Leaks in the back-end?
According to the Australian Biometrics Institute's CEO Clive Summerfield, there are essentially three problems associated with the roll-out of biometric technology, and all stem from a knowledge gap that threatens to derail the industry.
"Firstly we are looking at cost, but not just in terms of straight dollars, rather in terms of cost-benefit to users, then accuracy. It is important to have accurate advice on error rates, and how these can be minimised via appropriate deployment," Summerfield explains. "And the third is use-acceptance, if people don't feel comfortable using their biological signatures there will be no point in investing in the technology."
At this stage, Summerfield is primarily concerned with providing potential biometrics users with reliable information regarding the nature of the technology they are applying.
On March 20, 2002, the group is holding a conference covering the technological and social repercussions of biometric advancements in Australia. Speakers range from Malcolm Crompton, federal privacy commissioner, to CSIRO's chief-science assistant.
Summerfield is keen to see open debate in the area, admitting that the industry is walking a fine line in terms of public acceptance.
"There are a couple of issues in terms of privacy. One is the extent to which biometrics will enable government and organisations to gather and cross-reference information any more successfully using biometrics," Summerfield says. "The other is the importance of the way the technology is integrated."
Conceding that it will only take one breach of security to discredit the entire industry, Summerfield is emphasising the technological integrity of a biometrics-based security solution.
"There are big compliance issues," Summerfield says. "This is why the industry needs to get together to discuss standards, especially in terms of backend integration."
As e-solutions manager at Siemens business services, Reg Smyth is also aware of the need to secure the back-end.
"A lot of government-to-consumer or business-to-consumer interactions will become easier if you can securely identify the person at the other end," Smyth says. "However, you have to be committed to a certain level of accuracy, and security of the information while it is in transit."
Similarly, Stuart Suarez, webmaster of industry watch Web site Biometric Security believes back-end encryption is as important as the effectiveness of the front-end scanner.
"Encryption is as important in biometrics as it is in any other field," Suarez says. "A lot of vendors are getting around it by securing the algorithms and not telling anyone how the encryption operates, they make the whole thing proprietary.
Suarez points out that problems arise when the technology isn't specifically developed with this level of security in mind.
Summerfield believes these issues further underline the need for industry groups to unite.
"It is in no one's interests to see the industry fail," Summerfield says. "That is why it is important to get in early and work with industry, government, and users. Australia has a unique opportunity to be an world leader both in terms of the technology and the way in which it is implemented, but that is not going to happen unless these groups come together and share information."
