Home opinion-and-analysis Whiskey Tango Foxtrot Too many people refuse to get it - Biometrics is not the same as DNA


JUser: :_load: Unable to load user with ID: 3018

Too many people refuse to get it - Biometrics is not the same as DNA

I was totally flabbergasted at today's news that Monash City Council was receiving resistance to a simple biometric application for time-and-attendance monitoring.  Wake up people, this stuff has been around for well over ten years.

On this morning's AM radio show on ABC radio, I was astonished to hear that there was resistance to a plan to introduce vein scanning (one of many possible biometric systems) as a time-and-attendance system into Monash City Council's libraries.

According to ABC reporter Sue Lannin, "Biometric technology like iris fingerprint and vein scanning is big in the movies and it's set to come to a workplace near you soon."

No, that's a lay-person's mistake, I don't recall EVER seeing vein recognition in the movies; it's a great segue, but almost certainly not true.

Lannin continues, "More and more employers are using the technology for rosters to make sure their workers clock on and clock off when they are meant to." 

Yes, that's true (assuming she's referring to biometrics in general).  In this writer's personal experience, such systems have been in use for at least a decade.  Most Woolworth's stores and a good number of registered clubs in NSW have used fingerprint systems for time-and-attendance for at least that long (the nicotine stains on the readers are a clear indicator of their longevity!).  There are probably many others.

Later today, we read that "Monash City Council would require library staff to provide DNA samples in order to scan workers' veins using pattern recognition technology when they clock on and off for a shift."

Thus we have an excellent example of news being delivered to us by stupid people.

Would the unnamed AAP writer who penned this piece PLEASE explain the confluence of vein scanning and DNA?  As a (reasonably) well regarded biometrics proponent in his hey-day, this writer is at a total loss to understand the connection between an optical (or perhaps infrared) scan of the veins in one's fingers and one's DNA. 

Not only is there zero connection between the two, but any biometrics protagonist would run away screaming from any such inference.

As a time-and-attendance system, biometrics is used for two reasons.  Firstly to improve the certainty that the person clocking on (or off) really IS the person clocking on (or off).

Secondly to speed up the process (both of the actual clock on/off and of the back-end systems).

Many ask, "How quickly will my information end up with the Police (or other authorities)?  The surly answer is, "As quickly as by any other means!"

There is nothing special about biometric data that allows it to circumvent all of this country's privacy and data protection legislation.  In fact, with the special attention of state and federal privacy officials, any circumvention is much tougher than most other forms of data.

For instance, readers might wish to speculate about the ease with which the authorities can access video surveillance footage of just about any crime.

Hint: there is nothing special about biometric data - it is subject to the same privacy laws as every other kind of personal data (and a whole lot more special focus!)

The data stored in the back-end of any biometrics management system is NOT a plain-text image of the captured finger (or face, or iris etc).  Instead, it is a computed summary (the computation differs from biometric method to biometric method).  This summary is created in such a way that it can be used to evaluate a later image and determine (with some degree of accuracy) whether the two are sufficiently similar.  If they are, the person is authenticated.  This degree of match-ness is tuneable in most systems.

Thus it is very obvious that a simple 'picture' of the previously captured reference image (be it a voice, face, iris, fingerprint or vein pattern) is simply not sufficient for long-term (potentially inaccurate) matching - there is a huge need for smart fuzziness in the system.  Not only do people get very blasé about the way they present their finger, hand, face etc, but these bearers of biometric uniqueness change over time (do you *really* look like your 8-year-old passport photo?  Be honest here!).

In summary, once (easily offered and proven) guarantees of non-sharing of biometric data are given by companies, there is much to gain and very little to lose from such systems.

As this writer was heard to utter on a number of occasions... "give passwords the finger!"



Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?