Today, we came across the following blog post from Guy Huntington at Infosec Island:
“What Happened to My Biometric?”
In the post, the author discusses the inherent dangers of opting into a biometric identification system by providing your fingerprint and the possible negative privacy and identity theft consequences if a user does not make sure that their biometric template is deleted from the system if they leave or opt-out.
Our take: While we are always pleased to see biometric technology pop up in the news or through blog postings, we often cringe when we see these types of articles that essentially do not accurately depict biometric technology, and leave readers with ill conceived perceptions about how the technology actually works.
Anyone who works in the biometric industry can attest to the fact that there is never an image of a user’s fingerprint stored. The truth of the matter is that biometric enrollment templates stored on a server are not actually an image of the fingerprint at all. They are a mathematical representation of the data points that a biometric algorithm extracts from the scanned fingerprint. The algorithm then uses the template to positively identify a user during subsequent fingerprint scans. No image of the fingerprint is ever stored or transmitted across a network. In addition, the algorithm is “one way” which means that the template that is extracted is nearly impossible to be used to recreate the original fingerprint image. In other words, it is nearly impossible to reverse engineer the data that is sent to positively identify a user and successfully “steal” their biometric identity.
After understanding the truth behind the technology, this leaves us with the question, “Where is the fear of identity theft? Privacy issues?” Furthermore, we can’t seem to make a connection with the logic in this blog post about what exactly a criminal would do with a fingerprint image (if they could ever possibly re-create it which is nearly impossible) if they were to obtain it? 9.9 times out of 10 biometric systems do not associate names with a biometric template so how would the criminal/hacker know who’s biometric information it actually is?
We continue working tirelessly to vociferate with the technology media and pundits to please make sure that you understand the science behind biometric technology before writing these types of articles. The only objective that a posting like this achieves is fueling misconceptions and falsehoods about biometrics and how the technology works. In addition, we stand behind our software as being secure and protecting an individual’s privacy and the potential for identity theft. We hope that our words an actions will have an impact on spreading the truth about biometric technology and its benefits.
Feel free to leave a comment below about your thoughts and opinions on this topic.