Biometric Security - Essay Example

Biometric Security Background These days the world community is experiencing a fierce security scare from a number of sources. Terror related incidents in different parts of the world; despite highest security alerts is a testimony to the wide reach of the terror tentacles. The incidents taking place in Iraq, Afghanistan and Pakistan are certainly not a good sign for the humanity as such. The 9/11 attacks on WTC twin towers in the heart of the US, the bomb blasts in London, the 26/11 attacks in India are some of the heinous acts of terror which have forced the security agencies around the world to go for foolproof security measures. But this is resulting in double whammy for the common people. While on the one hand the terror attacks are resulting in loss of human lives, the heightened security measures are also causing lot of inconvenience to the people whenever, they have to cross over a boundary, check-in at the airport, attend a ceremony, start a train journey etc. A debate has already started as to what extent the security agencies must be snooping into the lives of people, so that it doesn't amount to loss of privacy. While on the one hand the proponents of strict security measures say that it is all being done for the sake of the security of people, there are a number of others including many human rights activists countering this claim and asking the security agencies to have some restraint in snooping on the private moments of hapless citizens. The debate is certainly on and promises to continue for many more years or till the world community continues to be divided on religious matters or border area disputes like at West Bank continue to flare up the emotions and people like Osama-Bin-Laden continue to elude the security agencies. While the IT enabled environment has given the security agencies the much needed advanced tools to keep track of anti-social elements, the flip side is such techniques are also being used by the organised crime groups to sustain their campaigns. Such developments point out the need for stricter surveillance. These days surveillance is carried out in different ways depending upon the requirements. While biometric surveillance help in beefing up security measures at airports, railway stations, important offices etc. measures like RF tagging is used to monitor the movement of goods, vehicles and the workforce. In some ways these measures result in loss of privacy for the common people. This study is an attempt to analyse some of the arguments for and against these measures, while taking a look at the prevailing circumstances and the advancements in technology. Research Questions and Objectives The study is primarily being undertaken to understand the concept of biometric security in general and the extent to which these measures have helped in strengthening the security around us. If the spate of the transnational crime and acts of terror in recent months is an indication, such security measures do not seem to have put a stop of such crime, but the routine life-style of common people certainly has come under increasing close observation from many quarters. The study will try to seek answers to the following key objectives. To analyze the security scenario and how it has undergone changes in the last couple of years. To find out the types of strategies adopted by the governments and security agencies to make the life of its citizens safe and secure. How the security agencies are making use of Biometric methods to figure out the security threats at different places. What types of problems common people feel as a result of heightened security measures and how the security agencies have started snooping on to the privacy of people What impact does such measures have on the common people, workforce and diplomatic relations in general Research Methodology The methodology adopted in carrying out a research activity has the potential to affect the final outcome of the research. Depending upon the subject of research and the area of its impact the methodology is decided. Researcher has to be doubly careful, if the research is slated to have some impact on the policies being adopted by the organisations in future. Method of research and subsequently the manner in which data is analysed forms the philosophical part of the research study. This study requires a comprehensive analysis involving both technical and non-technical aspects; studying government as well non-governmental resources etc. in order to arrive at an industrially acceptable finding. But, in this case it being a subject of study, the research methodology mainly involves; Gathering data from different sources Studying the existing literature on the subject Analysing the data with the tools like MS Excel, SPSS, other statistical analysis tools etc. For the sake of this study we can gather data by going through the content at reputed websites, data from international organisations, data from the local city governments, tracking the progress of the investigation and trial of some recent terror attacks, newly installed security setup at the nearby airport and metro station etc. In addition to have the first hand information about how people have started feeling as a result of extensive checks and what are the intricacies involved in this new procedure, we need to seek the views and opinions of some of the travellers, technical experts, security experts etc. The method that will be involved in the process of collection of primary data will be concise and yet comprehensive, aimed at soliciting maximum information related to the topic. Data will be compiled from the websites of reputed government agencies, articles published in various journals, newspapers, books and magazines. Some earlier researches carried out on the subject would also be studied to gain an insight on the technicalities involved. Both online and offline sources would be used to compile the data. Literature Review A news item by BBC (2006) cites the report from the surveillance society indicating that actions of people are now increasingly being monitored. The monitoring includes, credit card transactions, mobile phone conversation, usage of loyalty or co-branded cards, and extensive snooping with CCTV cameras, blocking communication signals at different times, regulating the internet traffic etc. Such activities have been termed as 'dataveillance' by researchers. The extent of penetration from security agencies has been observed to an extent that for an ordinary citizen it would be very difficult to get off the hook. In fact if the trend is to be observed, it won't be an exaggeration to say that many companies have started taking undue advantage of the easy availability of such security measures. Privacy campaigner Christopher McDermott states1, "You won't be able to hide from the system by closing your door or closing your curtains or hiding behind a wall". Gradually the surveillance needs of the society are transforming our privacy to more of public property, because nobody knows for sure, when someone lays their hands on the private affairs and it gets highlighted in national newspapers. This is particularly the case with corporate houses and celebrities, because in this competitive world they are the most vulnerable ones' from their competitors. The widespread use of identification technologies based on the physical characteristics of the individual has led to an intense debate amongst the pro and anti-biometric lobbies. The term "biometrics" is derived from the Greek words "bio" (life) and "metrics" (to measure). Biometrics is an evolving field of science which deals with establishing the identity of a person based on his/ her biological, anatomical and physiological features like face, fingerprints, handwriting, voice, iris structure, retina, veins, DNA etc. Such features help in establishing the identity of the person without any effort from the person concerned. In fact even if someone tries to conceal his identity, biometrics won't let it happen. Ploeg (2006) states that in general there are types of biometric systems namely; A system comparing two biometric samples (called 'templates') and ascertaining the similarities or matching the features on different yardsticks. This involves authentication or verification of individuals' identity based on the claims of the individual. Another type of biometric comparison involves comparing the test sample with a large number of samples stored in the database of the system. This test involves a more complicated procedure as it tends to suspect the individual's identity by matching it with a number of other suspected biometric samples. The individual is let off only when the biometric samples are found different from the suspected persons list in the database. This step is resorted for detection of different kinds of frauds with people taking on fake identities. The biometric identity cards itself can be used to store information comprising (Sullivan, 2007); i. The person's details like his or her name, address, date or place of birth, marital status, relatives etc; ii. Individuals' driving license or driving number iii. Individuals' passport or passport number iv. Individuals biometric data like his or her voice print etc v. Individuals' credit or debit card details vi. Digital signatures vii. Any other means used by the person to identify himself or herself viii. A personal Identification Number (PIN) While talking about the concept of personal ID cards for UK citizens, Davies (2007) states that such identity cards are necessitated because of the socio-technical nature of the personal identity management system in the information age. Proponents of such identity cards have been advancing arguments that such identity cards would not only help the government in establishing the exact identity, but it will also help the individual by saving him or her from hassles at different sensitive places like airports, government installations. The votaries for such a concept cite examples of European states and a number of private organisations in UK, where it has successfully been implemented. But, there are people and civil liberty groups who have been opposing the idea of using biometrics and excessive surveillance stating that such techniques might be misused by the governments to peep into the private lives of innocent citizens, political rivals etc. Similarly, if these techniques are being used by some private enterprises or retailers, the information gathered, if goes into wrong hands, might be misused to blackmail someone. All such aberrations ultimately results in hurting the feeling of the law abiding citizens. In fact history is replete with examples when a ruler has made use of the weaknesses of another ruler to conquer his empire, state, treasure etc. The key source for collecting the weak points was through snooping on the lives with the help of some unsuspecting devices or people. Therefore, the trend has certainly not come to a stop with the amount of power, influence corporate affairs and money involved in politics and business. This is what the civil liberty groups fear the most in times to come. On the other hand if we think from the point of view of the security agencies, we'll realize that if any loopholes are left in the system, the anti-social elements are quick to utilize the opportunity to harm the social fabric. Who would've thought that two passenger jumbo jets of the country would be crashed against the twin towers of America with US citizens sitting inside the planes But, we all saw it happen in front of us. Had a system of identification been in place, those miscreants might have been identified and we might be in the midst of another kind of geo-political scenario. Well, these are just the afterthoughts about an ideal situation. The reality is, howsoever foolproof we try to make the security setup the terror elements appear to find holes in the system and exploit the situation to harm the interests of humanity as such. Citing the views of pro-biometric lobby, Thomas (2005) states that if a bio-metric system is in place at airport that would mean; A more efficient, secure and expeditious procedure for security checks Freeing up of resources when low-risk passengers are in queue. That would help in focusing on higher priority areas. Allowing registered frequent travellers to pass through an accelerated airport control procedure Improvement in the airport security measures Reduction in congestion at the airports and other such installations. Minimization of cross-border violations by fraudsters. There are of course the incidents like the 9/11 attacks, the London bombing, the Mumbai shootout, the almost daily bomb blasts in different cities of Pakistan, the Afghanistan war etc. which require regular and updated intelligence inputs so that the terror elements are not in a position to work out similar incidents, but at the same time the citizens also expect that the info-age doesn't put them in embarrassing situations. Loss of privacy, intimidating acts; frequent delays at airports and metro stations; heightened security mechanism etc are some circumstances leading to the discomfort of citizens in general. But the proponents of stricter security measures would argue that such voices would have no significance, if we take a look around us. While on the one hand security agencies appear on their toes to avoid recurrence of the terror incidents, the stray incidents happening here and there seem to have a negative impact on the morale of our security forces. Such circumstances force us to think about the inevitability of leading a life full of surveillance at different places. But the moot point is 'how is too much' as far as such intimidation is concerned. The process of biometric identification itself involves a series of steps like (Thomas, 2005); Collection of 'raw biometric data'. This process of enrolment is a huge exercise in itself as a slight error in collecting data would imply misconstruction of the identity of someone and lots of hardships afterward. This enrolment is done with the help of physiological factors like Iris scan, finger-prints, hand, face, earlobe lips, voice, retina, DNA, body odour, sweat pores etc. The data thus collected is then stored in 'template' forms in memory in a centralised database. These details can also be stored in the smart Identity cards being carried by the citizens. The smart card stores the info with the help of RF tags. The Biometrics ids are then used in two ways. If the individual carrying the Biometric identity card, his or her records are matched against the details stored in the database. If all parameters are matched, the person is allowed easy access, otherwise further security checks are taken up. Such measures are used when the person enters a nuclear establishment, or an office premises. At places like airports, metro stations, another kind of security checks are undertaken by the security agencies. The biometric parameters are also matched with the available database of some of the suspected persons, and if any doubtful matches are found, a comprehensive check is done by the security agencies. In UK the biometric Identity cards can be used at a number of locations under different situations like; Immigration cards having passport number and measures of the user's hand/ finger. For gaining access to a system laying a finger on a sensor or peering into a webcam can suffice Fingerprints taken as a legal requirement for a driver license, but not stored anywhere on the license At the retail outlets, access to certain areas is controlled by biometric identification Automatic facial recognition systems searching for known card cheats in a casino Season tickets to an amusement park, metro train, bus journey linked to the shape of the purchaser's fingers Home incarceration programs supervised by automatic voice recognition systems Confidential delivery of health care, entry control at ATMs and Government programs through iris recognition The international community has been discussing the pros and cons of putting in place such intrusive system for quite some time now and in consultation with human rights groups, privacy protection laws have also been put in place in many countries with localised sets of instructions (Zorkadis and Donos, 2004). The safety clauses include unlawful storage or storage of inaccurate personal data or the abuse or unauthorized disclosure of personal data. Ploeg (2003) also underlines the need for better coordination amongst different agencies with the security establishment to detect cases like people faking the identities to take undue advantages. It has been claimed that once the biometric system is fully in place, it will result in savings of billions of public spending. Zorkadis and Donos (2004) also talk about the safety initiatives undertaken by agencies like the Council of Europe's Convention of the Protection of Individuals with regard to Automatic Processing of Personal Data, and the OECD's Guidelines Governing the Protection of Privacy and Trans-border Flows of Personal Data. It has been contended that if adequate safety measures are undertaken, it will result in better living conditions for an average person on the street. In addition, it will also help the security agencies to identify the weaker links in the security set-up and focus towards strengthening these weaker links. Talking about the quality of data being stored using the biometric devices, and keeping unfair means at bay Grupe et al (2002) state that the data thus stored should be; Processed fairly and lawfully Collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes. Adequate, relevant, and not excessive Accurate and, where necessary, kept up to date Kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Despite these safety clauses, there are instances which have strengthened the arguments of human rights groups against excessive surveillance. Amendment to the US Patriot act was introduced by the then US government for strengthening the security mechanism and zeroing on the security suspects. Under the act, government has now been authorised to intercept telephone calls of people suspected as potential threat to the sovereignty of the country. But the political misuse of similar measures in the past resulted in the voices from opposition parties that this act is in gross violation of the basic human rights (ACLU, 2004). Similarly, incidents came to light in UK where the authorisation of phone tapping was misused by some police officials themselves. Bone (2007) mentions one such incident when two police officials were convicted of illegally bugging phones and hacking into computers of hapless citizens. These officials were doing this at the behest of a private detective agency. The fact of the matter was that the police officials were fully trained to carry out such activities by the government, but they were not authorised by the government to indulge in such activities. These officials were doing it because of some lucrative favour being extended to them by the private parties. If the argument is extended further and we start thinking about similar situation in which duly authorised persons start misusing the biometric records of the chairman of a company at the behest of a rival company, then it will lead to a very traumatic situation not only for the individual but also for his company and might even result in changing the market dynamics. Therefore, the dissenting voices from human rights groups are certainly not out of place. Instead, these argument need due respect and discussion before finally venturing out with a fully functional biometric society. It also needs to be emphasised that implementation of biometric identity cards is a very costly affair as well. In fact, as of now only limited few countries can actually think about implementing such measures. Developed nation like USA, UK and the European region only have started taking firm steps towards biometric security measures. It also needs to be highlighted that biometric security would be useful if someone tries to fake the identity of another person or if his/ her previous record is suspicious. But what if the perpetrators of the crime are authentic citizens of the country The 9/11 incidents in US have been the key catalyst behind the debate for biometric security measures. Surprisingly, all 19 persons responsible for 9/11 made a friendly entry to USA using their own passports, valid visas and after verification of their individual biometric identifications2. The only thing that the security agencies could not prejudge was their 'intentions' and there are no such devices yet which can measure the intentions as well. We are indeed part of a highly networked society using a number of advanced techniques at different levels. Therefore, we must be forward looking in our approach. Biometric identity is certainly a step ahead in this direction, only if sufficient safety precautions are adopted by the government. The task appears gigantic, but it also depends upon the security agencies as to how they move forward, taking all stakeholders into confidence. In fact, when Tom Geoghegan (2004) from BBC volunteered to have his Biometric Identity card under the pilot scheme way back in 2004, he was excited and narrated his experience as he went through the entire process of recording his biometrics on different machines and subsequently carrying his biometric identity card. He was told that the information on the chip would also be stored on a national identity register which could be accessed by the police, different government departments, the Inland Revenue, immigration, intelligence services etc. which in turn implied that Tom Geoghegan would be tracked by them all. This feeling of being tracked is what gives a psychological setback to many people. Such apprehensions can only be discarded if we grow into a more mature and tolerant society. As of now, in view of the security breaches at important installations, it appears a necessity that Biometric identity cards should be used as an important tool to defeat the enemies of humanity, wherever they are around the world. Biometric devices work best depending upon the robustness, distinctiveness, availability, accessibility and acceptability of the biometric imprint or scan. Therefore the challenge for biometrics is to look for a 'robust' characteristics i.e. which doesn't change over time. A distinctive scan or imprint implies that the entire population can be differentiated on the basis of one or two characteristics. These distinctive characteristics should also be available in all the people for being measured by the devices. These characteristics should also be easily accessible without irritating the individual and demeaning his/ her prestige in any manner. At the same time it is equally important that the masses, in general, accept in good measure use of these techniques as unobtrusive and in people friendly and they do not object to using these techniques. References: 1. ACLU (2004). 'Conservative Voices Against the USA Patriot Act'. American Civil Liberties Union. Available online at http://www.aclu.org/national-security/conservative-voices-against-usa-patriot-act (Nov 12, 2009) 2. BBC (2006). Britain is 'surveillance society'. available online at http://news.bbc.co.uk/2/hi/uk_news/6108496.stm (Nov 14, 2009) 3. Bone, Victoria (2007). How 'Hackers Are Us' worked. BBC. Available online at http://news.bbc.co.uk/2/hi/uk_news/6767019.stm (Nov 12, 2009) 4. Davies, Paul Beynon (2007). Journal of Enterprise Information Management, Vol. 20 No. 3, 2007. Emerald Group Publishing Limited. 5. Geoghegan, Tom (2004). 'I've got a biometric ID card'. Available online at http://news.bbc.co.uk/2/hi/uk_news/3556720.stm (Nov 12, 2009) 6. Grupe, Fritz H.; William Kuechler, and Scott Sweeney (2002). 'Dealing with Data Privacy Protection: An issue for the 21st Century.' Information Systems Management. Fall 2002. 7. Harcourt-Webster, Adam (2006). Is business the real Big Brother Available online at http://news.bbc.co.uk/2/hi/business/5015826.stm (Nov 14, 2009) 8. Ploeg, Irma van der (2003). Biometrics and Privacy. A note on the politics of theorizing technology. Information, Communication & Society 6:1 2003. Routledge, Taylor & Francis Group. 9. Sullivan, Clare (2007). Conceptualising Identity. International Review of Law Computers & Technology, Volume 21, no. 3, November 2007 10. The Economist (2003). The emerging use of biometrics-White Paper. Available online at http://www.ebusinessforum.com/index.asplayout=rich_story&doc_id=6878 (Nov 12, 2009) 11. Thomas, Rebekah (2005). 'Biometrics, International Migrants and Human Rights'. European Journal of Migration and Law 7, 2005. Koninklijke Brill NV. 12. Zorkadis, V and Donos, P (2004). On biometrics-based authentication and identification from a privacy-protection perspective. Information Management & Computer Security. Vol. 12 No. 1, 2004. Emerald Group Publishing Limited. Read More