In the field of authentication, biometrics refers to the measurement of physiological and behavioral characteristics used to identify computer users. Physiological characteristics commonly include the face, fingerprints, and DNA. Behavioral characteristics commonly include the user’s digital signature, his or her voiceprint, and walk. Though many methods are involved in biometrics, here is the breakdown of the most popular methods in use in 2002 (with percentage in use placed in parentheses): fingerprints (40%); hand (30%); voice (15%); face (7%); eye (4%); handwriting signature (3%); and other (1%)—walk, body odor, and DNA.
In the year 2000, the market for biometrics was about $100 million. In 2005, the market figures for biometrics rose because of developed nations’ utilizing anti-terrorist devices to counter events such as the September 11, 2001, terrorist attacks. Also, biometric devices are often used for authentication purposes to keep intruders away from areas having computer systems.
In 2005, the use of biometrics for authentication purposes has introduced a debate in the legal community surrounding privacy. Advocacy groups argue that biometrics use provides government and business officials with a means to track citizens and employees—an invasion of their privacy.
Controversy around biometrics erupted in Britain, for example, during the week of February 11, 2005. The British House of Commons passed in a 224-to-64 vote the Identity Cards bill. If the bill becomes law after it passes through the House of Lords, by 2012 all British citizens will have to obtain biometric identification cards and passports. The latter would contain such information as citizens’ names, addresses, and biometric information such as fingerprints, face scans, and iris scans. The collected data from millions of Britons would be placed in a huge database known as the National Identification Register. If the bill is passed, the project is estimated to cost up to $12.8 billion.
British security experts have said that identification cards with biometric information stored on them—smart cards—are, from a criminal’s vantage point, a relatively easy item to tamper with. For example, a somewhat creative criminal could steal someone’s smart card, strip off the biometric coding, and replace it with the criminal’s own biometric coding. Moreover, it is argued, the National Identification Register would become a prime target for cybercriminals interested in obtaining identify theft information on targeted British citizens.
Center for Unified Biometrics and Sensors. Biometrics Defined. [Online, 2004.] Center for Unified Biometrics and Sensors Website. http://www.cubs.buffalo .edu/about_biometrics.shtml; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/hacking-dict.html; McLean, D. Flawed Biometrics Offers False Sense of Security. The Globe and Mail, February 17, 2005, p. B11.