““Lessons for Biometrics from Lessons for Biometrics from SSNs & Identity Fraud”SSNs & Identity Fraud”

Peter P. SwirePeter P. SwireOhio State UniversityOhio State University

National Academy of SciencesNational Academy of SciencesMarch 15, 2005March 15, 2005

OverviewOverview

Theme for today:Theme for today: Learn from SSNs & identity theft problemsLearn from SSNs & identity theft problems ““Don’t release the keys”, in cryptographic Don’t release the keys”, in cryptographic

systems or in biometricssystems or in biometrics Proposal: law to prohibit the selling or sharing of Proposal: law to prohibit the selling or sharing of

individuals’ biometricsindividuals’ biometrics Prevent loss of the keys that breed fraudPrevent loss of the keys that breed fraud

Swire BackgroundSwire Background

Now law professor at Ohio StateNow law professor at Ohio State Teach computer security, privacy, cyberTeach computer security, privacy, cyber Consultant, Morrison & FoersterConsultant, Morrison & Foerster

Was Chief Counselor for Privacy, OMBWas Chief Counselor for Privacy, OMB 1999-early 20011999-early 2001 Worked to fund CSTB study on authentication Worked to fund CSTB study on authentication

and privacy; discussed biometric studyand privacy; discussed biometric study

Problems with SSNsProblems with SSNs Technically weak identifierTechnically weak identifier

No check sumNo check sum Easy to fake or to stealEasy to fake or to steal

Uses have spread dramatically over timeUses have spread dramatically over time Despite earlier promises to use only for Despite earlier promises to use only for

federal programsfederal programs Nonetheless, SSN is now the “key” information Nonetheless, SSN is now the “key” information

that gives access to credit system and that gives access to credit system and authoritative credentialsauthoritative credentials

ChoicePoint incident & data compromised for at ChoicePoint incident & data compromised for at least 145,000 personsleast 145,000 persons

Algorithms and KeysAlgorithms and Keys Modern cryptoModern crypto

Kerchkoff’s law and assume the algorithm Kerchkoff’s law and assume the algorithm should be publicshould be public

Keep the key/password secretKeep the key/password secret If the key is copied/compromised, the system is If the key is copied/compromised, the system is

wide openwide open Especially for online/remote applicationsEspecially for online/remote applications Also for fake drivers licenseAlso for fake drivers license

““A Model for When Disclosure Helps Security: A Model for When Disclosure Helps Security: What Is Different About Computer and Network What Is Different About Computer and Network Security?”, at www.ssrn.comSecurity?”, at www.ssrn.com

How to Prevent Loss of KeysHow to Prevent Loss of Keys

For SSNs, perhaps law this year For SSNs, perhaps law this year prohibiting “sale or display” of SSNsprohibiting “sale or display” of SSNs Goal of enhancing the security of the “keys”Goal of enhancing the security of the “keys”

For biometrics, why not have a law For biometrics, why not have a law prohibiting the “sale or display” of plaintext prohibiting the “sale or display” of plaintext of biometrics?of biometrics? Goal of enhancing the security of the “keys”Goal of enhancing the security of the “keys”

Benefits of the No Display LawBenefits of the No Display Law

Prophylactic rule, before have commercial Prophylactic rule, before have commercial enterprises who depend on the sale or displayenterprises who depend on the sale or display

Keep the keys more secure from the startKeep the keys more secure from the start Bad enough to get a new SSNBad enough to get a new SSN

Much harder to get a new finger, iris, etc.Much harder to get a new finger, iris, etc. Encourage encryption in storage and use of Encourage encryption in storage and use of

images of fingerprints, etc.images of fingerprints, etc. [Interlude – best practice should be encrypt biometrics [Interlude – best practice should be encrypt biometrics

in storage]in storage]

Exceptions to the LawExceptions to the Law

PhotosPhotos ManyMany non-security uses of photos non-security uses of photos Faces are seen in publicFaces are seen in public

DNA samplesDNA samples When is transfer appropriate for medical When is transfer appropriate for medical

treatment or research?treatment or research? Burden on others to explain why the Burden on others to explain why the

biometric “keys” should be made publicbiometric “keys” should be made public

ConclusionConclusion

One-time opportunity for society to protect One-time opportunity for society to protect biometric keys before they are compromisedbiometric keys before they are compromised

Let those who think display or sale is good Let those who think display or sale is good explain precisely why, and craft exceptionsexplain precisely why, and craft exceptions

Without clear law, we will see proliferation of Without clear law, we will see proliferation of disclosures, in insecure applicationsdisclosures, in insecure applications

Without encryption, will have data leaksWithout encryption, will have data leaks If so, biometrics could become a failed If so, biometrics could become a failed

approach, like SSNs todayapproach, like SSNs today