Biometrics, Ownership and Privacy?

← Back to Stories (view on slashdot.org)

Biometrics, Ownership and Privacy?

Posted by Cliff on Monday June 24, 2002 @09:54AM from the who-owns-the-data dept.

symbolic asks: "I just finished watching a small segment of World Business Review on PBS, where the topic of discussion the use of biometrics by employers to not only provide confirmation of identity, but as something to drive other parts of the operation - like tracking employee time. Briefly mentioned were face and iris scans, but as I was watching a picture of someone's iris, I realized that once an employer has captured a scan of your iris (or any biometric data), who has control over it? Does it become part of the cesspool of information trading that occurs between business and government entities? Will trading of someone's biometric information become as ubiquitous as their address or phone number. Is there any reason we should be concerned about this? I'd like to hear what others think about this." Ask Slashdot has previously approached the Biometrics topic for technical issues, but the privacy issue of such data has yet to be addressed. How do you feel about biometric data (or any data derived from your physical makeup, like your genome) being used as another commodity (like your address) in the corporate data exchange?

6 of 223 comments (clear)

I think it's great! by pizza_milkshake · 2002-06-24 10:00 · Score: 5, Funny

I think it's great. Instead of sending me spam via mail, fax and email -- now they can engineer ads based on my DNA.

ad: pizza -- you have an 18% chance of getting colon cancer and only 32.34 years left to live, wouldn't you like to spend some of it drinking a nice, cold, refreshing Pepsi?
1. Re:I think it's great! by SpinyNorman · 2002-06-24 10:05 · Score: 5, Funny
  
  I think it's great. Instead of sending me spam via mail, fax and email -- now they can engineer ads based on my DNA.
  
  Finally they can send the penis enlargement ads to those who need them!
The biggest problem with biometrics. by oGMo · 2002-06-24 10:06 · Score: 5, Insightful

Recently I watched a presentation by a biometrics group, so this is a bit familiar to me. By far the biggest problem, the question unanswered, is what to do when your information is compromised.

See, you can change your credit card number, or your email address. You can even move someplace else. But you can't change your biometrics. Hopefully movies like Minority Report will provide some Good FUD about biometrics, so people realize that this information should be kept as private and closely-guarded as their own life.

It's funny how people seem more willing to give out their fingerprint or retina than they are a number on their credit card. It may be hard to hack. It may be very hard to hack. It may be almost impossible to use. But as those in the security business know, nothing is impossible. And with biometrics, once you're compromised, that's it.

--
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
Re:Yes! by RealisticWeb.com · 2002-06-24 10:28 · Score: 5, Insightful

So why is that a problem? It is exactly the same to me as my finger prints. You can't change your finger prints (without scaring them) do you ever worry about who gets ahold of your fingerprints? No one does except a criminal. Do you wear gloves in all public places so one one can come by later and print you? Do you ever worry even slightly that a national database containing an image of your fingerprint will be comprimised by a cracker and used agaist you? No? I didn't think so. To me the fact that that they can't be changed is exactly what makes me not worry about it! If that information is sold it wouldn't be any different then the rest of my information that is currently being sold, except that you can't fake an eyeball! People can make fake credit cards, fake ID's and forge signitures, but what are they going to do, grow a synthetic eye from my DNA and hold it up to an eye scanner? Implant them in thier own eyes? You've got to be kidding. People who are going to get away with identity theft or even hacking/cracking for that matter are going to go for the most easy and fast way. Biometrics will be so hard to fake and do anything with, they are just going to try and swipe your credit card number the old fasioned way. I wouldn't get too riled up about this if I were you.

--
Sigs are out of style, so I'm not going to use one...oh wait..
Re:Yes! by finkployd · 2002-06-24 11:30 · Score: 5, Insightful

Can't fake an eyeball huh? Well, perhaps not. I possibly could, however, intercept the stream of bytes that represent your retinal scan. Now we have a problem, because you cannot revoke that identity. With any other form of authentication system, you can change your password, revoke a public key, etc.

You are operating under the assumption that all eye scanners are in tightly controlled, protected areas. This is an unacceptable form of authentication for obvious reasons.

Today I can log into my bank from home. If biometrics were to ever become widespread and replace password authentication (admittably a very problematic system), it is going to have to be accessable from everywhere (including your home computer). A biometric reader could easily come standard with a PC (or even handheld), but there better be a damn good method of protecting the biometric data in transit.

Finkployd
Re:Yes! by Relic+of+the+Future · 2002-06-24 11:53 · Score: 5, Informative

Just a nit-pick, but you can't reconstruct the patterns in a person's eyeball with their DNA, for the same reason that identical twins have different fingerprints. It's not something that's in the genes.

--
Those who fail to understand communication protocols, are doomed to repeat them over port 80.