For the most part, owners and manufacturers of biometric hardware have quelled the public’s fears about the perceived threats biometrics pose to personal privacy. Despite periodic spikes of resistance from civil liberties groups, most people who use biometrics to clock in at work, log onto computers or unlock doors now know their fingerprint information cannot be easily duplicated for misuse, and the government is not secretly collecting biometric data from every workplace access point into a mammoth Orwellian database.
In response to the increasing use of biometrics in private business, the International Biometrics Industry Association has developed privacy principles that call for safeguards on biometric data, strict user control over biometrics in private-sector applications, and laws that compartmentalize and carefully regulate the use of biometrics in the private sector. In addition, several states have passed their own legislation concerning the gathering and distribution of biometric data.
In fact, instead of a threat to privacy, biometric technology has become privacy’s greatest defender.
The Rise of Information Security
Biometric technology was first used in physical access control, and although its use in that sector is growing, it is limited compared to what’s going on in the information technology field. Almost daily reports appear about the theft of laptop computers, credit card numbers, medical records, and financial data.
Legislation like the Health Insurance Portability and Accountability Act (HIPAA) has led to federally mandated security for personal information. In the case of HIPAA, healthcare providers are obliged to prevent abuse and fraud and provide administrative simplification and medical liability reform. In the legislation’s wake, providers have worked diligently protect patient records. However, despite their best efforts, computers and media containing patient data have been stolen or simply misplaced. The use of biometrics provides a means by which healthcare records can be kept confidential, even when storage media are lost or stolen. Biometrics offers similar benefits for compliance with other privacy legislation as well.
Secure access is granted based on one or more of these factors: who you are, what you have, and what you know. Data security has often relied only on what you know—your username and password—to grant access to information. IT managers have devised clever and complex password systems requiring frequent changes, rules for alphanumeric and symbolic characters, and prohibitions against repetition of character strings. Password management and allocation often becomes so complex that a user resorts to typing the password into a text file and leaving it on his or her electronic desktop, or worse, writing it on a Post-it note and sticking it to the monitor.
When IT managers also require a “what you have” factor—such as an access card that transmits the password to the terminal—it may end up in a desk drawer or hanging on a cord suspended from a push-pin, readily accessible to others.
Biometric technology provides a “who you are” solution to these issues, ensuring the person gaining access to data is, in fact, the person authorized. As with any credential-based access system, the biometric technology employed must be reliable, user friendly and, most of all, manageable, and technology developers have rushed to meet those requirements.
Fingerprint readers have dominated computer access applications due to the minimal real estate they occupy in already crowded workstations. DigitalPersona Inc. of Redwood City, CA, makes a broad line of optical fingerprint readers for strong authentication, ID verification and computer access. The company’s new DigitalPersona® Pro 3.2 features enhanced One-Touch Sign-On® that allows users to log onto Windows networks with a single touch of the fingerprint reader, which then forwards the necessary password to enter.