"We have a right to live in a free and open society, and we are used to taking people at face value -- trusting them to be who they say they are," said UK Home Secretary David Blunkett. "However, recent events have brought home how the need for trust and confidence actually require[s] us to move beyond this."
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
UK residents volunteering their faces, irises and fingerprints for a pilot passport program are previewing what may become mandatory for all of England if draft legislation is enacted. The ID-card approach is being promoted by the country's Home Secretary, David Blunkett, and is touted as the key to the United Kingdom's future and as a defense against terrorism, fraud and identity theft.
While such a system is unlikely to be implemented in the United States, biometrics technologies -- such as eye or fingerprint identification -- have evolved from science-fiction fodder to proven corporate use, Gartner (NYSE: IT) research vice president Richard Stiennon told TechNewsWorld.
However, several barriers remain to more widespread use of biometrics by corporations in the United States, Stiennon added. And although a UK-style government rollout of biometrics technology is unlikely in America, biometrics will become more pervasive in consumer applications, he said.
New Level of Verification
UK Home Secretary Blunkett has argued that the government needs to introduce a national, compulsory ID-card scheme using biometric identifiers linked to a new national database. He said the cards will help in the fight against terrorism, drug trafficking, money laundering, fraud through ID theft, and illegal working and immigration.
"We have a right to live in a free and open society, and we are used to taking people at face value -- trusting them to be who they say they are," Blunkett said. "However, recent events have brought home how the need for trust and confidence actually require[s] us to move beyond this. We must take the opportunity offered by new biometric technology, which allows for a completely new level of verifying identity."
The proposed UK legislation sets out the framework for the national ID -- a family of ID cards based on existing and new documents -- as well as the database scheme, including privacy safeguards and new criminal offenses for possessing false IDs.
American Fears
Even though the United States is nowhere near enacting a similar requirement for national IDs, Electronic Privacy Information Center (EPIC) deputy counsel Chris Hoofnagle told TechNewsWorld that there is increased risk of information exposure in the United States, especially as a result of the war-on-terrorism mandate to collect information.
Hoofnagle said database aggregators are more focused than ever before on selling personal information to the government. That information, he added, is attractive to hackers. He also pointed out that those storing and selling the information have a spotty track record with security breaches and poor public reporting.
That has changed somewhat with new legislation that requires disclosure of database hacks in the United States, but consumers still face a growing danger associated with identity theft and fraud.
Matured But Maligned
Stiennon said biometrics technology has come a long way and is now an accepted form of security. However, expense and ubiquity remain challenges, as do sci-fi movie tactics designed to defeat the technology, such as the infamous "gummy finger," a strategy that can both compromise biometric security and give it a bad reputation.
"It's now become a mature technology that is straightforward to implement," Stiennon said. "But it still requires a universal aspect. You still need that reader deployed wherever you want to use it. That will be a drag on use."
He added that although biometrics is technologically advanced, there is no "super demand to have it because there's no need for that level of verification yet."
Stiennon also said both the enterprise and consumer markets will dictate the growth of biometrics security in the United States, and he indicated the downfall of such technologies is that a single exploit or invasion, such as the "gummy bear attack," can call into question the entire system.
He noted that fingerprint-identification technology might provide another layer of security, but he questioned the effectiveness of a card that itself has one's fingerprints all over it -- leaving it open to theft and abuse.
Worm Variant Parade Marches On April 27, 2004
"They're actually just pounding the Internet with wave after wave of new variants," iDefense director of malicious code Ken Dunham told TechNewsWorld. "It's proving to be a successful strategy, and it's working for Bagle, Netsky and Gaobot/Phatbot."
Related Stories
Passwords Fail the Security Test March 19, 2004
"In most cases, companies do not want to burden their employees with complex passwords that are often changing, so the password system is weak," Dan Blum, research director at the consulting firm Burton Group, told TechNewsWorld.
Fingerprint Biometrics Could Be a Boon for ASPs March 09, 2004
Sharing of a password that provides access to a Web-hosted program is not much different from what the Business Software Alliance defines as piracy. When an employee shares a password, after all, a user other than the licensed one plans unauthorized access.
What If Microsoft Got Security Right? March 01, 2004
I'm not even going to suggest that Linux is less secure, but if the exposure is people and people are gullible, then security at a product level might only make you feel more secure. You might not actually be more secure. So, as far as I can tell, Microsoft is the only large firm really dealing with behavioral issues.
Microsoft, RSA Team on Windows User Authentication February 24, 2004
While the RSA-Microsoft solution cannot do as much as a smart card, which can contain a host of information about a user, including limitations on how he or she can use certain information, it may catch on because of its ease of implementation.
Security Fears Spark Interest in RSA Conference February 23, 2004
Mobile security is one of several hot topics at this year's RSA conference, with PC Guardian, SafeNet, Fortinet and Colubris Networks all launching new wireless products.
Related News Alerts
More by Jay Lyman
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
Financial Firms Tap Microsoft for Linux December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Headline Feeds
Talkback: 
