Aligning Biometrics with Data
This chapter is concerned with the data records which are aligned with biometrics. It therefore focuses strongly upon data management and the personal profiles which are constructed and maintained with respect to each individual. It starts by confirming what a biometric identity verification transaction really is and how conclusions are reached with respect to degrees of likeness between two biometrics, based upon a predefined threshold. We discuss the accuracy of the source data appertaining to personal profiles and the unrealistic assumption that, somehow, a successful biometric check validates such information. Consequently, we revisit the registration process and stress the importance of validating any source data at this point, highlighting the ease with which fraudulent identities may be created as a result of weaknesses in the registration process. This leads us to the importance of training for registration facility personnel and, similarly, the importance of an equivalence of process between registration facilities. We discuss the concept of biometrics as simply an additional security feature within existing methodologies and stress that it is the authenticity of the associated data record which is of primary importance, as it is upon such information that transactional decisions are made. Policies around access to such information and how they are enforced in everyday operation are of considerable importance in this context and are discussed accordingly. Information security is of course vitally important with respect to large-scale systems handling personal information and we discuss the importance of understanding system’s infrastructure and associated data flows, as well as factors such as encryption, systems component configuration and the concept of information security embedded into operational processes. Identity theft is becoming widespread and is likely to become even easier with the wider proliferation of personal information. We discuss how a general disrespect for the privacy of both citizens and personal information, coupled to ineffective legislation, is generally exacerbating the situation and we call for a more ethical approach to data management in general.