-
The Growing Adoption of Biometric Technology
Does it protect our privacy as well as it protects our
devices’
security?
-
v
2
AMALIA BARTHELIndependent Privacy and
IT Risk Consulting
Canada
Moderator
-
v
3
Panelists
Cybersecurity consultant, PECB Trainerand head of Information
Security Strategy
and Governance Practice at COMPLEOTECHFrance
VINCENZO TIANIPartner at Panetta & Associati Law Firm,
Adjunct Professor, IULM UniversityItaly
ED VAN DIJKIT Security Trainer and Consultant
The Netherlands
FOOK HWA TANChief Quality Officer
The Netherlands
ARTHUR DONKERSSecurity AdvisorThe Netherlands
TARIK OUBEJJA
-
4
Biometry
Ask yourself this…
-
5
What Are All the Bio-Identifiers?
• Most used identifiers: fingerprint, facial recognition• Other
identifiers: eye retina (retinal scans), voice recognition,
heartbeat• Digital Identity Management – Digital signatures•
These are unique to each one of us• These identifiers are part of
us!
-
6
Using Bio-Identifiers
• How comfortable is the general public with the technology
using biometrics?• Isn’t technology leading and regulation
following?
• Example 1: SAFARI case (France) • Centralized storage of
personal data
• Example 2: People agree that their private information (bank
account, sport scores, favorite food, appointments at the doctor’s,
etc.) is hosted on different kinds of devices, and processed on
different information systems. • How biometric systems work? (basic
architecture) • Cloud computing and biometrics
-
7
Legal Considerations
• US: Illinois (BIPA), Texas, Washington (state) have enacted
specific biometric laws.
• EU – GDPR – special categories of data (Art. 9)• Are
biometrics considered medical information? No!
• Art. 4 (1) “Personal data are any information which are
related to an identified or identifiable natural person.”
• Art. 4 (14) “Biometric data’ means personal data resulting
from specific technical processing relating to the physical,
physiological or behavioural characteristics of a natural person,
which allow or confirm the unique identification of that natural
person, such as facial images or dactyloscopic data.”
-
8
Problems Solved (Were they really?)
• Introduced initially for identity verification – strengthening
passwords (multifactor authentication)
• Biometric encryption
• Voice recognition: Introduced initially for speed of
processing and currently used for transcripts from video calls
• Banks/Telecoms are starting to introduce authentication by
voice.
-
9
Problems Solved (Were they really?)
• Facial recognition – The good, the bad, and the ugly• Where
you have an option• Where it is used to control people
• Masked faces – How does the facial recognition work?•
Apparently there are already algorithms taking care of that.
-
10
Whom Do We Trust?
• Is the general public comfortable to give their
bio-identifiers to the government?• Does the public have sufficient
information and knowledge?
• What about Apple, Google, Facebook? Other platforms – in
exchange for new services, faster use, or better service?
• What are we willing to sacrifice?• Again: Do we have the
knowledge?
• At what price?• Is our consent given freely? (GDPR)
• GDPR Art. 9?
-
11
Problems Introduced
• Compliance with various privacy laws• Cybersecurity
challenges• Cloud computing & using various devices (by the
same person)• Mobile applications
How securely are these biometrics stored? Acceptable uses? How
do we know “other uses”?
-
12
The Cost of Innovation
• Privacy and Security by Design? (at what cost?)
vs.
• Big Tech – geographic and cultural differences• Will
innovation ensure build-in privacy and security requirements?• What
about ethics?
-
13
Understanding and Executing on Individual Rights
• Data deletion
• Bio-identifiers on backups• Stop processing • Data retention
at record level (by business purpose not data type)
• Requests to release this information to a data subject
-
14
Hacking Biometric Data
• What happens when biometric data is hacked:• Examples of
attacks (presentation, replay, sensor or direct attacks, etc.)
• You cannot change your biometrics.
• Will it compromise other systems?
• Do you want to store your fingerprints @Google or FB?
• Metadata (combining data from different sources/relations)
• How easy/hard is it (maternal twins)?• (What about static and
dynamic authentication in enhancing biometrics
security?)
-
15
Looking into the Future
• Other biometrics that may be utilized:• Gait• Palm prints•
Genetic traits• Heart beat/rhythm• Brain wave patterns•
Psychological profiling
• Introducing AI and Big Data in the mix – What will it look
like?• Legal framework – Is it adequate?
