Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The Growing Adoption of Biometric Technology
Does it protect our privacy as well as it protects our devices’
security?
v
2
AMALIA BARTHELIndependent Privacy and
IT Risk Consulting
Canada
Moderator
v
3
Panelists
Cybersecurity consultant, PECB Trainerand head of Information Security Strategy
and Governance Practice at COMPLEOTECHFrance
VINCENZO TIANIPartner at Panetta & Associati Law Firm,
Adjunct Professor, IULM UniversityItaly
ED VAN DIJKIT Security Trainer and Consultant
The Netherlands
FOOK HWA TANChief Quality Officer
The Netherlands
ARTHUR DONKERSSecurity AdvisorThe Netherlands
TARIK OUBEJJA
4
Biometry
Ask yourself this…
5
What Are All the Bio-Identifiers?
• Most used identifiers: fingerprint, facial recognition• Other identifiers: eye retina (retinal scans), voice recognition,
heartbeat• Digital Identity Management – Digital signatures• These are unique to each one of us• These identifiers are part of us!
6
Using Bio-Identifiers
• How comfortable is the general public with the technology using biometrics?• Isn’t technology leading and regulation following?
• Example 1: SAFARI case (France) • Centralized storage of personal data
• Example 2: People agree that their private information (bank account, sport scores, favorite food, appointments at the doctor’s, etc.) is hosted on different kinds of devices, and processed on different information systems. • How biometric systems work? (basic architecture) • Cloud computing and biometrics
7
Legal Considerations
• US: Illinois (BIPA), Texas, Washington (state) have enacted specific biometric laws.
• EU – GDPR – special categories of data (Art. 9)• Are biometrics considered medical information? No!
• Art. 4 (1) “Personal data are any information which are related to an identified or identifiable natural person.”
• Art. 4 (14) “Biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.”
8
Problems Solved (Were they really?)
• Introduced initially for identity verification – strengthening passwords (multifactor authentication)
• Biometric encryption
• Voice recognition: Introduced initially for speed of processing and currently used for transcripts from video calls
• Banks/Telecoms are starting to introduce authentication by voice.
9
Problems Solved (Were they really?)
• Facial recognition – The good, the bad, and the ugly• Where you have an option• Where it is used to control people
• Masked faces – How does the facial recognition work?• Apparently there are already algorithms taking care of that.
10
Whom Do We Trust?
• Is the general public comfortable to give their bio-identifiers to the government?• Does the public have sufficient information and knowledge?
• What about Apple, Google, Facebook? Other platforms – in exchange for new services, faster use, or better service?
• What are we willing to sacrifice?• Again: Do we have the knowledge?
• At what price?• Is our consent given freely? (GDPR)
• GDPR Art. 9?
11
Problems Introduced
• Compliance with various privacy laws• Cybersecurity challenges• Cloud computing & using various devices (by the same person)• Mobile applications
How securely are these biometrics stored? Acceptable uses? How do we know “other uses”?
12
The Cost of Innovation
• Privacy and Security by Design? (at what cost?)
vs.
• Big Tech – geographic and cultural differences• Will innovation ensure build-in privacy and security requirements?• What about ethics?
13
Understanding and Executing on Individual Rights
• Data deletion
• Bio-identifiers on backups• Stop processing • Data retention at record level (by business purpose not data type)
• Requests to release this information to a data subject
14
Hacking Biometric Data
• What happens when biometric data is hacked:• Examples of attacks (presentation, replay, sensor or direct attacks, etc.)
• You cannot change your biometrics.
• Will it compromise other systems?
• Do you want to store your fingerprints @Google or FB?
• Metadata (combining data from different sources/relations)
• How easy/hard is it (maternal twins)?• (What about static and dynamic authentication in enhancing biometrics
security?)
15
Looking into the Future
• Other biometrics that may be utilized:• Gait• Palm prints• Genetic traits• Heart beat/rhythm• Brain wave patterns• Psychological profiling
• Introducing AI and Big Data in the mix – What will it look like?• Legal framework – Is it adequate?