Another Biometrics Fuss
I would today like to take up this article by Pia Tesdorf on FTC policy statement on biometrics https://www.linkedin.com/posts/piatesdorf_ftc-policy-statement-on-biometrc-information-activity-7068615031852027904-3U7j
I assume that the problem being discussed here is common not only among fingers and eyes but among all the biometrics scans, whether static or behavioural: All the biometrics share the same feature, that is, they measure the unpredictably variable body features of living animals in ever changing environments. All of the biometrics are inevitably probabilistic by nature.
Whatever is probabilistic brings False Acceptance and the corresponding False Rejection. The former invites attackers to take advantage of it by any possible means, while the latter can only be solved by bringing in a fallback measure, a password/pincode in most cases, to the delight of attackers.
Deployment of biometrics in identity authentication results in destroying the security that the password/pincode has somehow provided so far, as visually examined in this 2-minute video “Biometrics in Cyber Space — ‘below-one’ factor authentication” https://youtu.be/wuhB5vxKYlg
Deployment of biometrics in individual identification by the officials who are not literate enough about the probabilistic nature of biometrics often results in mistaken arrests. This problem could have been largely prevented if the biometrics vendors published the empirical false acceptance rates and the corresponding false rejection rates. (empirical = actually measured in the real use environments), which they would not publish and the authorities are silent about.
Ref: Collection of biometrics-related blogs — “Biometrics Unravelled | password-dependent password-killer” https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
And yet there are so many security professionals and media reporters who are still loudly touting biometrics as an advanced high-tech solution while looking away from the need of getting empirical false acceptance/rejection rates known to the public.
Thanks to Pia Tesdorf for calling me.
