Network Computingwww.networkcomputing.com

Forget spy thrillers with their gory methods of defeating biometric devices. These elaborate and expensive schemes likely won't be used against corporations. Some biometric systems on the horizon actually require the participation of your brain and your muscles--meaning that the bad guys will need the owner of the body in question to interact with and try to fool these new biometric devices. With these advances, we need to consider where and how we might successfully deploy biometrics, but we must also chart areas where it makes sense to resist the temptation to use them instead of other authentication technologies, such as digital certificates.

The Bond That Is Too Strong Will Break Itself Biometrics create an extremely strong bond between a person and a set of bits. If these bits are used in the keyed hash of an e-mail message, this electronic signature is more trustworthy than any legal written signature system in use today (except, perhaps, the public signing of documents that are then kept in sealed, public displays with a 24-hour-a-day guard). Initially, this seems wonderful: A person could use this technology to sign his or her IRS 1040 electronic data file (thanks to the rider attached to the 1999 budget bill derived from SR2107 with a few important changes). The IRS would accept this electronic signature without any additional paperwork or notary-public fuss and send you your refund check, or use EFT (electronic funds transfer) to empty your designated account.

But why would a government agency or a private company accept a biometrically authenticated document? The answer lies in the history of signatures and Western law. The practice of accepting cursive lines of ink on paper is based on after-the-fact authentication. Imagine the lengths a person would need to go to submit your 1040 and collect your refund. It would entail a great deal more than simply forging your signature. The government should be willing to trust these new electronic signatures and the technology on which they're based the same way they accept our ink marks. An electronic signature is considerably harder to forge than a penned signature. Any court would have an easier time proving ownership of a biometric signature than a traditional signature in ink.

So biometrics sound great, right? The answer to all our ills, right? Wrong. Essentially, biometric devices are too good. Their risk lies in the fact that biometrics are so reliable as personal identifiers that using them could threaten a person's privacy. The string of bits produced by a biometric input device could be tied to a profile of the citizen, creating a biometric ID that would be an absolute national registration ID. Consider the ease of finding anything you wanted to know about an individual if all of that person's data were tagged with a biometric ID.

Biometric advocates counter that there's no better way to stop a very frightening digital development: theft of identity. The ease with which an individual or group can gather enough information about a person to then impersonate that individual sounds like the stuff of movies, but it's all too possible. Indeed, people have had their credit damaged and their reputation destroyed by others who were using their identity. But biometric proponents believe that if the government maintained an irrefutable identity for an individual, identity theft could be stopped before it starts.