Note: This second article is the first in a two-part series. Read Part One
In a previous article, I discussed Biometrics, a relatively new technology that is impacting the Information Technology landscape in India and across the globe. Biometrics is a technique for authenticating an individual’s identity.
It is based on identifying, recording and comparing an individual’s unique physical traits — including fingerprints, iris shape, facial characteristics and vein and voice patterns. Behavioral mannerisms such as handwriting and gait can also be identified and compared.
Biometrics are increasingly replacing the typical username/password combination that so many of us use to gain access to workstations and online accounts. Unfortunately, this widely relied-upon combination is losing its effectiveness for protecting our digital assets. Usernames and passwords can be easily replicated, stolen, hijacked, or compromised by unscrupulous parties.
In response, many Indian enterprises are enforcing stricter standards for password creation; typically mandating that passwords be a specific length and include special characters and numbers. Passwords are also given a short-shelf life, usually two or three months.
Employees are required to come up with and use new passwords frequently. This practice leads to employees being unable to remember newly created passwords, and often writing them down for easy access — defeating the purpose of password security all together.
Biometrics enable security procedures to entirely replace the use of usernames and passwords via a “Single Sign Solution.” With a swipe of a finger (or a scan of the iris), a user can log into their computer or wireless devices.
This solution is cost-effective and ensures the identity of an individual one-hundred percent of the time. After all, except for in the movies, bad guys aren’t likely to cut off your finger or take out your eye to steal your identity!
The Social Impacts of Biometric Technology
The benefits of using biometrics include uniqueness, convenience, and dependability. But the technology is still viewed as something of a “Black Box” or “James Bond” device.
Such a perception comes from a lack of understanding of what the science of biometrics is really all about — just another form of security technology whereby the system processes information provide to it, and from there, renders a decision as to identity. In other words, garbage in, garbage out.
There are, however, some serious ethical and societal implications of biometric use. The main one, particularly in developed nations is personal privacy. This is increasingly an issue in countries like the United States and India where the national constitution guarantees protection of personal privacy.
Many American feel that the use of such technology has the potential to undermine the right to privacy and anonymity, and that it can have a deleterious effect on personal freedom. In the U.S. there is presently a big hullabaloo over the Federal Bureau of Investigation’s (FBI) attempt to exempt their biometric database (comprised of fingerprints, face, iris and voice scans of millions of Americans) from freedom of information requests.
The FBI argues that to allow citizens to access their personal information in the database has the potential to “compromise criminal investigations or national security efforts.” Many Americans are asking why the FBI needs their biometric information if they haven’t committed a crime.
Many individuals are concerned that their personal information might be misused. This loss of control creates angst among people in general, as it is human nature to want to have control over what is being done to us and by extension our images and personal data. When such control over personal data is stripped away, we feel paralyzed.
While biometric technology isn’t of itself harmful, there is the fear that it could be used for nefarious purposes such as illegal surveillance, profiling, data mining and such. In the event of political turmoil, there is the very real potential for one’s private information to be used in a manner that violates their rights. The question arises: Who watches the watchers?
Some cultures may be reluctant to offer up their biometric data. For example, some Muslim cultures prohibit women from being seen without a veil. Certain head gear or coverings may prohibit or affect the scanning of facial features.
Several countries in the world recognize the religion of Pastafarianism and permit adherents to have their official photos taken while wearing a colander on their heads — besides the shock value, it may be difficult to see facial features clearly.
Additionally, there are cultures that limit touching items that have been touched by others — like a fingerprint scanner. A large number of Native American tribes traditionally resist the collection of hair and nail samples in fear that such may be used against them by witches. Such a belief can easily be extended to other biometric markers. Clearly there is a need to find workable solutions to such cultural reluctance.
The technology is still developing and errors can and do occur with some frequency. Depending on the skill of the biometric technician, the conditions and the momentary health of the individual being verified, recognition errors can occur causing difficulties ranging from denial of services to missed airplane flights and, in some cases, detention and even arrest.
There are also instances where the technology fails to prevent someone from entering a restricted space as has happened with certain no-fly lists throughout Europe.
Compromised biometric data
The strength of biometrics is also its great weakness. Since biometric data (shape of your eye, vein pattern, etc.) never changes, if your data is compromised it can never be restored. Unlike passwords or lost key cards, that are easily replaced, users only have a limited number of biometric features (fingerprint, ear shape, etc.) from which to choose. If any of these identifying characteristics are compromised, or lost, the user ends up having to figure a new method of identification.
Weaknesses of biometric systems
Just like any device attached to a network and database, biometric systems can be hacked or fooled in any number of ways. Fake biometrics can be presented upon enrollment, input signals can be scrambled or falsified, biometric features transmitted over the internet can intercepted and modified, and identification results can be overridden.
While the odds of any of these weakness being exploited may seem small, as the value of the data increases we can be certain to see more attacks on the systems themselves.
Because of issues like these, the adoption and subsequent acceptance rate of biometric technology has been mixed. Ironically, in Europe the Pacific Rim, and even the African nations, the adoption rate of biometrics is actually quite high as people in these geographic locations do not have much concern with enrolling in a particular system.
In the U.S., however, and even in India, the adoption rate is actually quite low. A major reason for this is that the national constitution in these two countries (especially that of the United States) guarantees citizens certain rights, liberties, and freedoms. In both countries citizens regularly choose to have their identities confirmed by other means (such as a national ID card, driver’s license, and so forth).
In countries that lack a strong emphasis of individual identity the citizens are generally more accepting of inclusion in a biometric system and use is more widespread. Such practice is often readily accepted as a means of identifying individuals for government services. For example, if a citizen in Nigeria is enrolled in a governmental fingerprint recognition system, then that individual is easily tracked and identified for access to services and benefits.
Not surprisingly, the spread of biometric systems is being reflected on various IT security certification exams. Security pros are being expected to have some knowledge of such systems and their social impact particularly in regard to security of data and privacy.
Because biometrics is now making a grand entrance into the Indian IT market, and given the high level of societal impacts it has, there are actually certifications in biometrics.
- Certified Biometric Security Technician
- Certified Biometric Security Professional
- Certified Biometric Security Engineer
- Certified Biometrics Security Developer
Each certification focuses on technical skills and hands-on activities based on current industry practices. Course content utilizes commercially available technologies to ensure that students acquire industry-ready skills and knowledge. Certification in any of the courses also counts toward continuing education credits for CompTIA’s A+, Network+, Security+ and CASP certifications.
Brainmeasures offers a basic self-study biometrics course for a very affordable $99 U.S. Candidates study from course materials and then sit for the certification exam. The course content covers the basic principles, theories and standards of biometrics. The role of biometrics in protecting assets and choosing, implementing and maintaining an effective biometric solution.
Presently there is a world-wide shortage of trained and certified biometric system operators. Certification is useful for landing a job and qualifies credentialed individuals to work as biometric directors, system engineers, technicians, analysts and consultants. Salaries are also good, ranging from $60,000 U.S. and climbing to the high $90,000s U.S.
As biometric use continues to gain acceptance the need for skilled operators will continue to grow. If you enjoy security, and all its challenging scenarios, and would like a career filled with opportunity, along with a nice salary, then consider a biometric certification.