|
Introduction
Just as each type of biometric deployment can
have a different impact on privacy, each biometric technology bears a different
relation to privacy. Some technologies have almost no privacy impact, and could
scarcely be used in any privacy-invasive fashion. Other technologies are much
more likely to be associated with privacy-invasive usage, either due to their
core operation or due to extrinsic factors.
The BioPrivacy Technology Risk Ratings
assesses the privacy risks of leading biometric technologies in four key areas:
- Verification/Identification
Technologies
capable of robust identification are rated higher; technologies
that are only
capable of verification are rated lower.
Technologies capable of
operating without user knowledge or consent are rated higher; technologies
that only operate with user consent are rated lower.
Technologies
based on unchanging physiological characteristics are rated higher;
technologies that are based on variable behavioral characteristics are rated lower.
- Availability of Searchable Databases
Technologies for which searchable databases exist (or are likely to exist in
the near future) are more likely to be used in a privacy-invasive fashion
than those for which no databases exist (or are likely to exist in the near
future.
Technologies are rated Low, Medium, and High
in
each of these categories.
The basic
functionality of the technology ensure that there are few if any privacy
issues
- Medium: Potential privacy risk
The
technology could be used in a privacy-invasive fashion, but the range of
potential misuse is limited
- High: Moderate privacy risk
For
certain types of deployments, proper protections should be in place to ensure
that the technology is not misused
| Technology |
Positive
Privacy
Aspects |
Negative
Privacy
Aspects |
BioPrivacy
Technology
Risk Ratings |
| Fingerprint |
·
Can provide different fingers for different systems
· Large variety of vendors with
different templates and algorithms |
· Storage
of images in public sector applications
· Use in forensic applications
· Strong identification capabilities |
Identification: H
Covert: M
Physiological: H
Databases: H
Risk Rating: H |
| Facial
Recognition |
·
Changes in hairstyle, facial hair, position, lighting reduce ability of
technology to match without user compliance |
·
Easily captured without consent or knowledge
· Large number of existing images
can be used for comparison |
Identification: H
Covert: H
Physiological: M
Databases: H
Risk Rating: H |
| Iris
Recognition |
·
Current technology requires high degree of user cooperation - difficult
to acquire image without consent
· Iris images not used in forensic
applications |
·
Very strong identification capabilities
· Development of technology may lead
to covert acquisition capability
· Most iris templates can be
compared against each other - no vendor heterogeneity |
Identification: H
Covert: L
Physiological: H
Databases: L
Risk Rating: H |
| Retina-scan |
·
Requires high degree of user cooperation - image cannot be captured without
consent |
·
Very strong identification capabilities |
Identification: H
Covert: L
Physiological: H Databases: L
Risk Rating: M |
| Voice-scan |
·
Voice is text- dependent: the user must speak the enrollment password to
be verified
· Not capable of identification
usage
|
·
Can be captured without consent or knowledge |
Identification: L
Covert: H
Physiological: L
Databases: L
Risk Rating: M |
|
Dynamic Signature Verification |
·
Signing is largely behavioral - can be modified at will |
·
Signature images can be used to commit fraud |
Identification: L
Covert: L
Physiological: L
Databases: L
Risk Rating: L |
| Keystroke
Dynamics |
·
A highly behavioral characteristic - subject to significant changes |
·
Can be captured without knowledge/consent |
Identification: L
Covert: M
Physiological: L
Databases: L
Risk Rating: L |
|
Hand Geometry |
·
Physiological biometric, but not capable of identification
· Not a palm-scanner, but a measure
of hand structure
· Requires proprietary device |
None |
Identification: L
Covert: L
Physiological: M Databases: L
Risk Rating: L |
By adhering to applicable Best Practices, even those technologies
more capable of being misused - primarily facial-scan and finger-scan - can be deployed in a privacy-protective fashion.
Next: BioPrivacy Best Practices
|