Biometrics, Privacy and Identity Theft – What Are You Risking?

Some rights reserved by nitot

Is Biometric Technology Synonymous With A Violation Of Privacy?

In certain circles, it’s virtually impossible to mention the words “biometric identification” without also having a spirited discussion about how using biometric technology purportedly is a direct violation of an individual’s right to privacy.  The issue regarding biometrics and privacy is if someone enrolls in a biometric identification system (referred to as a “biometric template”), they are providing an image of their fingerprint, finger vein, palm vein, iris pattern or other physiological characteristic which is stored on a server or a computer.  As a result, the following two fears are the most common about what could happen to the stored “image”:

  1. Identity Theft – It can be stolen by a computer hacker and used to steal someone’s identity similar to if someone were to steal your social security number
  2. Government Database – Your biometric template can and will be used by the federal, state or local government to create a national registry of all citizens

The Truth About How Biometrics Really Works

The truth of the matter is that biometric identity enrollment templates stored on a server or computers are not actually images at all.  They are a mathematical representation of the data points that a biometric algorithm extracts from the scanned fingerprint, finger vein, palm vein or iris.  The identity template is simply a binary data file, a series of zeros and ones.  The algorithm then uses the template to positively identify an individual during subsequent fingerprint scans.  No image is ever stored or transmitted across a network.  In addition, the algorithm is “one way” which means that the template that is extracted is nearly impossible to be used to recreate the original biometric image.  In other words, it is nearly impossible to reverse engineer the data that is sent to positively identify an individual and successfully “steal” their biometric identity.

At M2SYS, we employ several important security features to ensure that the privacy of those using our Hybrid Biometric Platform system is fully protected:

• No images are ever stored

• Biometric data is stored in a proprietary format unique to the algorithm used in Hybrid Biometric Platform

• All biometric data is stored using the AES 128 bit encryption algorithm

Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government.  It is used worldwide and has been analyzed extensively, as was the case with its predecessor, the Data Encryption Standard (DES).  AES was adopted by the National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 in November 2001 after a 5-year standardization process.

Can You Really “Steal”Someone’s Biometric Identity?

Notice we said “nearly” impossible.  It is certainly “possible” that a hacker can reverse engineer biometric data and recreate an image.  Anything is possible.  But the question is, why?  What would they be able to do with that image?  Fingerprint biometric technology has matured in sophistication over the years and is nearly impossible to fool with a photocopy, mold or any other variation of a person’s fingerprint. Vascular biometrics (e.g. – finger vein and palm vein) require blood to be running through the veins in order for the near infrared light to successfully capture the finger or palm vein pattern.

Furthermore, biometric enrollment in any system or for any type of identification purpose requires someone to be physically present at the time of enrollment.  It is not physically possible to enroll in a biometric system using anything other than your own physiological characteristics.

Don’t Speculate, Educate

Our role as a biometric research and development company is to not only advance the growth of the technology throughout the world but also to educate on how the technology works.  If you are unsure about how safe biometric technology is, we encourage you to educate yourself on the facts.  Do not speculate, theorize or make assumptions based on what you have “heard” from others.  Our blog makes for a great resource to read about biometric functionality and see firsthand examples of its application across many vertical markets.  Read, educate and learn.  Contact us if you have questions beyond what you find on our Web site or blog.  In addition, if your customers are skeptical of using biometrics and you want to reach out and ease their concerns, we are happy to write a guest blog post on your Web site, write an article for your company newsletter or customize a flyer for you to post/distribute proactively before you implement a biometric identification system.  M2SYS is always more than happy to provide you with anything you need to make the transition to biometric identification a smooth one!

If you feel that biometric technology is a violation of your privacy, please explain to us why you feel this way in the comments section below.  We welcome respectful comments, thoughts and opinions on our blog posts at anytime!

John Trader (234 Posts)

John Trader is the Public Relations and Marketing Manager with M2SYS Technology, a recognized industry leader in biometric identity management technology. Headquartered in Atlanta, GA M2SYS Technology's mission is to pioneer the high-tech industry by delivering long-term value to customers, employees and partners through continued innovation and excellence in all aspects of our business. M2SYS continues to innovate, build and bring to market leading-edge biometrics solutions that revolutionize the industry and expand the applicability of biometrics technology in our marketplace. You can view their Web site at www.m2sys.com or contact them via e-mail at info@m2sys.com