Biometric Identification and Attendant Risks

Biometric methods permit a person to be definitively identified by means of certain physical features. Many physical attributes are unique and do not change in the course of a lifetime. The advantage here is that physical features (unlike passwords) can neither be lost nor passed on to others. For this reason biometric identification is considered to be especially secure. All the same, as well as the benefits for security and data protection, there are considerable risks involved.

The events of September 11, 2001 provided biometric identification technology with a fresh impetus. Manufacturers praise it as the most efficient means for combating terrorism, since biometric features are extremely difficult to fake. This is of little use, however, if the operating system is insecure and unauthorised persons are able to tamper with biometric data. Research studies have shown that some commercial biometric systems are vulnerable. Such systems can therefore only be deployed in a meaningful way if the biometric features are stored in an absolutely secure environment. The crucial factor here is that the checking system does not merely compare the data to the stored specimens, but that it is also able to check whether the data was taken from the same person at the time of the examination. If a system is not capable of dealing with these two checks there is a security risk. One reason for the risks which still exist in the field of biometric systems lies in the fact that biometrics is still in its infancy and has not yet had to prove itself in practice in any major way.

The solution of the security question is of decisive importance, however, for the strength of biometric methods - the immutability of the features - can at the same time be a serious weakness. For if biometric data are stolen or go missing, they cannot be replaced the way a password or certificate can be. In case of loss, the biometric identification is permanently compromised and can no longer be used. One of the central problems of biometric systems is therefore that of revoking a feature so that it cannot be used improperly. Switching to a feature incapable of being compromised is only an apparent solution, for if the identification is undertaken through a finger, for example, the other fingers are available as alternatives. Their number is limited however.

In order for biometric data to be deployed, both for high security and efficient data protection, the existing security risks of biometric systems must be eliminated. For stolen biometric data are irreplaceable.

[July 2002]