Friday, August 08, 2008

Nationwide biometric databases - a good idea? Not!

Haaretz (arguably Israel's most influential newspaper) argues in an editorial that the Interior Ministry's proposal for a nationwide biometric database is a good idea. Aspects of the argument remind me of Scott McNeally's famous quote "You have no privacy. Get over it".

But perhaps the scariest part of the Interior Ministry's proposal (and the Haaretz editorial) is a seeming complete ignorance of some of the other downsides of such a database. For example:
  • What happens if someone steals your biometric data from the database, and is able to use a "replay" attack to make it appear that you're the one being authenticated?
  • What happens if someone replaces the biometric information of a bad guy in the database with an innocent victim? The bad guy will then go free ("it couldn't be him, since the biometrics don't match"), and the victim will have a hard time being vindicated ("the crime scene fingerprints match his fingerprints in the database, so he must be the murderer").
  • What happens when someone uses some of the published techniques to pick up latent fingerprints and play them back? (I remember an example of this by researchers in Japan a few years ago.)
The editorial claims that the database will be secure and "will be accessible only by judicial order." But that's also true of many databases, and it just doesn't work - see, for example, the many recent cases of hospital workers in Los Angeles reading medical records of celebrities, or IRS employees accessing celebrity tax records....


Post a Comment

Subscribe to Post Comments [Atom]

<< Home