Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 08 September 2011 21:54

Too many people refuse to get it - Biometrics is not the same as DNA


I was totally flabbergasted at today's news that Monash City Council was receiving resistance to a simple biometric application for time-and-attendance monitoring.  Wake up people, this stuff has been around for well over ten years.

On this morning's AM radio show on ABC radio, I was astonished to hear that there was resistance to a plan to introduce vein scanning (one of many possible biometric systems) as a time-and-attendance system into Monash City Council's libraries.

According to ABC reporter Sue Lannin, "Biometric technology like iris fingerprint and vein scanning is big in the movies and it's set to come to a workplace near you soon."

No, that's a lay-person's mistake, I don't recall EVER seeing vein recognition in the movies; it's a great segue, but almost certainly not true.

Lannin continues, "More and more employers are using the technology for rosters to make sure their workers clock on and clock off when they are meant to." 

Yes, that's true (assuming she's referring to biometrics in general).  In this writer's personal experience, such systems have been in use for at least a decade.  Most Woolworth's stores and a good number of registered clubs in NSW have used fingerprint systems for time-and-attendance for at least that long (the nicotine stains on the readers are a clear indicator of their longevity!).  There are probably many others.

Later today, we read that "Monash City Council would require library staff to provide DNA samples in order to scan workers' veins using pattern recognition technology when they clock on and off for a shift."

Thus we have an excellent example of news being delivered to us by stupid people.

Would the unnamed AAP writer who penned this piece PLEASE explain the confluence of vein scanning and DNA?  As a (reasonably) well regarded biometrics proponent in his hey-day, this writer is at a total loss to understand the connection between an optical (or perhaps infrared) scan of the veins in one's fingers and one's DNA. 

Not only is there zero connection between the two, but any biometrics protagonist would run away screaming from any such inference.

As a time-and-attendance system, biometrics is used for two reasons.  Firstly to improve the certainty that the person clocking on (or off) really IS the person clocking on (or off).

Secondly to speed up the process (both of the actual clock on/off and of the back-end systems).

Many ask, "How quickly will my information end up with the Police (or other authorities)?  The surly answer is, "As quickly as by any other means!"

There is nothing special about biometric data that allows it to circumvent all of this country's privacy and data protection legislation.  In fact, with the special attention of state and federal privacy officials, any circumvention is much tougher than most other forms of data.

For instance, readers might wish to speculate about the ease with which the authorities can access video surveillance footage of just about any crime.

Hint: there is nothing special about biometric data - it is subject to the same privacy laws as every other kind of personal data (and a whole lot more special focus!)

The data stored in the back-end of any biometrics management system is NOT a plain-text image of the captured finger (or face, or iris etc).  Instead, it is a computed summary (the computation differs from biometric method to biometric method).  This summary is created in such a way that it can be used to evaluate a later image and determine (with some degree of accuracy) whether the two are sufficiently similar.  If they are, the person is authenticated.  This degree of match-ness is tuneable in most systems.

Thus it is very obvious that a simple 'picture' of the previously captured reference image (be it a voice, face, iris, fingerprint or vein pattern) is simply not sufficient for long-term (potentially inaccurate) matching - there is a huge need for smart fuzziness in the system.  Not only do people get very blasé about the way they present their finger, hand, face etc, but these bearers of biometric uniqueness change over time (do you *really* look like your 8-year-old passport photo?  Be honest here!).

In summary, once (easily offered and proven) guarantees of non-sharing of biometric data are given by companies, there is much to gain and very little to lose from such systems.

As this writer was heard to utter on a number of occasions... "give passwords the finger!"


WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments