“fingerprints could become the next social security number”

by on August 8, 2007 · 6 comments

A very good observation from Latanya Sweeney in an interview with Scientific American.

Think about it: we leave fingerprints all over the place, just like our SSNs are all over the place. As we use fingerprints to regulate access to more value, the value of collecting fingerprints and faking them will rise.

It won’t be tomorrow or next week, but watch for fingerprint-based identity fraud – if we rely on that biometric too much. DNA has the same quality. Other biometrics, like vein recognition, are neither easy to collect nor to reproduce (though, yes, both of these facts are technology-contingent).

In my book, Identity Crisis, I talked about the qualities of identifiers: fixity, permanence, and distinctiveness. Biometrics like fingerprints and DNA are high on the scale of fixity and permanence, but may drop in reliable distinctiveness with advanced forgery techniques.

The better designed systems will use biometric identifiers that are not only hard to forge, but that are somewhat hard to collect. Biometrics that can only be made available through some volition on the part of the individual will be the most secure.

  • andyinsdca

    Fingerprints are all too easy to forge. Mythbusters did an episode where they “copied” a fingerprint and used the copy to open a fingerprint protected door.

  • andyinsdca

    Fingerprints are all too easy to forge. Mythbusters did an episode where they “copied” a fingerprint and used the copy to open a fingerprint protected door.

  • http://www.cato.org/people/harper.html Jim Harper

    Indeed. Here it is.

  • http://www.cato.org/people/harper.html Jim Harper

    Indeed. Here it is.

  • http://mcgath.blogspot.com Gary McGath

    In many cases, fixity is a liability. You can have a different password for each service you deal with, but you can’t have more than ten different fingerprints, even if you have a free choice of which finger to give them. The data representation of any biometric can be stolen by someone who can persuade or trick you into giving it to his reader, if that reader has been modified to save what it reads; and once stolen, a biometric can’t easily be revoked.

  • http://mcgath.blogspot.com Gary McGath

    In many cases, fixity is a liability. You can have a different password for each service you deal with, but you can’t have more than ten different fingerprints, even if you have a free choice of which finger to give them. The data representation of any biometric can be stolen by someone who can persuade or trick you into giving it to his reader, if that reader has been modified to save what it reads; and once stolen, a biometric can’t easily be revoked.

Previous post:

Next post: