home news blogs forums events research newsletter whitepapers careers


UBM Network Computing
TechWeb
Visit our SOA/Web Services Immersion Center

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers






Are Biometrics Too Good?
January 25, 1999

By Robert Moskowitz  After years of promise and hype, biometric devices are finally delivering the goods at an affordable price. But are they the cure-all for our authentication needs? The answer is multifaceted and has more to do with human interactions than it does with basic technology.

Forget spy thrillers with their gory methods of defeating biometric devices. These elaborate and expensive schemes likely won't be used against corporations. Some biometric systems on the horizon actually require the participation of your brain and your muscles--meaning that the bad guys will need the owner of the body in question to interact with and try to fool these new biometric devices. With these advances, we need to consider where and how we might successfully deploy biometrics, but we must also chart areas where it makes sense to resist the temptation to use them instead of other authentication technologies, such as digital certificates.

The Bond That Is Too Strong Will Break Itself Biometrics create an extremely strong bond between a person and a set of bits. If these bits are used in the keyed hash of an e-mail message, this electronic signature is more trustworthy than any legal written signature system in use today (except, perhaps, the public signing of documents that are then kept in sealed, public displays with a 24-hour-a-day guard). Initially, this seems wonderful: A person could use this technology to sign his or her IRS 1040 electronic data file (thanks to the rider attached to the 1999 budget bill derived from SR2107 with a few important changes). The IRS would accept this electronic signature without any additional paperwork or notary-public fuss and send you your refund check, or use EFT (electronic funds transfer) to empty your designated account.

But why would a government agency or a private company accept a biometrically authenticated document? The answer lies in the history of signatures and Western law. The practice of accepting cursive lines of ink on paper is based on after-the-fact authentication. Imagine the lengths a person would need to go to submit your 1040 and collect your refund. It would entail a great deal more than simply forging your signature. The government should be willing to trust these new electronic signatures and the technology on which they're based the same way they accept our ink marks. An electronic signature is considerably harder to forge than a penned signature. Any court would have an easier time proving ownership of a biometric signature than a traditional signature in ink.

So biometrics sound great, right? The answer to all our ills, right? Wrong. Essentially, biometric devices are too good. Their risk lies in the fact that biometrics are so reliable as personal identifiers that using them could threaten a person's privacy. The string of bits produced by a biometric input device could be tied to a profile of the citizen, creating a biometric ID that would be an absolute national registration ID. Consider the ease of finding anything you wanted to know about an individual if all of that person's data were tagged with a biometric ID.

Biometric advocates counter that there's no better way to stop a very frightening digital development: theft of identity. The ease with which an individual or group can gather enough information about a person to then impersonate that individual sounds like the stuff of movies, but it's all too possible. Indeed, people have had their credit damaged and their reputation destroyed by others who were using their identity. But biometric proponents believe that if the government maintained an irrefutable identity for an individual, identity theft could be stopped before it starts.

Other articles
by Robert Moskowitz
Virtual Private Networks For Sale
August 15, 1998

Keeping Your Internet Investment Safe
September 15, 1998

Addressing the Needs of Corporate Networks
October 15, 1998

Preparing for Networking in the Next Millennium
November 15, 1998

EDI to E-commerce: Two Generations of Spending
December 15, 1998

Other Columnists
this issue
Net Results
By Dave Molta

On the Edge
By Art Wittmann

Company Directory
Browse our directory to get data, starting with a particular company.
Reader Service
Allows you to request additional product information from our advertisers.
Print The Full Article
ClickHere
E-mail this URL
Clicke-mailHere
Buy the Book

Page 1 | Next Page





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Media Kit  |   Briefing Centers
Other Techweb Sites:   InformationWeek Reports  |  Intelligent Enterprise  |  Light Reading  |  InformationWeek
Techweb  |  Dark Reading  |  Network Computing Germany  |   Byte & Switch  |  bMighty  |  Small Biz Resource  |  InformationWeek Analytics
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights