Error with Biometric devices: - Duke Computer Science



Christine Chang

Melissa Fernley

Katie Fike

Tracy Ke

Lauren Ostendorf

Julia Stolberg

Debate on Biometric Technology: Opposing Team

Errors with Biometric Devices

False Positive: innocent people are wrongly identified

False Negative: criminals/terrorists evade detection

Failure to Enroll: particular biometric technology is unable to read the

characteristics of a given person for various reasons

System is effective only under exact circumstances

If the surveillance photo is taken outdoors and the mug shot shows the face in 45 degrees, the failure to match rate is 80% for a typical automated system

Even varying illumination based on the color of clothing creates a 40% chance that the system will not match the subject to a stored photograph

If a photo had been taken of a non-disguised Osama bin Laden entering an airport, bin Laden would have about a 60% chance of being identified with a facial recognition system

The Bellagio Casino in Las Vegas, Nevada uses facial recognition to match people to a photo database of known card cheats, but it must wait until the subject actually looks up from their cards to recognize their face

Facial Recognition Flaws

Falsely identify about 1/1,000 individuals

In search for particular suspect, 1/100 people would be tagged by the system for a false positive match to suspect, regardless of the size of the databas

Government trials have found that the biometrics of bald, black, elderly and disabled people have a higher chance of being incorrectly matched against their true ID

People with eye problems have a relatively high chance of inaccurate identification

( Accident victims risk failing biometric scans if their physical characteristics change

( Identical twins can be incorrectly identified because they look too similar

Biometric technologies are helpful as investigative tools, but are by no means automatic systems – the photo must be full face and there must be adequate staff to match the photo with the target photo in the database

Fingerprint Recognition Flaws

(Falsely identify about 1/100,000 individuals

(Fingerprints change significantly over a six week interval and are subject to environmental degradation

(Older people and children produce much less distinct fingerprints, which contributes to a higher "failure to enroll rate" for these groups

Fingerprints can be easily damaged either accidentally or on purpose through the use of caustic chemicals

Manual laborers, pianists, guitarists and people who type a lot can fail scans because their fingerprints are worn down

Biometric inputs can easily be manipulated/misread due to:

( Skin putty

( Laser eye surgery

Mirrored sunglasses

Poor lighting

Air Conditioning levels

Weather conditions

Biometric Technology : a Violation of The Right To Privacy

The 4th Amendment of the United States Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” ().

Technological Violation of Rights

The 4th amendment guarantees a basic freedom from invasion of both personal information and belongings. Biometric technology constitutes a violation of an individual’s control over one’s own personal information.

Biometric technology allows for personal information to be shared not only for government use, but for private use as well. Biometric technology could result in privacy infringements not only by the government, but also by the corporate world.

First Amendment of the Constitution

The First Amendment of the United States Constitution States: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances” ().

Privacy in the Constitution

The 14th Amendment: “Section 1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the state wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws”(Legal Information Institute, Cornell U).

1st Amendment Concerns

Biometric technology could easily be used to keep a record of an individual’s attendance at events like political protests, rallies or meetings.

Biometric technology could lead to the development of blacklists.

Biometric technology could lead to the development of tracking systems.

Biometric technology could be used to identify individuals as “government” or “party” enemies.

Would you want to attend a rally if you knew you were going to be monitored from that point on?

Additional Laws Related to Biometrics

THE PRIVACY ACT OF 1974

The government cannot disclose personal information without authorization, and individuals can review and correct their information, and must be informed of disclosures of information (Legal Information Institute, Cornell U).

THE FREEDOM OF INFORMATION ACT

Database (m-) - a large collection of data organized especially for rapid search and retrieval (as by a computer)

1) Databases have a high economic cost

• requires expensive equipment, more electricity, maintenance

2) Databases are slow

• even current forensic databases take considerable time to match fingerprints

• wide-scale application (such as homeland security) is currently not realistic

3) A database relies on the first entry of information to create itself. If that information is forged or flawed, that individual’s biometric data is tainted.

4) Biometric databases only record identifying information. They can not reveal a terrorist unless they have a previous record.

5) Access to the database may use an insecure system, allowing for Trojan software or viruses to steal or tamper with data.

6) When traveling, biometric information will enter the databases of foreign countries, whose privacy laws and human rights protections are often questionable.

7) There is an incredibly high cost if the security of biometric information is compromised.

Once someone has information that is entirely unique to you, you have no way of preventing its unauthorized use. You can’t replace your retina like you can replace a credit card!

An Example of Biometric Database Insecurity:

ChoicePoint is a company that "provides" data to government and insurances and banks.

According to the choice point privacy policy:ChoicePoint now only provides personal information (such as Social Security numbers and driver's license numbers) under three circumstances:

1)The product supports consumer-driven transactions (examples include insurance, mortgage lending, and financial institutions);

2)The product provides authentication or fraud prevention tools to large accredited corporate clients (examples include insurance companies, banks, or mortgage companies) to verify identities of individuals who are coming to them as part of a consumer-initiated transaction; or

3)When personally identifiable information is needed to assist federal, state or local government and criminal justice agencies in their important missions.

This is greatly dependent on whether the ChoicePoint employees in these circumstances have the integrity not to misuse this information.

* Not all companies get rid of your fingerprint after the use it for identification. BioPay for example, stores it within its company.

* Companies being acquired by biometric companies have previously experienced security breaches. CardSystems has been breached before, and is now unfortunately being acquired by Pay By Touch, a biometric system that includes letting people pay with their fingerprints.

* Data Companies’ definition of “sensitive” information does not necessarily match up with what normal people would classify as “sensitive.” For example, LexisNexis disseminates Social Security and Driver’s License numbers freely if those numbers have previously appeared in public records.

* ChoicePoint has had a history of holding incorrect data!

Sources







nosilvbullet.DTL

























................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download