A Research Project Funded by the Sixth Framework Research Programme of DG Research (European Commission)
On biometrics-based authentication and identification from a privacy-protection perspective: deriving privacy-enhancing requirements
Tuesday 2 August 2005, by Donos P., Zorkadis Vasilios
The paper begins by defining biometric technologies as a method of automatic personal recognition based on physiological or behavioural characteristics. Biometric technologies rely on who you are or what you do, rather than what you know (password, pin numbers etc.). Rapid evolution of biometric technologies are leading to legal concerns. The paper includes a brief survey of important legislation and acknowledgement of a common framework of principles, particularly among EU countries. These principles allow for the collection of data for a specific purpose provided it is relevant and not excessive for the purpose. Section 2 identifies biometric methods and techniques, e.g. fingerprinting, retinal and iris recognition, hand geometry, voice recognition, and then moves on to a discussion about recognition of data.
In Section 3 the issue of the protection of privacy and fundamental rights of citizens is raised. An example given is the collection of fingerprint data: previously used only by law enforcement agencies, the development of fingerprint databases for other uses might increase use of the data for their own purposes by other agencies. Data protection principles in Article 3 of Directive 96/46EC apply to the processing of data by ‘automatic means’ or by other means where the data will be used in a filing system, for example. The Directive does not apply when the data is collected by a private individual for personal purposes. Most countries prohibit the collection and processing of data that would be ‘incompatible with the purpose’ for which it was taken. Biometric data should be stored in such a way as to be accessible to the user only, rather than in a central database. Examples of fingerprint recognition in Portuguese, German and French systems are given. Germany, for example, has permitted biometric data to be included on identity papers where the data is stored in a microchip of the card, and not in a central database. Portugal and Greece have both deemed the use of fingerprint recognition systems for employees to be excessive for the purposes of employee entrance control.
A clear definition of the purposes of biometric data collection is therefore required, along with analysis of the risks for the protection of human rights and privacy. Collectors have a specific duty to inform individuals of the purposes and uses of biometric data, and to ensure that the appropriate data protection authorities are informed. Systems used to collect data without the knowledge of the individual (e.g. cctv for distinct facial recognition or fingerprints at immigration controls) should be used only for public security or by law enforcement agencies. Data that cannot be linked to specific individuals falls outside of the scope of the law. The paper details of various ways of ensuring the privacy of biometric data, e.g. encryption algorithms such one-way use of passwords. These cannot however guarantee security for privacy. Recent research has focussed on majority coding techniques which can combine artificial intelligence techniques to overcome the problems of security.
Information Management & Computer Security Year: 2004 Volume: 12 Number: 1 Page: 125 — 137
Read the paper : http://Emerald Group Publishing Limited
Sections
In the same section
In Times, in and as Global Conflict- Changing Conceptions of Security and Their Implications for EU Home and Justice Affairs
- Security through intercultural dialogue ? : Implications of the securization of Euro-Mediterranean dialogue between cultures.
- Agir contre le racisme et la discrimination
- The Changing Significance of European Borders
- Modernity and Self-Identity: Self and Society in the Late Modern Age
- Coopération contre la criminalité : les conventions du Conseil de l’Europe
- Quand la ville se défait : quelle politique face à la crise des banlieues ?
- Europa, libertad de expresión y religión
- EU’s response to international terrorism
Keywords
Files - Dossiers
- Antiterrorism struggle and internal security / Lutte antiterroriste et sécurité intérieure
- Asylum outsourcing / Externalisation de l’asile
- Borders, Enlargement and Neighbourhood / Frontières, élargissement, voisinage
- Breaking news / Une
- Critical Infrastructure protection / Protection des infrastructures critiques
- Detention of foreigners - Camps in Europe / Détention des étrangers - Camps en Europe
- European Liberty and Security / Liberté et Sécurité en Europe (ELISE)
- European Union and Lebanon Crisis / Union européenne et crise libanaise
- European Union databases & biometrics / Bases de données et biométrie en Europe
- Guantanamo
- Implementing the Hague Programme / Mise en oeuvre du programme de La Haye
- Mapping the field of European security / Cartographier le champ de la sécurité en Europe
- Urban riots in France / Violences urbaines en France
Keywords - Mots clefs
- Asylum - Asile
- Biometry - Biométrie
- Borders - Frontières
- Camps - Camps
- Citizenship - Citoyenneté
- Coercive Agencies - Agences coercitives
- Conflict - Conflit
- Data Files - Fichiers
- Databases - Bases de données
- Exception - Exception
- Foreign affairs - Affaires étrangères
- Freedom - Liberté
- Human rights - Droits de l’homme
- Illiberalism - Illibéralisme
- Justice - Justice
- Liberalism - Libéralisme
- Migrations - Migrations
- Military - Militaires
- Nationalism - Nationalisme
- Police - Police
- Religion - Religion
- Security - Sécurité
- Securization - Sécurisation
- Social insecurity - Insécurité sociale
- Sovereignty - Souveraineté
- Surveillance - Surveillance
- Technologies - Technologies
- Terrorism - Terrorisme
- Violence - Violence
- War - Guerre
RSS 2.0
CERI