Biometric Security and Privacy - Essay Example

Biometric Security and Privacy If we compare the technology of today to that of fifty years back, we'd find that the advancements have surpassed the expectations of even the science fiction writers. The kind of technology and networking that exists around us has certainly made life simpler for us. But, the extent to which it has made us safer is still being debated. While on the one hand we have advanced security gadgets, on the other the acts of sabotage too are being carried out in most sophisticated manner. Biometric technology is an effort to diagnose the problems and fill some of the loopholes in the security setup. As of now it is being said that it'll be almost impossible to change the biometric features of human body, which in turn will help the security people to prepare a reliable database and identify the people with criminal background. Government of UK has taken up the exercise in right earnest and hopes to make the life happier for the citizens. Research Proposal In today's IT driven society, technology is all pervasive. In almost all aspects of life, the role of technology is all too evident to ignore. As the threat of viruses increase in the software world, the companies try to come out with the latest anti-virus updates and the cycle seems to go on. Similar situation exists in matters concerning security and privacy. Many a times, efforts are made by scrupulous elements to sneak in sanitized zones and cause discomfort to general public or destroy the security setup. Instances involving the theft of data from secure zones, theft of items from a retail store, fitting a timer bomb inside the metro tube, hijacking a passenger aircraft by smuggling in arms and ammunition inside a passenger aircraft, etc are the kind of instances which have forced the security agencies to go for an upgrade regularly. Technology proves to be quite helpful in devising gadgets and devices required for firming up the security apparatus. This research study is being undertaken to analyse how predominant the role of technology happens to be in handling the security issue in general and how the biometric technology has helped the security system in dealing with difficult circumstances. Biometrics can help during elections, authorised entry into an office, firming up security, preparing a database of the citizens etc. In fact there are some offices which make good use of biometric devices to ensure punctuality and discipline amongst the workforce. An effort would be made during the study how biometric system can help in these applications. These days the world community is experiencing a fierce security scare from a number of sources. International crime syndicates and also from terror related incidents in different parts of the world; despite highest security alerts is a testimony to the wide reach of the terror incidents. The 9/11 attacks on WTC twin towers in the heart of the US, the bomb blasts in London and Madrid , are some of the acts of terror which have forced the security agencies around the world to go for foolproof security measures. But this is resulting in complications for the common people. While on the one hand the terror attacks are resulting in loss of human lives, the heightened security measures are also causing lot of difficulties to the people whenever, they have to cross over a boundaries, check-in at the airport, attend public ceremonies, start a train journey etc. A debate has already started as to what extent the security agencies can be allowed to snoop into the lives of people, so that it does not amount to loss of privacy for ordinary and law-abiding people. While on the one hand the proponents of strict security measures say that it is all being done for the sake of the security of people, there are a number of others including many human rights activists countering this claim and asking the security agencies to have some restraint in snooping on the private life of unfortunate citizens. While the IT enabled environment has given the security agencies the much needed advanced tools to keep track of anti-social elements, the flip side is such techniques are also being used For example, soliciting details from gullible people from around the world, by sending across different types of emails has resulted into many frauds. Emails are sent to people with attractive financial offers or offers of providing adult content and when they respond to such emails or click the links provided, their online identities are stolen, which subsequently result in multiple crimes. Hacking of computers and websites of reputed organisations and sending across updated viruses are some other examples of usage of advanced IT techniques by the criminal elements. The Internet Crime Complaint Centre (IC3), an FBI and NW3C partnership in US states that in 2008 email and webpage had been two major mechanisms through which fraudulent contacts took place. While 74 percent of the contact took place through email, the webpage route accounted for 28.9 percent contacts1. Such developments point out to the need for stricter surveillance. These days surveillance is carried out in different ways depending upon the needs. While biometric surveillance help to tight up security measures at airports, railway stations, important offices, tourist destinations etc. measures like Radio frequency identification (RFID) tagging is used to monitor the movement of goods, vehicles and the workforce. In some ways these measures result in loss of privacy for the common people. This study is an attempt to analyse some of the arguments for and against these measures, while also taking a look at the prevailing circumstances and the advancements in technology. Research Questions and Objectives The study is primarily being undertaken to understand the concept of biometric security in general and the extent to which these measures have helped in strengthening the security around us. If the spate of the international crime and acts of terror in recent years is an indication, such security measures do not seem to have put a stop to such crime, but the routine life-style of common people certainly has come under increasing close observation from many quarters. The study will try to seek answers to the following key objectives. To analyze the security scenario and how it has undergone changes in the last couple of years. To find out the types of strategies adopted by the governments and security agencies to make the life of its citizens safe and secure. How the security agencies are making use of Biometric methods to figure out the security threats at different places like Airports, Bus Stations, Railway Stations, entry and exit points at the borders, entry gates of defence establishments and offices etc. What types of problems common people feel as a result of heightened security measures and how the security agencies have started snooping on to the privacy of people What impact does such measures have on the common people, workforce and diplomatic relations in general Research Methodology Method of research and subsequently the manner in which data is analysed forms the philosophical part of the research study. This study requires a comprehensive analysis involving both technical and non-technical aspects; studying government as well non-governmental resources etc. in order to arrive at an industrially acceptable finding. But, in this case it being a subject of study, the research methodology mainly involves; Gathering data from different sources Studying the existing literature on the subject Analysing the data with the tools akin to MS Excel and other statistical analysis tools etc. Data Collection For the sake of this study we can gather data by going through the content at reputed websites, data from international organisations, data from the local city governments and newly installed security setup at the nearby airport and metro station etc. In addition to have the first hand information about how people have started feeling as a result of extensive checks and what are the intricacies involved in this new procedure, we need to seek the views and opinions of some of the travellers, technical experts, security experts etc. The method that will be involved in the process of collection of primary data will be brief and yet comprehensive, aimed at soliciting maximum information that is related to the topic. Data will be compiled from the websites of reputed government agencies, articles published in various journals, newspapers, books and magazines. Some earlier researches carried out on the subject would also be studied to gain an insight on the technicalities involved. Both online and offline sources would be used to compile the data. The primary data will also be collected with the help of a Questionnaire, which will be distributed to people concerned like security officials, frequent travellers, airport officials, government officials, bank customers etc. Questionnaire will be prepared at a later stage with inputs from the latest incidents happing around us. It is planned to have a sample size of about 50 respondents. Efforts would be made to have a proportionate representation of people from across all disciplines. Well, for a research of such a topic, a sample size of 50 may not be reflective enough to arrive at the prevailing picture very accurately, but for the purpose of this study, it will be my endeavour to see that I am able to have a reflective survey at least. Data Analysis In order to analyse a professional research, we need to make use of statistical tools. This will help in comparison of data and arrive at logical conclusions. SPSS and MS Excel are the tools used mainly by the researchers for this purpose. In this case the data once collected will be analysed using the simple data analysis tools like MS Excel. With this we can prepare tabular reports of the data, which can subsequently be compared using pi-chart, bar-charts etc. After the comparison, we will be in a position to come out with statements about the findings. Conclusion After the data has been collected using primary as well as secondary sources, we need to correlate the data from different sources. In addition we need to figure out how different the findings happen to be from the existing records. Accordingly the researcher will arrive at any conclusion on the subject. Literature Review While the main focus of the research study is to find out the installation of latest Biometric devices at different installation, it would surely help in finding out how the technology has advanced over the years and why the need for biometric devices was felt. In this section, an effort would be made to have an analysis of the literature on all such related aspects. Literature review comprises of tracking the historical developments together with futuristic projections. As technology has been changing with a rapid pace over the years, the literature review on this subject will provide a handy guide in order to arrive at the finer details on the usage of biometric devices. A report by surveillance society (2006) points out that, actions of people are now increasingly being monitored. The monitoring includes, credit card transactions, mobile phone conversation, usage of loyalty or co-branded cards, and extensive intrusion with CCTV cameras, blocking communication signals at different times, regulating the internet traffic etc. Such activities have been termed as 'Data surveillance' by many researchers. The extent of intrusion from security agencies has been observed to an extent that for an ordinary citizen it would be very difficult to get off the hook. In fact if the trend is to be observed, it won't be an exaggeration to say that many companies have started taking unjustified advantage of the easy availability of such security measures. Privacy campaigner Christopher McDermott states, "You won't be able to hide from the system by closing your door or closing your curtains or hiding behind a wall". Gradually the surveillance needs of the society are transforming our privacy to more of public property, because nobody knows for sure, when someone lays their hands on the private affairs and it gets highlighted in national newspapers. This is particularly the case with corporate companies and celebrities, because in this competitive world, they are the most vulnerable ones' corporate companies from their competitors celebrities from the public obsession with their private life . The widespread use of identification technologies based on the physical characteristics of the individual has led to an intense debate amongst the pro and anti-biometric lobbies (Davies, 2007). The term "Biometrics" is derived from the Greek words "Bio" (life) and "Metrics" (to measure). Biometrics is an evolving field of science which deals with establishing the identity of a person based on his/ her biological, anatomical and physiological features like face, fingerprints, handwriting, voice, iris structure, retina, veins, DNA etc. Such features help in establishing the identity of the person without any effort from the person concerned. In fact even if someone tries to conceal his identity, biometrics won't let it happen. Ploeg (2006) states that in general there are types of biometric systems namely; A system comparing two biometric samples (called 'templates') and ascertaining the similarities or matching the features on different yardsticks. This involves authentication or verification of individuals' identity based on the claims of the individual. Another type of biometric comparison involves comparing the test sample with a large number of samples stored in the database of the system. This test involves a more complicated procedure as it tends to suspect the individual's identity by matching it with a number of other suspected biometric samples. The individual is let off only when the biometric samples are found different from the suspected persons list in the database. This step is resorted for detection of different kinds of frauds with when people taking on fake identities. The biometric identity cards itself can be used to store information comprising (Sullivan, 2007); i. The person's details like his or her name, address, date or place of birth, marital status, relatives etc; ii. Individuals' driving license or driving number iii. Individuals' passport or passport number iv. Individuals biometric data like his or her voice print etc v. Individuals' credit or debit card details vi. Digital signatures vii. Any other means used by the person to identify himself or herself viii. A personal Identification Number (PIN) While talking about the concept of personal ID cards for UK citizens, Davies (2007) states that such identity cards are necessitated because of the socio-technical nature of the personal identity management system in the information age. Proponents of such identity cards have been advancing arguments that such identity cards would not only help the government in establishing the exact identity, but it will also help the individual by saving him or her from annoyance at different sensitive places like airports, government installations. The votaries for such a concept cite examples of European states and a number of private organisations in UK, where it has successfully been implemented (Davies 2007). But, there are people and civil liberty groups who have been opposing the idea of using biometrics and excessive surveillance stating that such techniques might be misused by the governments to infringe into the private lives of innocent citizens, political rivals etc. Similarly, if these techniques are being used by some private enterprises or retailers, the information gathered, if goes into wrong hands, might be misused to blackmail someone. All such irregularities ultimately results in making the law abiding citizens less secure and also hurting their feelings. In fact history is replete with examples when a ruler has made use of the weaknesses of another ruler to conquer his empire, state, treasure etc. The key source for collecting the weak points was through snooping on the lives of people with the help of some unsuspecting devices or people. Therefore, the trend has certainly not come to a stop with the amount of power, influence corporate affairs and money involved in politics and business (Davies 2007). This is what the civil liberty groups fear the most in times to come. On the other hand if we think from the point of view of the security agencies, we'll realize that if any loopholes are left in the system, the anti-social elements are quick to utilize the opportunity to harm the social fabric. Who would've thought that two passenger jumbo jets of the country would be crashed against the twin towers of America with US citizens sitting inside the planes But, we all saw it happen in front of us. Had a system of identification been in place, those miscreants might have been identified and we might be in the midst of another kind of geo-political scenario. Well, these are just the afterthoughts about an ideal situation. The reality is, nevertheless foolproof we try to make the security setup the terror elements appear to find holes in the system and exploit the situation to harm the interests of humanity as such. Citing the views of pro-biometric lobby, Thomas (2005) states that if a bio-metric system is in place at airport that would mean; A more efficient, secure and expeditious procedure for security checks Freeing up of resources when low-risk passengers are in queue. That would help in focusing on higher priority areas. Allowing registered frequent travellers to pass through an accelerated airport control procedure Improvement in the airport security measures Reduction in congestion at the airports and other such installations. Minimization of cross-border violations by fraudsters. There are of course the incidents like the 9/11 attacks, the London bombing and Madrid bombing. which require regular and updated intelligence inputs so that the terror elements are not in a position to work out similar incidents, but at the same time the citizens also expect that the developed information-age society doesn't put them in embarrassing situations. Loss of privacy, intimidating acts, frequent delays at airports and metro stations; heightened security mechanism etc are some circumstances leading to the discomfort of citizens in general. But the proponents of stricter security measures would argue that such voices would have no significance, if we take a look around us. While on the one hand security agencies appear on their toes to avoid repeat of the terror incidents, the stray incidents happening here. Such circumstances force us to think about the inevitability of leading a life full of surveillance at different places.. On the other hand, people against this strict security measure believe that we are moving towards an Orwellian surveillance society. But the unsettled point is how much is too much as far as such intimidation is concerned The process of biometric identification itself involves a series of steps like (Thomas, 2005); Collection of 'raw biometric data'. This process of enrolment is a huge exercise in itself as a slight error in collecting data would imply misconstruction of the identity of someone and lots of hardships afterward. This enrolment is done with the help of physiological factors like Iris scan, finger-prints, hand, face, earlobe lips, voice, retina, DNA, body odour, sweat pores etc. The data hence collected is then stored in 'template' forms in memory in a centralised database. These details can also be stored in the smart Identity cards being carried by the citizens. The smart card stores the info with the help of RF tags. The Biometrics ids are then used in two ways. If the individual carrying the Biometric identity card, his or her records are matched against the details stored in the database. If all parameters are matched, the person is allowed easy access, otherwise further security checks are taken up. Such measures are used when the person enters a nuclear establishment, or an office premises. At places like airports, metro stations, another kind of security checks are undertaken by the security agencies. The biometric parameters are also matched with the available database of some of the suspected persons, and if any doubtful matches are found, a comprehensive check is done by the security agencies. In UK the biometric Identity cards can be used at a number of locations under different situations like; Immigration cards having passport number and measures of the user's hand/ finger. For gaining access to a system laying a finger on a sensor or peering into a webcam can suffice Fingerprints taken as a legal requirement for a driver license, but not stored anywhere on the license At the retail outlets, access to certain areas is controlled by biometric identification Automatic facial recognition systems searching for known card cheats in a casino Season tickets to an amusement park, metro train, bus journey linked to the shape of the purchaser's fingers Home incarceration programs supervised by automatic voice recognition systems Confidential delivery of health care, entry control at ATMs and Government programs through iris recognition The international community has been discussing the pros and cons of putting in place such intrusive system for quite some time now and in consultation with human rights groups, privacy protection laws have also been put in place in many countries with localised sets of instructions (Zorkadis and Donos, 2004). The safety clauses include unlawful storage or storage of inaccurate personal data or the abuse or unauthorized disclosure of personal data. Ploeg (2003) also underlines the need for better coordination amongst different agencies with the security establishment to detect cases like people faking the identities to take undue advantages. It has been claimed that once the biometric system is fully in place, it will result in savings of billions of public spending. Zorkadis and Donos (2004) also talk about the safety initiatives undertaken by agencies like the Council of Europe's Convention of the Protection of Individuals with regard to Automatic Processing of Personal Data, and the OECD's Guidelines Governing the Protection of Privacy and Trans-border Flows of Personal Data. It has been contended that if adequate safety measures are undertaken, it will result in better living conditions for an average person on the street In addition, it will also help the security agencies to identify the weaker links in the security set-up and focus towards strengthening these weaker links. Talking about the quality of data being stored using the biometric devices, and keeping unfair means at bay Grupe et al (2002) state that the data thus stored should be; Processed fairly and lawfully Collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes. Adequate, relevant, and not excessive Accurate and, where necessary, kept up to date Kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Despite these safety clauses, there are instances which have strengthened the arguments of human rights groups against excessive surveillance. Amendment to the US Patriot act was introduced by the then US government for strengthening the security mechanism and zeroing on the security suspects. Under the act, government has now been authorised to intercept telephone calls of people suspected as potential threat to the sovereignty of the country. But the political misuse of similar measures in the past resulted in the voices from opposition parties that this act is in gross violation of the basic human rights (ACLU, 2004). Similarly, incidents came to light in UK where the authorisation of phone tapping was misused by some police officials themselves. Bone (2007) mentions one such incident when two police officials were convicted of illegally bugging phones and hacking into computers of hapless citizens. These officials were doing this at the request of a private detective agency. The fact of the matter was that the police officials were fully trained to carry out such activities by the government, but they were not authorised by the government to indulge in such activities. These officials were doing it because of some lucrative favour being extended to them by the private parties. If the argument is extended further and we start thinking about similar situation in which duly authorised persons start misusing the biometric records of the chairman of a company at the request of a rival company, then it will lead to a very traumatic situation not only for the individual but also for his company and might even result in changing the market dynamics. Therefore, the dissenting voices from human rights groups are certainly not out of place. Instead, these argument need due respect and discussion before finally venturing out with a fully functional biometric society. It also needs to be emphasised that implementation of biometric identity cards is a very costly affair as well. In fact, as of now only limited few countries can actually think about implementing such measures. Developed nation like USA, UK and the European region only have started taking firm steps towards biometric security measures. It also needs to be highlighted that biometric security would be useful if someone tries to fake the identity of another person or if his/ her previous record is suspicious. But what if the perpetrators of the crime are authentic citizens of the country The 9/11 incidents in US have been the key catalyst behind the debate for biometric security measures. Surprisingly, all 19 persons responsible for 9/11 made a friendly entry to USA using their own passports, valid visas and after verification of their individual biometric identifications2. The only thing that the security agencies could not prejudge was their 'intentions' and there are no such devices yet which can measure the intentions as well. We are indeed part of a highly networked society using a number of advanced techniques at different levels. Therefore, we must be forward looking in our approach. Biometric identity is certainly a step ahead in this direction, only if sufficient safety precautions are adopted by the government. The task appears gigantic, but it also depends upon the security agencies as to how they move forward, taking all stakeholders into confidence. In fact, when Tom Geoghegan (2004) from BBC volunteered to have his Biometric Identity card under the pilot scheme way back in 2004, he was excited and narrated his experience as he went through the entire process of recording his biometrics on different machines and subsequently carrying his biometric identity card. He was told that the information on the chip would also be stored on a national identity register which could be accessed by the police, different government departments, the Inland Revenue, immigration, intelligence services etc. which in turn implied that Tom Geoghegan would be tracked by them all. This feeling of being tracked is what gives a psychological setback to many people. Such apprehensions can only be discarded if we grow into a more mature and tolerant society. As of now, in view of the security breaches at important installations, it appears a necessity that Biometric identity cards should be used as an important tool to defend and protect the human being against the enemy of humanity, wherever they are around the world. Biometric devices work best depending upon the robustness, distinctiveness, availability, accessibility and acceptability of the biometric imprint or scan. Therefore the challenge for biometrics is to look for a 'robust' characteristics i.e. which doesn't change over time. A distinctive scan or imprint implies that the entire population can be differentiated on the basis of one or two characteristics. These distinctive characteristics should also be available in all the people for being measured by the devices. These characteristics should also be easily accessible without irritating the individual and demeaning his/ her prestige in any manner. At the same time it is equally important that the masses, in general, accept in good measure use of these techniques as unobtrusive and in people friendly and they do not object to using these techniques. Conclusion for the Literature Review It is quite evident from the study so far that despite a number of reservations, the biometric devices are gaining popularity all over the world. Cost of such devices and the huge time and efforts required in installing such devices have certainly been proving to be a gigantic task for the planners, but the determination expressed by some of the leading governments will make sure that biometric devices are installed wherever required in near future. References: 1. ACLU (2004). 'Conservative Voices Against the USA Patriot Act'. American Civil Liberties Union. Available online at http://www.aclu.org/national-security/conservative-voices-against-usa-patriot-act (Nov 12, 2009) 2. BBC (2006). Britain is 'surveillance society'. available online at http://news.bbc.co.uk/2/hi/uk_news/6108496.stm (Nov 14, 2009) 3. Bone, Victoria (2007). How 'Hackers Are Us' worked. BBC. Available online at http://news.bbc.co.uk/2/hi/uk_news/6767019.stm (Nov 12, 2009) 4. Davies, Paul Beynon (2007). Journal of Enterprise Information Management, Vol. 20 No. 3, 2007. Emerald Group Publishing Limited. 5. Geoghegan, Tom (2004). 'I've got a biometric ID card'. Available online at http://news.bbc.co.uk/2/hi/uk_news/3556720.stm (Nov 12, 2009) 6. Grupe, Fritz H.; William Kuechler, and Scott Sweeney (2002). 'Dealing with Data Privacy Protection: An issue for the 21st Century.' Information Systems Management. Fall 2002. 7. Harcourt-Webster, Adam (2006). Is business the real Big Brother Available online at http://news.bbc.co.uk/2/hi/business/5015826.stm (Nov 14, 2009) 8. IC3 (2008). 2008 Internet Crime Report. Available online at http://www.ic3.gov/media/annualreport/2008_IC3Report.pdf (Dec 13, 2009) 9. Ploeg, Irma van der (2003). Biometrics and Privacy. A note on the politics of theorizing technology. Information, Communication & Society 6:1 2003. Routledge, Taylor & Francis Group. 10. Sullivan, Clare (2007). Conceptualising Identity. International Review of Law Computers & Technology, Volume 21, no. 3, November 2007 11. The Economist (2003). The emerging use of biometrics-White Paper. Available online at http://www.ebusinessforum.com/index.asplayout=rich_story&doc_id=6878 (Nov 12, 2009) 12. Thomas, Rebekah (2005). 'Biometrics, International Migrants and Human Rights'. European Journal of Migration and Law 7, 2005. Koninklijke Brill NV. 13. Zorkadis, V and Donos, P (2004). On biometrics-based authentication and identification from a privacy-protection perspective. Information Management & Computer Security. Vol. 12 No. 1, 2004. Emerald Group Publishing Limited. Read More