UK residents volunteering their faces, irises and fingerprints for a pilot passport program are previewing what may become mandatory for all of England if draft legislation is enacted. The ID-card approach is being promoted by the country’s Home Secretary, David Blunkett, and is touted as the key to the United Kingdom’s future and as a defense against terrorism, fraud and identity theft.
While such a system is unlikely to be implemented in the United States, biometrics technologies — such as eye or fingerprint identification — have evolved from science-fiction fodder to proven corporate use, Gartner research vice president Richard Stiennon told TechNewsWorld.
However, several barriers remain to more widespread use of biometrics by corporations in the United States, Stiennon added. And although a UK-style government rollout of biometrics technology is unlikely in America, biometrics will become more pervasive in consumer applications, he said.
New Level of Verification
UK Home Secretary Blunkett has argued that the government needs to introduce a national, compulsory ID-card scheme using biometric identifiers linked to a new national database. He said the cards will help in the fight against terrorism, drug trafficking, money laundering, fraud through ID theft, and illegal working and immigration.
“We have a right to live in a free and open society, and we are used to taking people at face value — trusting them to be who they say they are,” Blunkett said. “However, recent events have brought home how the need for trust and confidence actually require[s] us to move beyond this. We must take the opportunity offered by new biometric technology, which allows for a completely new level of verifying identity.”
The proposed UK legislation sets out the framework for the national ID — a family of ID cards based on existing and new documents — as well as the database scheme, including privacy safeguards and new criminal offenses for possessing false IDs.
Even though the United States is nowhere near enacting a similar requirement for national IDs, Electronic Privacy Information Center (EPIC) deputy counsel Chris Hoofnagle told TechNewsWorld that there is increased risk of information exposure in the United States, especially as a result of the war-on-terrorism mandate to collect information.
Hoofnagle said database aggregators are more focused than ever before on selling personal information to the government. That information, he added, is attractive to hackers. He also pointed out that those storing and selling the information have a spotty track record with security breaches and poor public reporting.
That has changed somewhat with new legislation that requires disclosure of database hacks in the United States, but consumers still face a growing danger associated with identity theft and fraud.
Matured But Maligned
Stiennon said biometrics technology has come a long way and is now an accepted form of security. However, expense and ubiquity remain challenges, as do sci-fi movie tactics designed to defeat the technology, such as the infamous “gummy finger,” a strategy that can both compromise biometric security and give it a bad reputation.
“It’s now become a mature technology that is straightforward to implement,” Stiennon said. “But it still requires a universal aspect. You still need that reader deployed wherever you want to use it. That will be a drag on use.”
He added that although biometrics is technologically advanced, there is no “super demand to have it because there’s no need for that level of verification yet.”
Stiennon also said both the enterprise and consumer markets will dictate the growth of biometrics security in the United States, and he indicated the downfall of such technologies is that a single exploit or invasion, such as the “gummy bear attack,” can call into question the entire system.
He noted that fingerprint-identification technology might provide another layer of security, but he questioned the effectiveness of a card that itself has one’s fingerprints all over it — leaving it open to theft and abuse.