logging in or signing up cavoukian Nellwyn Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 148 Category: Travel/ Places.. License: All Rights Reserved Like it (0) Dislike it (0) Added: March 10, 2008 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: hamza216 (25 month(s) ago) thunk you Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Biometrics and The Privacy Paradox: Biometrics and The Privacy Paradox Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004Privacy – What are the Issues?: Privacy – What are the Issues? Expanded surveillance Diminished oversight Absence of knowledge/consent Loss of control Privacy Defined: Privacy Defined Informational Privacy: Data Protection Personal control over the collection, use and disclosure of any recorded information about an identifiable individual An organisation’s responsibility for data protection and safeguarding personal information in its custody or control OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data Collection Limitation Principle Data Quality Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle Growth of Biometrics: Growth of Biometrics U.S. Border Security Enhancement Act International Civil Aviation Organization approved facial recognition for travel documents EU to implement biometrics in passports and visas CANPASS and INSPASS programs AAMVA Unique Identifier Working Group The Myth of Accuracy: The Myth of Accuracy The problem with large databases containing thousands (or millions) of biometric templates: False positives False negativesBiometric Applications: Biometric Applications Identification: one-to-many comparison Authentication: one-to-one comparisonBiometric Identification: False Positive Challenge: Biometric Identification: False Positive Challenge Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdfBiometric Identification : Biometric Identification False Negative Challenge: Attackers could fool the system Pay-offs high for compromising the system Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerablyBiometric Strength: Authentication: Biometric Strength: Authentication The strength of one-to-one matches Authentication/verification does not require the central storage of templates Biometrics can be stored locally, not centrally – on a smart card, passport, travel document, etc.Designing Privacy Into Biometrics: Designing Privacy Into Biometrics The Privacy Challenges: Central template databases Unacceptable error rates Unrelated secondary uses Facial Recognition: the Dream: Facial Recognition: the Dream “ Khalid Al-Midhar came to the attention of federal law enforcement about a year ago. As the Saudi Arabian strolled into a meeting with some of Osama bin Laden’s lieutenants at a hotel in Kuala Lumpur in December 1999, he was videotaped by a Malaysian surveillance team. The tape was turned over to U.S. intelligence officials and, after several months, Al-Midhar’s name was put on the Immigration and Naturalization Service’s “watch list” of potential terrorists. … The videotape of Al-Midhar also could have been helpful. Using biometric profiling, it would have been possible to make a precise digital map of his face. This data could have been hooked up to airport surveillance cameras. When the cameras captured Al-Midhar, an alarm would have sounded, allowing cops to take him into custody.” - Business Week, Sept. 13, 2001, p. 39Facial Recognition: the Reality: Facial Recognition: the Reality Test results in place show less than stellar results - Logan Airport pilot had a 50% error rate in real world conditions - U.S. State Department has stated that facial recognition has “unacceptably high error rates” - U of Ottawa tests this summer resulted in accuracy rates between 75% to more than 90% - National Institute for Standards and Technology, under ‘ideal lighting and controlled environment conditions’ reported 90% accuracy - Superbowl facial recognition no longer considered ‘useful’ by subsequent Superbowl organizers “Biometrics Benched for Super Bowl” By Randy Dotinga, Wired MagazineComparison of Accuracy Rates: Comparison of Accuracy Rates NIST Studies show for single biometrics: Facial recognition: - 71.5% true accept @ 0.01 false accept rate - 90.3% true accept @ 1.0% false accept rate Fingerprint: - 99.4% true accept @ 0.01% false accept rate - 99.9% true accept @ 1.0% false accept rateFacial Recognition and Privacy Research: Facial Recognition and Privacy Research Confounding Facial Recognition systems: Creating visual noise through: - Disguises, obstructions, light sources, face paint Objective: - Creating a framework for facial recognition countermeasures Results: - Research by James Alexander, U. PennsylvaniaBiometrics Can Be Privacy-Enhancing, if they:: Biometrics Can Be Privacy-Enhancing, if they: Have privacy hard-wired into the deployed technology Authenticate personal credentials without necessarily revealing identity Do not facilitate surveillance or tracking of an individual’s activities – avoid the use of template-based central databases Put control of the biometric in the hands of the individual Provide excellent security without compromising privacyFinal Thoughts on Biometrics: Final Thoughts on Biometrics Current off-the-shelf biometrics permit the secondary uses of personal information The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption – Dr. George Tomko Slide18: “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968 “I am not a number, I am a free man”How to Contact Us: How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario, Canada M5S 2V1 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
cavoukian Nellwyn Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 148 Category: Travel/ Places.. License: All Rights Reserved Like it (0) Dislike it (0) Added: March 10, 2008 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: hamza216 (25 month(s) ago) thunk you Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript Biometrics and The Privacy Paradox: Biometrics and The Privacy Paradox Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Identity: The Promise & Perils of the Technological Age DePaul University, Chicago October 14, 2004Privacy – What are the Issues?: Privacy – What are the Issues? Expanded surveillance Diminished oversight Absence of knowledge/consent Loss of control Privacy Defined: Privacy Defined Informational Privacy: Data Protection Personal control over the collection, use and disclosure of any recorded information about an identifiable individual An organisation’s responsibility for data protection and safeguarding personal information in its custody or control OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data Collection Limitation Principle Data Quality Principle Purpose Specification Principle Use Limitation Principle Security Safeguards Principle Openness Principle Individual Participation Principle Accountability Principle Growth of Biometrics: Growth of Biometrics U.S. Border Security Enhancement Act International Civil Aviation Organization approved facial recognition for travel documents EU to implement biometrics in passports and visas CANPASS and INSPASS programs AAMVA Unique Identifier Working Group The Myth of Accuracy: The Myth of Accuracy The problem with large databases containing thousands (or millions) of biometric templates: False positives False negativesBiometric Applications: Biometric Applications Identification: one-to-many comparison Authentication: one-to-one comparisonBiometric Identification: False Positive Challenge: Biometric Identification: False Positive Challenge Even if you have a 1 in 10,000 error rate per fingerprint, then a person being scanned against a million-record data set will be flagged as positive 100 times. And that’s every person. A system like that would be useless because everyone would be a false positive. Bruce Schneier, quoted in Ann Cavoukian’s Submission to the Standing Committee on Citizenship and Immigration, November 4, 2003 http://www.ipc.on.ca/docs/110403ac-e.pdfBiometric Identification : Biometric Identification False Negative Challenge: Attackers could fool the system Pay-offs high for compromising the system Increased vulnerability to a target once a terrorist succeeds in obtaining a false negative: threat escalates considerablyBiometric Strength: Authentication: Biometric Strength: Authentication The strength of one-to-one matches Authentication/verification does not require the central storage of templates Biometrics can be stored locally, not centrally – on a smart card, passport, travel document, etc.Designing Privacy Into Biometrics: Designing Privacy Into Biometrics The Privacy Challenges: Central template databases Unacceptable error rates Unrelated secondary uses Facial Recognition: the Dream: Facial Recognition: the Dream “ Khalid Al-Midhar came to the attention of federal law enforcement about a year ago. As the Saudi Arabian strolled into a meeting with some of Osama bin Laden’s lieutenants at a hotel in Kuala Lumpur in December 1999, he was videotaped by a Malaysian surveillance team. The tape was turned over to U.S. intelligence officials and, after several months, Al-Midhar’s name was put on the Immigration and Naturalization Service’s “watch list” of potential terrorists. … The videotape of Al-Midhar also could have been helpful. Using biometric profiling, it would have been possible to make a precise digital map of his face. This data could have been hooked up to airport surveillance cameras. When the cameras captured Al-Midhar, an alarm would have sounded, allowing cops to take him into custody.” - Business Week, Sept. 13, 2001, p. 39Facial Recognition: the Reality: Facial Recognition: the Reality Test results in place show less than stellar results - Logan Airport pilot had a 50% error rate in real world conditions - U.S. State Department has stated that facial recognition has “unacceptably high error rates” - U of Ottawa tests this summer resulted in accuracy rates between 75% to more than 90% - National Institute for Standards and Technology, under ‘ideal lighting and controlled environment conditions’ reported 90% accuracy - Superbowl facial recognition no longer considered ‘useful’ by subsequent Superbowl organizers “Biometrics Benched for Super Bowl” By Randy Dotinga, Wired MagazineComparison of Accuracy Rates: Comparison of Accuracy Rates NIST Studies show for single biometrics: Facial recognition: - 71.5% true accept @ 0.01 false accept rate - 90.3% true accept @ 1.0% false accept rate Fingerprint: - 99.4% true accept @ 0.01% false accept rate - 99.9% true accept @ 1.0% false accept rateFacial Recognition and Privacy Research: Facial Recognition and Privacy Research Confounding Facial Recognition systems: Creating visual noise through: - Disguises, obstructions, light sources, face paint Objective: - Creating a framework for facial recognition countermeasures Results: - Research by James Alexander, U. PennsylvaniaBiometrics Can Be Privacy-Enhancing, if they:: Biometrics Can Be Privacy-Enhancing, if they: Have privacy hard-wired into the deployed technology Authenticate personal credentials without necessarily revealing identity Do not facilitate surveillance or tracking of an individual’s activities – avoid the use of template-based central databases Put control of the biometric in the hands of the individual Provide excellent security without compromising privacyFinal Thoughts on Biometrics: Final Thoughts on Biometrics Current off-the-shelf biometrics permit the secondary uses of personal information The Goal: “Technology that allows for informational self-determination and makes good security a by-product of protecting one’s privacy” Using the biometric to encrypt a PIN or a standard encryption key will meet that goal: Biometric Encryption – Dr. George Tomko Slide18: “I am not a number, I am a human being. I will not be filed, stamped, indexed or numbered. My life is my own.” The Prisoner TV series, 1968 “I am not a number, I am a free man”How to Contact Us: How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario, Canada M5S 2V1 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca