Are Biometrics the Key to Better Security?
Are Biometrics the Key to Better Security?
Why do I need to know about biometrics? Security is a big word in the cyber fields. With new threats emerging every day and guidelines having to be followed, everyone must do their part not only digitally, but physically to secure information. However, with every bit of personal information stored into a database, there are new concerns about privacy and the chance that the new secure measures could have the opposite effect.
The digital age is in full swing, and with the conveniences it brings there are new challenges and new criminal and less than honest forces to contend with. The rate of improvement in the digital industry is far outpacing the rate of security enhancements and is light years ahead of what the general public understands. With the various security lapses and hacks there has to be more ways to secure our information. But what is the right way to do it? Could it be that the advancements we seek in security lead to more privacy intrusions and crimes?
“Digital identity failures underlie more problems than are immediately obvious” (Camp, 2012). In an effort to better secure facilities and goods, retailers and corporations are utilizing more biometrics systems in an effort to get a handle of who may gain access to important information or even cash. Recently the Hooter’s chain of restaurants deployed the DigitalPersona fingerprint biometrics system. Hooters’ fingerprint system will allow Hooter’s to strengthen their loss prevention system and allow employees a way to clock in and out from their shifts. In addition, the system will be used for gaining access to cash registers. Hooters hopes that the new system will help cover profit losses and employee fraud against customers. However, Hooter’s employees may soon find that their information is being logged and will kept indefinitely as property of the Hooters corporation. Once an employee leaves the restaurant, it is possible that formerly classified Hooters data can be used against them in the future.
Workstation computers in companies are a place where you will start to see a lot of fingerprint scanners. This helps assure that the person utilizing the workspace is supposed to be utilizing it. Every time they sit down to work, they will have to rescan their finger. If someone else is going to use the workstation, they scan their fingerprint and it switches the user identities. But this poses another possible security risk to the user. If the computer is internet capable and a hacker can get into the network, what is to stop a hacker from stealing the biometric data that is attached to the individual user?
Even with the use of HIPAA there is some concern among the medical world about possibly gaining access to an individual’s data. “Biometrics also raise different concerns, such as the potential use of the technology to link medical predispositions, behavioral types, or other characteristics to particular biometric patterns” (Rand.org). Granted, HIPAA is designed specifically for that case, but nothing is foolproof. And once the data is in the wild it cannot be put back in its cage. It would be hard to prove that someone was turned down for insurance or treatment because of some previously leaked data, or that they used unauthorized data to make their decisions.
Naysayers suggest that biometric technology creates an Orwellian-like world where a totalitarian corporate Big Brother monitors and tracks one’s every move. One need only recall the infamous 2001 “Snooper Bowl” in which thousands of unsuspecting football fans were secretly subjected to facial-recognition scans upon entering Raymond James Stadium in Tampa Bay. Indeed the use of facial scanners on unsuspecting citizens was not met with gratitude by the privacy minded public. However, since the events that took place on September 11th, 2001, people have softened their stance a bit. One of the ways some governments have tried to minimize privacy anxieties in respect of biometrics has been through the use of Privacy Impact Assessment (PIA). This is a process which enables organizations to anticipate and address the likely impacts of new initiatives, foresee problems, and negotiate solutions. Systems can be designed to avoid unnecessary privacy intrusion, and features can be built in from the outset that reduce privacy intrusion. Whether it is the idea of giving up a little bit of privacy to protect the greater safety of person and country, or whether society has become a little bit more complacent, it is not known. Either way, individual identities are being kept more and more in various databases across the country, perhaps the world.
Even while society may be giving in to the idea of having their information stored electronically somewhere, the greater concern is the security of the systems that house the data. “Proposals to implement an encryption regime for biometric data do not alter the fact that even encrypted biometrical data are associated with an identifiable individual, although the association is not normally discernible by someone that doesn’t possess the decryption key” (Cippic). It seems every few weeks there is a new story about LULZsec or Anonymous hacking into another corporations systems and stealing private information on individuals. To this point the two entities mentioned say they are doing it to prove a point and will not release the information. However, they do have it, and it makes you question who else has it, or who else could get it? The security of the information and the systems that collect the information are just as important as what it may be concealing.