What do I need to consider before introducing biometrics?
Organisations with a turnover greater than $3 million per year (i.e. some pubs, clubs, education institutions, corporations and government departments) which are using, or considering, biometrics (i.e. finger scans, iris scans, voice prints or facial scans), comply with the National Privacy Principles (NPPs) of the Australian National Privacy Act.
Biometrics are personal information just like a passport, a driver’s licence, identity card or another identity document. If you copy or scan or collect any type of personal information from your customers you need to understand the National Privacy Principles. Remember, if you are collecting any personal information, you are handling someone’s identity. If it is a biometric you are collecting something very personal indeed.
You will need to make an informed decision about the introduction of biometrics which includes questions such as:
- Are biometrics the appropriate application?
- Have I got a clear mission on what to use the biometrics for?
- How is the introduction of biometrics impacting on my customers privacy?
- How do I protect and securely store the biometrics I collect to avoid misuse i.e. by unauthorised individuals or for other purposes than what the biometric was collect for?
- What are the risks and how can I manage them?
- Where can I buy biometrics systems and who can help with privacy impact assessments (PIAs)?
Consider a PIA first. PIAs are designed to be conducted quickly and without fuss and are a guarantee that your organisation has conducted due diligence in terms of assessing the privacy impact of any new business. It is also your insurance against accusations that you are privacy lax when it comes to new business; a vital question which may be asked of you by Parliamentary Committees, the media or courts of law.
The Biometrics Institute can help organisations make an informed decision about the introduction of biometrics. Please contact us when you are considering biometrics. Please also download this information sheet.
What are biometrics?
Biometrics covers a variety of technologies in which unique identifiable attributes of people are used for identification and authentication. These include (but are not limited to) a person’s fingerprint, iris print, hand, face, voice, gait or signature, which can be used to validate the identity of individuals seeking to control access to computers, airlines, databases and other areas which may need to be restricted.
Biometrics is also a term used in statistics particularly in science, medicine and forestry, not related to biometric technology. It has been around for longer than biometrics for identity verification or recognition. In the mid to late 90s there was often confusion like this in the media when “biometrics” was used by the security and the pharmaceutical/medical world.
Where are biometrics used?
Biometrics can be used in almost any application that requires the accurate identification of an individual. This ranges from computers where a fingerprint scan on the mouse can verify the identity of a user to nuclear power plants where various biometrics are used to restrict access to the critical systems.
There are many thousands of biometric deployments around the world too numerous to list here.
As a member you can also access the Biometrics Institute Annual Industry Surveys launched in May 2010.
Department of Foreign Affairs & Trade Australia – ePassports
The next generation of Australian passport—the ‘ePassport’—was introduced on 24 October 2005. The ePassport is very similar to the previous Australian passport, differing only in having an embedded microchip in the centre page and a gold international ePassport symbol on the front cover. The chip embedded in the centre pages stores your digitised photograph, name, gender, date of birth, nationality, passport number, and the passport expiry date. This is the same information that appears on the printed information page of every passport. Between 300,000 and 350,000 New Zealand and about 1 million Australian passports are issued each year.
Australian Customs Service – SmartGate
First fully operational facial recognition solution for border control in the world. Currently available at Brisbane and Cairns International Airports with Sydney and Melbourne airports scheduled next. It is due to be rolled out to all major Australian international airports by 2009.
Biometrics are currently being used in the national identification card schemes of many countries including Australia, Hong Kong and Malaysia.
E-Government and Online Authentication
Governments are looking at ways to authenticat e individuals when dealing with government services online. New Zealand, Australia and other countries have been conducting work in this area.
Some schools around the world have introduced biometrics in schools (i.e. New South Wales) in order to manage issues such as confirmation of school attendance or borrowing of library books. However, it is important that privacy protection of the students is considered as with any other implentation of biometrics. The Biometrics Institute strongly recommends to address this issue before the implementation of biometrics.
PRIVATE SECTOR APPLICATIONS
Call Centre Facilitation
Australian Health Management
A Private Health Insurance Company, is using a voice biometrics for caller identification and verification.
Drug Dispensing Facility
Historically, pharmacists have been left to develop their own method for tracking how much drug is given to whom and when. Biometric Methadone Dispensers can be used to assist with the management of patients with substance misuse problems.
Pubs & Clubs
Some pubs and clubs have started to introduce or to trial biometrics to time & attendance, security and detection of banned visitors.
It is important to note potential privacy impacts for the use of biometrics and the Biometrics Institute provides guidance about this.
Where are biometric technologies currently deployed?
Research into the use of face recognition for inclusion in passports. Includes significant input into the development of the new international biometric data standards. Since 26 October 2005 all newly issued New Zealand and Australian passports have a biometric identifier to continue to meet visa waiver requirements for travel to or through the USA. This is an extension to the original deadline of 26 October 2004. Australia and New Zealand plans to meet the 26 October 2005 deadline for getting the microchip into passports as do several other countries around the world. Between 300,000 and 350,000 New Zealand and about 1 million Australian passports are issued each year.
Australian Customs and Border Protection Service – SmartGate
First fully operational facial recognition solution for border control in the world. SmartGate is available at Adelaide, Brisbane, Cairns, Melbourne and Auckland International Airports. It will be progressively introduced into further Australian international airports with Perth and Sydney scheduled next.
Biometrics are currently being used in the national identification card schemes of both Hong Kong and Malaysia. There are many thousands of biometric deployments around the world too numerous to list here. A list of biometrics projects in Australia and New Zealand is available to members of the Biometrics Institute.
Are biometrics a threat to privacy?
This is a difficult question and probably the main barrier to wider use of biometric systems. If a person’s biometric information is stolen, then their privacy has definitely been breached. However, if certain standards in information collection and protection are met, then biometrics can be a privacy enhancing tool. It is the aim of the Biometrics Institute to see these standards and procedures put in place.
Should you be asked as an individual to provide your biometric, there are some questions you should consider asking the organisation collecting that information from you:
- Why is my biometric needed?
- How will the information be stored? How is the information protected?
- How long will the information be stored?
- Who will have access to the information?
- Who will the information be disclosed to?
As an organisation collecting biometric information, you need to ensure that you ask a few questions before implementing biometrics. Most importantly you need to consult with those who will be affected by the introduction of the biometric (i.e. schools need to consult with parents). Please refer to the below information links to help you make an informed decision about the introduction of biometrics. Please also contact the Biometrics Institute.
The Biometrics Institute is promoting the responsible use of biometrics. Data protection is important to assure users of the use of biometrics. Discussions with Biometrics Institute members raised that there is a need to come to consensus for what applications to use biometrics for (proportional use). One question to ask is for example “Are we happy to use it ourselves”. It is also important avoid function creep and have a clear mission for introduction of biometrics from the start and stick to it.
BIOMETRICS INSTITUTE PRIVACY GUIDELINES
The Biometrics Institute has launched a Biometrics Privacy Charter in November 2011 and renamed it to Biometrics Privacy Guidelines following a review in late 2012.
It has been designed by the Biometrics Institute to provide a universal guide for suppliers, end users, managers and purchasers of biometric systems. It is the public’s assurance that the biometric managers and data controllers have followed best practice privacy principles when designing, implementing and managing biometric based projects.
BIOMETRICS INSTITUTE PRIVACY CODE (REVOKED)
Implicit in the Biometrics Institute mission statement is the need to protect consumer personal data. The Biometrics Institute Privacy Code was designed for the protection of Institute members and their clients. It was approved by the Australian Privacy Commissioner in 2006.
Due to the delays in finalising the privacy legislation in Australia and the more international outreach of the Biometrics Institute, we decided to be proactive and upgrade our suite of privacy protection and awareness measures through a Privacy Guideline and other related information. The Biometrics Institute therefore requested a review of the Code and the potential need to de-register it (details about the consultation). On the 10 April 2012 the Australian Privacy Commissioner granted the revocation of the Code.
PRIVACY AWARENESS CHECKLIST
The Biometrics Institute launched its Privacy Awareness Checklist (PAC) for members of the Biometrics Institute in May 2010 to assist members in a quick an easy way to assess privacy impacts when using biometrics. It provides a snapshot in time of where the organisation sits in regards to privacy.
Is theft of a biometric possible?
What happens if a theft of a biometric occurs, or if a biometric is compromised? If a password is compromised it is changed to a new one, but what happens when say someone copies your fingerprint or makes a contact lens with a copy of your iris? A user’s biometric cannot be changed like a password, so what happens in this case?
Or, is the way in which biometrics are ‘scanned’ or stored able to prevent this type of compromise?
Hollywood sci-fi movies frequently have scenes where eyeballs are plucked out of skulls, fingers cut off or even whole hands severed to access biometric systems. It’s hardly surprising then that a myth is that a dead biometric is as good as a live one. So how true is this? In most cases the answer is a resounding no, although it’s hard to find any volunteers to test empirically prove this. When a biometric is severed, in addition to the trauma inflicted during the removal process, the circulation loss rapidly degrades and deforms the biometric rendering it useless for access control, or for pretty much anything else. In most cases just as with a PIN or password it would be easier (not to mention a lot less messy) to coerce co-operation at gun-point.
A behavioural biometric such as signature or handwriting cannot be ‘stolen’ but someone can learn to sign or write like you to a certain extent. A physiological biometric such as fingerprint or face or iris image can be ‘stolen’ – a copy of raw biometric data (or a feature template) obtained by illegal means. Ideally a biometric is what an individual possesses and another individual should not be able to possess the same. What they have is only a copy of the sensed or measured form of it.
However, merely obtaining the data is not enough. The impostor will have to present the biometric to the system as well and fool the system in this regard. Some systems have “liveness” tests which can reject presentations such as fingerprints copied on plastic material or faces shown as photographs. Clever ways of circumventing such checks have also been devised and there is no completely secure method.
One cannot change a fingerprint if the fingerprint data is stolen – unlike a password. One way to prevent such theft for biometrics such as iris or retinal scans (which cannot be as easily obtained as fingerprints or faces) would be to not supply them in raw form to anyone, but in an encrypted form – what is being referred to as ‘cancellable’ biometrics. Keys used for encryption and decryption can be changed. It just makes it harder for the thief to get a useful form of the data.
Multimodal systems can have an advantage in this regard. It is more difficult to present the face as well as a fingerprint and sign like another person. Text-dependent behavioural biometrics are like a combination of password and biometric in this regard. For example, the way you write or speak particular phrases. If someone learns to write like you or mimic your voice for these phrases well, you can change the phrases being used. A random phrase chosen from a large enough vocabulary will make it harder because the impostor will need to learn all the phrases in the vocabulary (which may not even be public).
Are biometrics a threat to your health?
Can you tell the state of my health from the iris? Will my eye be damaged from an iris scan? Does eye surgery change the iris?
Iris readers do not use lasers, but they do use near-infrared light. The amount of this light is no more than would be received by walking outside on a sunny day. There have been numerous reports on the safety of iris systems, and the fact that they are used by risk adverse government departments should attests to their safety.
Do fingerprint sensors carry disease?
Touching a fingerprint sensor is no more dangerous than touching the many other communal surfaces such as door-knobs that we deal with all the time. In some countries after SARS and the threat of bird-flu this could be a legitimate concern in public places, so work is progressing into fingerprint sensors that are completely contactless.
Lots of researches and articles on the web make a comparison between fingerprint and other biometrics technologies (iris scan, facial recognition…) and they explain that one of the strengths of these technologies in comparison to fingerprint is hygiene. This strength however is only a perceived advantage form the users point of view and not a biometric strength.
Because optical fingerprint readers use a light source on the scanner surface, the fingerprints are more visible on a fingerprint sensor than say a on a door-knob or any other commonly used surface. However touching a fingerprint sensor is not more risky than touching a door-knob.
Daniel Munyan, chief scientist at Computer Sciences Corporations (CSC) GSS, has published an article called “Coming Clean on hygiene” about this topic. He explains how cultural sensitivities, hygienic requirements and practical considerations might impact the biometrics industry’s development of verifications systems.
There is also an article from Angela Sasse called “Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems” which talks about that, but very briefly and less relevant.
Solutions: To fight against this fear, companies develop the contactless sensor. With contactless technologies, people are less afraid to give their fingerprint. Daniel Munyan explains in his article some solutions. He takes the example of an immigration control Gate in an Asian country where the glass of the sensor was protected by a plastic cover.
Is there a health risk with vein scanners and infra-red?
A vein scanner photographs the palm using for example 760 nano-metres (nm) infrared light and then processes the image to separate out the veins. 760nm infra-red light is present in natural light and is everywhere in nature – this is evidenced by artistic infra-red photography. Extended exposure to high levels of IR light can cause skin damage, but not short exposure to low levels of IR. UV light is the end of the spectrum that can cause more significant skin damage – ala sun burn. The following article talks about the ionisation effect of UV and longwave IR, but indicates no issues with nearfield IR, such as 760nm.
Do fingerprints and other biometrics change when you get older?
Once a person stops growing their fingerprints and other biometrics are largely constant.
Are biometrics new and unsafe?
One myth is that biometrics are new and unsafe. Biometrics in the modern world are as old as the use of a signature, or the attaching of a photo to a document. The safe and secure storage of your biometrics should be no more concerning than providing your billing information to the businesses you already trust with your personal details.
Almost all identity theft today happens from traditional sources (for instance, stealing or making drivers licenses or passports). In fact, biometrics can act to help protect your identity. It’ll be a lot harder in the future for an acrimonious relationship breakup to result in a partner creating havoc in your life because they know all your passwords or secret answers, and it’ll also be a lot harder for criminals to take over your identity.
Examples abound of the break-down of traditional identity systems based on name matching where the wrong people are detained, and sometimes even jailed because of a lack of other ways to establish identity.
Is a biometrics systems any good if it is not 100% accurate?
What this attitude fails to consider is that all the forms of identification have problems. Passwords get written down, covertly observed or shared with family or friends, smartcards get forgotten in a cab, stolen by a pick-pocket or bent and broken. Where real security gains are made is when two or more factors are brought together. If I have a card access system on a door, and the card falls into the wrong hands, what is the intruder chance of success? 100%! Alternatively if I have a biometric system that has a 3% chance of making a false accept as well as using the card, what is an intruder chance of success now? 3%. The equation is that simple.
A companion question that is always asked is ‘which biometric is most accurate’. What usually meant by this question is ‘what biometric will be the most effective for my application’. The answer of course depends on how one defines effectiveness. Is it easy-of-use, convenience, ability to resist being spoofed (fake fingerprints for instance), ease of integration with existing business processes or data, inclusiveness, speed, data size, stability and reliability.
Are biometric systems very costly?
On average biometrics these days are not much more expensive than most other secure second factors. Many biometric systems work from relatively inexpensive sensors such as cameras or phones, and even fingerprint sensors these days can be made cheaply enough that they are starting to become standard on laptops.
Will biometrics be a panacea in preventing terrorist activity?
Unfortunately we live in an unsafe world, where there are fanatics that are dedicated to violently killing themselves and those around them. They are often well resourced, have good planning and intelligence and significant patience. To think that biometrics will prevent these people and those behind them from perpetrating more crimes is largely wishful thinking.
It will make the process slightly more difficult, as the creation of fake identities is harder. But the recruiting pool is sadly deep and the intelligence services cannot know or keep a track of everyone that poses a risk. Where biometrics can help is in quickly identifying individuals after an event (which can prevent further attacks) or identifying suspicious behaviour and tracking this. The next set of Al-Qaida operatives will probably have quite legitimate biometrics stored in government databases under their own names.
Is template data encrypted data?
A template can be thought of as the refined and processed information about the distinguishing characteristics of a particular individual. In the case of fingerprints it might be the location and direction of the minutiae or for iris the position of the filaments around the eye center. The information in a template must be enough for the recognition algorithm to distinguish between one individual and every other individual the system might ever see (possibly everybody!).
So, while the system does not store all the details of a person (the full face or fingerprint image for instance), it must store enough data so that if you knew how the recognition algorithm operated you could reconstruct a likeness of that individual sufficient to be able to fool that system. This is one reason why it is important that templates are encrypted when they are stored.
How can function creep (biometric was used for a different purpose than what it was collected for) be prevented?
An individual enrolling into a biometric system should check if the organisation is a Biometrics Institute member and a signatory to the Biometrics Institute Privacy Code.
The Privacy Code requires subscribers to comply with the Code Privacy Principles. Principle 12.3 addresses this issue: “Secondary analysis or function creep of biometric information collected for purposes such as authentication or identification is not permitted without express free and informed consent.
For example biometric information collected for the purposes of authentication and identification shall not be used to examine that information in search of genetic patterns or disease identification without express free and informed consent.”
What needs to be considered when you enrol your biometric?
Enrolments in biometric systems shall be voluntary, unless required by law. Refer to the Biometrics Institute Privacy Code Principle 12.1.
Individuals who have enrolled in a biometric system shall be informed of any change in the scope or purpose of the system. Refer to the Biometrics Institute Privacy Code Principle 12.2.
Individuals who have enrolled in a biometric system shall, where possible, and upon request, be given the opportunity to have their biometric information removed from the system. Refer to the Biometrics Institute Privacy Code Principle 12.4.
Auditing of biometric systems by a third party shall be implemented. Refer to the Biometrics Institute Privacy Code Principle 13.2.
Is a photo Biometric?
A biometric is “A measurable physical characteristic or personal behavioural trait used to recognise the identity of an enrolee or verify a claimed identity.” You could also say: Bio → life → (living) individual or group, Metric → measure → comparable for establishing identity of. Therefore “biometric” refers to a characteristic that satisfies the two.
Face is then a biometric. Scars or tattoos can be if they are able to do the above. The same biometric can be in many forms – photographs, digital images. It can also be transformed from raw → features → templates.
Provided the photograph has been captured in line with ISO 19794-5 then it is “a measurable physical characteristic” of a person, ergo it is. But if it is a photograph of a house, a sillhouette of a person, a photograph of multiple people – then it would not pass the ISO 19794-5 tests, so it would not be.
Given that ISO-compliant hardcopy photos (and sometimes ones that aren’t) can be scanned and uploaded to generate templates that work with facial matching systems, you’d have to say in that sense a photograph also is a biometric.
By our ISO 19794-5 definition, for the photo to be a biometric, there is an intent that the photo is captured for biometric matching purposes and QA checked against standards as part of that process, against a neutral background. So we’d argue that a passport style photo of a person taken at random at home would not be a biometric because it was not taken for biometric measurement purposes.
A biometric is any biological attribute that can be used for identification – hence strictly a photo qualifies, as does in fact a picture or video of any part of the body. However just because a selection of photos exists of employees for instance (ICAO compliant or not) this does not mean there is the capability or intention to do anything biometric with the photos.
In other words they could be called ‘latent’ biometrics – similar to a latent fingerprint that is left on a surface but that may not be used. Any clear photo of a person contains some biometric information – but if there is no intention to convert it to a template or match it against a facial gallery then I would say it is open to debate as to its status as a biometric in the technical or legal sense.
It’s the purpose that counts. A driver licence authority that has photos stored for the purpose of identification (biometric) might be different from a human resources use or facebook style application (‘latent’ biometrics). For instance consider video libraries and TV stations or newspapers, they might be considered vast biometric repositories if any photo of a human qualified as a biometric. Obviously purpose can change – and so what was a ‘latent’ biometric might become an actual biometric with a change of usage.
What biometric information do I need for visa applications as a New Zealander or Australian, i.e. for the UK?
United Kingdom (UK) Visa
To find out whether you require a visa to travel to the UK, please refer to the info on the GOV.UK Visas and Immigration page. All UK visa applicants are now required to provide finger scans as part of the application process. Biometric data collection (finger scanning and a digital photograph) is part of the British Government’s five-year strategy for managing asylum and immigration control in the UK. You can contact the British High Commission in Canberra for more information and biometric data collection.
Depending on your immigration category, you may need to apply for a biometric residence permit (formerly known as an identity card) for foreign nationals if you apply for permission to extend your stay in the UK.
For the biometrics enrollment you simply have a digital photograph taken and put your fingers on a glass screen. For information see the UK Border Agency factsheet.
United States of America (USA) Visa
Most Australians traveling on business or tourism for less than 90 days do not require a visa. For information refer to the US Embassy website. The 24-hour information line of the US Consultate General in Sydney is 1902-941-641. The cost to listen to prerecorded information is $1.15 per minute (cost access with variable cost options. Higher rates may apply from mobile and pay phones).
What do I need to know about the use of biometrics in licensed premises such as pubs and clubs?
Refer to the following information documents for more information:
What do I need to know about biometrics in schools and biometrics and children?
The Biometrics Institute is promoting the responsible use of biometrics and has been doing so since 2002. We have developped several guiding documents and worked with other organisations addressing this issue.
It is important that any organisation looking at implementing biometrics first consults with those group most affected by the implemention. Privacy Impact Assessments are also important.
Users should also be given the option to opt-out. And in some cases this consultation may show that a biometric is not the right solution.
In the context of schools and children, parents should therefore be consulted first.
Here are some useful links: