Privacy Expert to Government: Encrypt Biometric Information

By Matthew Harwood

A former government official today recommended to a Senate committee that the federal government encrypt all biometric information collected from American citizens before a data breach exposes an unknown amount of people to identity theft.

Peter P. Swire, former chief counselor for privacy at the Office of Management and Budget (OMB), told lawmakers that new legislation should amend the E-Government Act of 2002 so that all biometric information—fingerprints, iris scans, or DNA samples—stored or transmitted by the federal government be encrypted.

Data breaches, such as the loss of a laptop from the Department of Veteran Affairs that contained the personal information of 26 million veterans, combined with databases full of biometric information could compromise the security of millions of people's fingerprints, says Swire, now a professor of law at Ohio State University and a senior fellow at the liberal Center for American Progress.

"It is hard enough to get a new Social Security number once you have been the victim of identity theft," he said before the Senate Committee on Homeland Security and Government Affairs. "Once your fingerprint is known, though, you can't get a new finger."

Encryption would also protect biometric information from identity thieves even if they hack into a federal database or steal a laptop with such information in it.

Swire also said the federal government should employ audit systems to keep track of who accesses such systems.

"A major computer security risk is that an insider will break the rules," he said. "In most computer security settings, a majority of the harms come from this sort of malicious insider—those who have access but go beyond their authority."

In March, the State Department confessed that a staff trainee and three contract workers had accessed without authorization the passport files of presidential candidates Barack Obama, Hillary Clinton, and John McCain. The agency chalked the breach up to nothing more than "imprudent curiosity."

Swire said that if it wasn't for the State Department's audit system, the breach of the candidate's passport files would have likely gone undiscovered.

"Effective audits should similarly be in place for access to sensitive databases containing biometrics," he said.

But increasing information sharing among national governments may make encryption within the central database and audit systems moot, says Swire. The Federal Bureau of Investigation's program "Server in the Sky" proposes that the United States, the United Kingdom, Australia, Canada, and New Zealand all share the biometric information each nation collects in an international database as another asset to fight international terrorism.

Initiatives such as Server in the Sky and the increased use of fingerprints to grant entry to a country, says Swire, means "[w]e are thus moving toward a new reality where fingerprints for a large and growing portion of our population are insecure—they are being held in many settings where a breach can occur."

In an effort to combat identity theft and other privacy risks, Swire recommended the lawmakers research a new technology known as "biometric encryption," pushed by Ann Cavoukian, privacy commissioner for Ontario, Canada. In a recent report with biometrics expert Alex Stoianov, they explained the concept:

Biometric Encryption is a process that securely binds a PIN or a cryptographic key to a biometric, so that neither the key nor the biometric can be retrieved from the stored template. The key is re-created only if the correct live biometric sample is presented on verification.

Swire told lawmakers the approach is "promising," and that they should ask all key federal privacy offices for a report weighing the benefits and costs of biometric encryption and proposing pilot programs to test its effectiveness.

Nevertheless, lawmakers should understand that the increased use of biometrics for security contains within it the seeds of its own destruction.

"The more we use biometrics," according to Swire, "the more likely they will be compromised and hence become useless for security."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.