which is unique to the person) with a stored biometric, they should be much more difficult to fool.

I tried face unlock several years ago, but discarded it as unworkable when I found that (if it worked at all) it tended to unlock whenever it caught a glimpse of something it thought was my face, rather than - or sometimes instead of! - when I actually wanted it to unlock.

Sounds like that hasn’t improved. :slightly_frowning_face:

My phone recognised me with and without beard, but not while lying down and without my glasses (having just awoken).

My understanding is that Apple also uses depth recognition.

And for the record, my several generations old Apple phone has not to my knowledge unlocked without my face being in its face (so to speak).

1 Like

I wonder how that would go if you have a melanoma (or BSC or SCC) removed, or similar facial surgery (say jaw surgery or smashed cheekbone reconstruction) and the vascular structure is changed over a significant section of your face…

“If……” has been a shared concern for some time.

What if you have an accident and loose your memory? Your pin or password carefully committed to mind and following the bank instructions never written down would also fail.

What if one was injured in an accident or conflict and lost the use of the writing hand?

How reliable was the original biometric, ones signature, or your mark testified to by another? Those of importance (more symbolically today) relied on a seal or embossed tool. Supposedly unique, but in many ways like modern digital keys. The protection afforded at best the difficulty or cost of reproducing one.

1 Like

What this means is that you mustn’t rely on just one method of identification. Biometric characteristics can be changed by trauma / surgery. PINs and passwords can be forgotten. Etc.

There has to be a fallback in case the ID method fails.

2 Likes

Back in the 80s, when we still used cheques routinely, I had an accident which, inter alia, resulted in my right hand being more or less unusable for ~18 months. To pay bills by cheque, I learned to write left handed, and “forged” my own signature, although surprisingly, it was pretty close at the first attempt - just slightly sloppy. The style was the same.

Banks, and any other institution that have genuine need for multi-point verification systems must have a mechanism for people to reset in the case of compromised data. Fallback is a fundamental business concept.

In the early 90s, I was in Hawaii for a business conference. I know, life’s tough. I went to withdraw some $US from an ATM via the new whizz-bang international transfer via your credit card from your savings bank facility. The ATM came back with a message “Please dial 1-800 etc for this transaction.” Great. Out of money in the US, the last place in the world you want that to happen. I dialed the number. The operator explained that they’d had a storm take out their primary data centre, and their backup data centre - in another state - had just been bombed.Then, she asked where are you? I told her Honolulu. Where exactlly? I gave the address of the phone box…She looked up a facility near where I was, and authorised a counter cheque (or "check in America) to be cashed for $100 to tide me over until one of their data centres came back online. i.e. They had thought through a plan C fix in advance, and trained their staff accordingly. I was impressed.

It should be the standard level of service rather than the exception.

5 Likes