(this page is part of the Family Guide to Digital Freedom, 2007 edition. Please do read that introduction to know more about the Guide, especially if you mean to comment this page. Thanks)

You are a password. Always the same

Originally, biometrics was that branch of science which performed statistical analysis of biological characteristics. Later on, the word started to indicate any technique for identifying people, with a computer, against unique physical characteristics like fingerprints, voice or retina. Sounds cool, uh? Almost too good to be true. In fact, it is too good to be true, unless it’s very well thought out and designed, something that could be still impossible to achieve.

Behind all the fancy equipment and the cool living-in-sci-fi feeling, all the biometrics circus is still just about passwords. What happens when you type a password? The computer translates it into a sequence of bits and if that sequence is equal to the one already in the system, you are in. What really happens, instead, when a computer captures your retina or fingerprint scans, DNA sequences or anything else of that kind? The final result is nothing more than a digital description of that part of your body that is, again, just a really long sequence of bits: a password, nothing else. This second sequence of bits is simply supposed to be much better as an identifier than a traditional, typed one because it is:

• unique to you (and cannot be transferred to anybody else)
• so long that is impossible to guess it by pure chance and…
• unlike typed passwords, it is not necessary that you remember, learn or ever see it at any time

This is the real difference, the real advantage: with biometrics, you become the password. This is also the really critical disadvantage: unlike passwords, you cannot be reissued. What if a cracker intercepts and duplicates that bit sequence corresponding to your retina or fingerprints? Traditional passwords can be changed; if you lose your ATM or credit card you can have a new one with a different code. Can you, however, replace your perfectly working retina or finger with new ones? Should you do it, just because some company didn’t secure its computers? Who is going to pay for surgery?

The reason to bother about this stuff is that we’re already past the phase when it only happens in science-fiction or top-secret military facilities. It’s already in our normal lives because it already is a billion dollar market.

Shopping with your fingers

In June 2006 a convenience store in Tampa, Florida, announced that it had installed a device that scans fingerprints to process payments through a debit account without cards or PIN numbers to remember.

Many other small and big companies want to do similar things because it is another, very promising way to reduce jobs, er.. costs. Payments made in this way would be faster and possible without the usual fees even on debit account or electronic checks payments.

The Tampa shop obviously pledged to keep all this personal information strictly private, but biometrics data are much more dangerous to leak than credit card numbers or ATM codes. Anybody willing to use such systems should give much bigger guarantees (that is, spend much more money on computer security) than they did in the past.

Another weakness in the arguments for recording customers' fingerprints is that privacy wouldn’t be a concern because the fingerprint images are “not the same” as those collected by central Governments or law enforcement agencies. This is true, but even the fingerprint images collected on an actual crime scene are never exactly the same as those stored in police databases. In spite of this difference, they’re still able to match them, just like you can recognize the same person in two different pictures.

How to duplicate fingerprints at home

Wherever huge quantities of money change hand there will be somebody working hard to steal some of that money. We already know about false ATMs and credit cards. Unless biometrics systems are very carefully planned and deployed, false fingerprints could make frauds much easier through biometrics, and it is already possible to make them.

In 2006 a Japanese mathematician and amateur scientist succeeded in fooling fingerprint recognition devices with replicas of human fingers that he had built with dime store modeling compounds or dentist materials. The result was good enough to trigger virtually all of the most sophisticated biometric devices. The same guy also showed how to capture fingerprints from drinking glasses and similar surfaces.

Replaceable biometrics?

How can we protect ourselves? What if, five or ten years from now, all the stores in our area replace cash, ATM and credit card payments with biometrics? At the very least, they should assure us that their system is as at least as re-settable as the one they replace, that is that when (not if, when) somebody copies the bits they can be voided and replaced. If it’s really going to be biometrics some day, it had better be replaceable.

IBM, for example, is already working on this. In 2005, they announced that they are developing some software that can transform biometric data like fingerprints into distorted models that still preserve enough actual identification markers. These models are still usable but irreversible: it is impossible to recreate the original digitalized fingerprint by looking at them.

If a store, bank or other organization only keeps a copy of the distorted model, it’s not a big deal anymore if somebody cracks the computer where it is stored. Even in such a case, no criminal would have your real fingerprint, and another model can be regenerated.

In such a scenario, fraudulent access to biometrics data would become much more similar to stolen or lost credit cards: bad, but not irreparable. As long, that is, as you don’t need to call the bank with a fingerprint protected cell phone, or drive there in a car that will only start with your retina.