Biometric Identification and Identity Theft
Are Biometrics Actually Proof Positive It's Really You?
Biometric verification is a process of identity authentication that is used to confirm identity through uniquely detectable biological traits and may be an effective tool in the war on crime. Television shows like "CSI" and "NCIS" employ biometric ID methods to access fingerprints, facial recognition, voice patterns, and retinal scans. But how useful is biometric identification in combating identity theft?
Although technology has been a scapegoat for many identity thefts, in many ways technology has provided some of the most solid defenses against the rising tide of identity theft. Radio-frequency identification (RFID) tags, data encryption, and similar high-tech innovations have gone a long way to securing personal information. The federal government is even considering using biometric ID cards to combat illegal immigration. In fact, it's easy to make the argument that the problem isn't in the technology, but in our lack of interest in protecting personal information because biometric ID use is not a widespread as it possibly could be.
The Basics of Identify Theft
The idea of somebody stealing your biometric information isn't as far-fetched as you might hope. It has already been shown how simple it would be to plant false DNA evidence. One article even goes so far as to say that "any biology undergraduate can perform this."
Victims of identity theft report that it can take a minimum of three to five years to fix an identity theft problem. You may be able to get a new credit card in two weeks once you have all the information to the bank or credit issuing authority, but who will issue you a new set of fingerprints to replace the stolen ones?
In the end, we will probably see the same problems arise even with widespread use of biometric identification technology, and some think the problem may get even worse. It is because the way biometrics work isn't any different from credit cards.
Are Biometrics the Answer?
Because we can touch our credit cards, it's easy to think of credit as a tangible item. The plastic is what makes it real, but that's not the whole story behind credit. Today, credit is nothing more than a long string of numbers stored in a computer somewhere. When you swipe your card at the local merchant, the information stored on your card is converted into another number and sent to your bank. If the numbers match up, you get to walk home with a new purchase.
Biometric identification works similarly, but you're using your fingerprint instead of a card. It will still be turned into a string of numbers and run through a computer network. So does it matter where the string of numbers comes from when an identity thief gets hold of it?
Despite what some experts say, a database is a database. A hacker can still steal data from a computer or network; it doesn't matter if that data is a credit card number or a digital voice print.
As far as security is concerned, many experts agree that maintaining "token" forms of identification are probably superior. Token identification is a card, password, personal identification number (PIN), etc. It is something that can be canceled or changed if it is lost, misplaced or stolen. On the other hand, biometric identification can't be lost, misplaced, or loaned to a friend, but it also can't be replaced if it's compromised either. This reality, combined with certain privacy issues (tracking, profiling, consumer-related privacy issues, etc.), is making experts give serious consideration to whether biometrics are a viable option on a large scale.
Biometric Identification: False Sense of Security
Biometrics have a few quirks of their own, too. For example, broad smiles showing teeth are now banned for passport photos. It is because smiling may distort other facial features that are considered essential for biometric identification. Facial recognition software may not adjust well for smiling subjects because the facial muscles, especially eyes, are different when you are smiling.
But the biggest consideration is that a biometric identity system is only going to be as good as the information that's put into it in the first place. In other words, your fingerprint won't tell anyone who you are, all it can do is keep you from using somebody else's identity once you are in that system. In fact, identity theft expert John Sileo said, "If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history—and our thumbprint will become just another Social Security Number."
And that would be a grim future indeed.