Embed Size (px)
Citation preview
www.ipc.on.ca
Biometrics and The Privacy Paradox
Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario
Privacy & Identity:
The Promise & Perils of the Technological Age
DePaul University, Chicago
October 14, 2004
www.ipc.on.ca
Privacy – What are the Issues?
Expanded surveillance
Diminished oversight
Absence of knowledge/consent
Loss of control
www.ipc.on.ca
Privacy Defined
Informational Privacy: Data Protection
Personal control over the collection, use and disclosure of any recorded information about an identifiable individual
An organisation’s responsibility for data protection and safeguarding personal information in its custody or control
www.ipc.on.ca
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
1. Collection Limitation Principle 2. Data Quality Principle 3. Purpose Specification Principle 4. Use Limitation Principle 5. Security Safeguards Principle 6. Openness Principle 7. Individual Participation Principle 8. Accountability Principle
www.ipc.on.ca
Growth of Biometrics
U.S. Border Security Enhancement Act
International Civil Aviation Organization approved facial recognition for travel documents
EU to implement biometrics in passports and visas
CANPASS and INSPASS programs
AAMVA Unique Identifier Working Group
www.ipc.on.ca
The Myth of Accuracy
The problem with large databases containing thousands (or millions) of biometric templates:
False positives
False negatives
www.ipc.on.ca
Biometric Applications
Identification:one-to-many comparison
Authentication:one-to-one comparison
www.ipc.on.ca
Biometric Identification: False Positive Challenge
Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive.
Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing
Committee on Citizenship and Immigration, November 4, 2003
http://www.ipc.on.ca/docs/110403ac-e.pdf
www.ipc.on.ca
Biometric Identification
False Negative Challenge:
Attackers could fool the system
Pay-offs high for compromising the system
Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerably
www.ipc.on.ca
Biometric Strength: Authentication
The strength of one-to-one matches Authentication/verification does not require
the central storage of templates
Biometrics can be stored locally, not centrally – on a smart card, passport, travel document, etc.
www.ipc.on.ca
Designing Privacy Into Biometrics
The Privacy Challenges:
Central template databases
Unacceptable error rates
Unrelated secondary uses
www.ipc.on.ca
Facial Recognition: the Dream
“ Khalid Al-Midhar came to the attention of federal law enforcement about a year ago. As the Saudi Arabian strolled into a meeting with some of Osama bin Laden’s lieutenants at a hotel in Kuala Lumpur in December 1999, he was videotaped by a Malaysian surveillance team. The tape was turned over to U.S. intelligence officials and, after several months, Al-Midhar’s name was put on the Immigration and Naturalization Service’s “watch list” of potential terrorists. … The videotape of Al-Midhar also could have been helpful. Using biometric profiling, it would have been possible to make a precise digital map of his face. This data could have been hooked up to airport surveillance cameras. When the cameras captured Al-Midhar, an alarm would have sounded, allowing cops to take him into custody.”
- Business Week, Sept. 13, 2001, p. 39
www.ipc.on.ca
Facial Recognition: the Reality
Test results in place show less than stellar results- Logan Airport pilot had a 50% error rate in real world conditions- U.S. State Department has stated that facial recognition has
“unacceptably high error rates”- U of Ottawa tests this summer resulted in accuracy rates between
75% to more than 90%- National Institute for Standards and Technology, under ‘ideal lighting
and controlled environment conditions’ reported 90% accuracy- Superbowl facial recognition no longer considered ‘useful’ by
subsequent Superbowl organizers
“Biometrics Benched for Super Bowl” By Randy Dotinga,
Wired Magazine
www.ipc.on.ca
Comparison of Accuracy Rates
NIST Studies show for single biometrics:
Facial recognition:- 71.5% true accept @ 0.01 false accept rate
- 90.3% true accept @ 1.0% false accept rate
Fingerprint:- 99.4% true accept @ 0.01% false accept rate
- 99.9% true accept @ 1.0% false accept rate
www.ipc.on.ca
Facial Recognition and Privacy Research
Confounding Facial Recognition systems: Creating visual noise through:
- Disguises, obstructions, light sources, face paint Objective:
- Creating a framework for facial recognition countermeasures
Results:
- Research by James Alexander, U. Pennsylvania
www.ipc.on.ca
Biometrics Can BePrivacy-Enhancing, if they:
1. Have privacy hard-wired into the deployed technology
2. Authenticate personal credentials without necessarily revealing identity
3. Do not facilitate surveillance or tracking of an individual’s activities – avoid the use of template-based central databases
4. Put control of the biometric in the hands of the individual
5. Provide excellent security without compromising privacy
www.ipc.on.ca
Final Thoughts on Biometrics
Current off-the-shelf biometrics permit the secondary uses of personal information
The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy”
Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption
– Dr. George Tomko
www.ipc.on.ca
“I am not a number, I am a human being.
I will not be filed, stamped, indexed or numbered.
My life is my own.”
The Prisoner TV series, 1968
“I am not a number,I am a free man”
www.ipc.on.ca
How to Contact Us
Ann Cavoukian, Ph.D.Information & Privacy Commissioner of Ontario80 Bloor Street West, Suite 1700Toronto, Ontario, Canada M5S 2V1
Phone: (416) 326-3333
Web: www.ipc.on.ca
E-mail: [email protected]
