Home opinion-and-analysis Whiskey Tango Foxtrot Too many people refuse to get it - Biometrics is not the same as DNA

I was totally flabbergasted at today's news that Monash City Council was receiving resistance to a simple biometric application for time-and-attendance monitoring.  Wake up people, this stuff has been around for well over ten years.

On this morning's AM radio show on ABC radio, I was astonished to hear that there was resistance to a plan to introduce vein scanning (one of many possible biometric systems) as a time-and-attendance system into Monash City Council's libraries.

According to ABC reporter Sue Lannin, "Biometric technology like iris fingerprint and vein scanning is big in the movies and it's set to come to a workplace near you soon."

No, that's a lay-person's mistake, I don't recall EVER seeing vein recognition in the movies; it's a great segue, but almost certainly not true.

Lannin continues, "More and more employers are using the technology for rosters to make sure their workers clock on and clock off when they are meant to." 

Yes, that's true (assuming she's referring to biometrics in general).  In this writer's personal experience, such systems have been in use for at least a decade.  Most Woolworth's stores and a good number of registered clubs in NSW have used fingerprint systems for time-and-attendance for at least that long (the nicotine stains on the readers are a clear indicator of their longevity!).  There are probably many others.

Later today, we read that "Monash City Council would require library staff to provide DNA samples in order to scan workers' veins using pattern recognition technology when they clock on and off for a shift."

Thus we have an excellent example of news being delivered to us by stupid people.

Would the unnamed AAP writer who penned this piece PLEASE explain the confluence of vein scanning and DNA?  As a (reasonably) well regarded biometrics proponent in his hey-day, this writer is at a total loss to understand the connection between an optical (or perhaps infrared) scan of the veins in one's fingers and one's DNA. 

Not only is there zero connection between the two, but any biometrics protagonist would run away screaming from any such inference.

As a time-and-attendance system, biometrics is used for two reasons.  Firstly to improve the certainty that the person clocking on (or off) really IS the person clocking on (or off).

Secondly to speed up the process (both of the actual clock on/off and of the back-end systems).

Many ask, "How quickly will my information end up with the Police (or other authorities)?  The surly answer is, "As quickly as by any other means!"

There is nothing special about biometric data that allows it to circumvent all of this country's privacy and data protection legislation.  In fact, with the special attention of state and federal privacy officials, any circumvention is much tougher than most other forms of data.

For instance, readers might wish to speculate about the ease with which the authorities can access video surveillance footage of just about any crime.

Hint: there is nothing special about biometric data - it is subject to the same privacy laws as every other kind of personal data (and a whole lot more special focus!)

The data stored in the back-end of any biometrics management system is NOT a plain-text image of the captured finger (or face, or iris etc).  Instead, it is a computed summary (the computation differs from biometric method to biometric method).  This summary is created in such a way that it can be used to evaluate a later image and determine (with some degree of accuracy) whether the two are sufficiently similar.  If they are, the person is authenticated.  This degree of match-ness is tuneable in most systems.

Thus it is very obvious that a simple 'picture' of the previously captured reference image (be it a voice, face, iris, fingerprint or vein pattern) is simply not sufficient for long-term (potentially inaccurate) matching - there is a huge need for smart fuzziness in the system.  Not only do people get very blasé about the way they present their finger, hand, face etc, but these bearers of biometric uniqueness change over time (do you *really* look like your 8-year-old passport photo?  Be honest here!).

In summary, once (easily offered and proven) guarantees of non-sharing of biometric data are given by companies, there is much to gain and very little to lose from such systems.

As this writer was heard to utter on a number of occasions... "give passwords the finger!"



Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities