Premium
Biometric Security and Privacy Using Smart Identity Management and Interoperability: Validation and Vulnerabilities of Various Techniques
Author(s) -
Wechsler Harry
Publication year - 2012
Publication title -
review of policy research
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.832
H-Index - 45
eISSN - 1541-1338
pISSN - 1541-132X
DOI - 10.1111/j.1541-1338.2011.00538.x
Subject(s) - biometrics , computer science , computer security , interoperability , anonymity , software deployment , data science , internet privacy , world wide web , software engineering
Abstract The central position of this article is that validation and interoperability are paramount for the effective and ethical use of biometrics. Illuminating the relevance for policymakers of the science underlying the security and privacy aspects of biometrics, this article calls for adequate and enforceable performance metrics that can be independently corroborated. Accordingly, the article considers biometrics and forensics for the dual challenges of addressing security and privacy using smart identity management. The discussion revolves around the concepts of “personally identifiable information” (PII) and interoperability with emphasis on quantitative performance analysis and validation for uncontrolled operational settings, variable demographics, and distributed and federated operations. Validation metrics includes expected rates of identification/misidentification, precision, and recall. The complementary concepts of identity and anonymity are addressed in terms of expected performance, functionality, law and ethics, forensics, and statistical learning. Biometrics encompasses appearance, behavior, and cognitive state or intent. Modes of deployment and performance evaluation for biometrics are detailed, with operational and adversarial challenges for both security and privacy described in terms of trustworthiness, vulnerabilities, functional creep, and feasibility of safeguards. The article underscores how lack of interoperability is mostly due to overfitting and tuning to well‐controlled settings, so that validation merely confirms “teaching to the test” rather than preparation for real‐world deployment. Most important for validation is reproducibility of results including full information on the experimental design used, that forensic exclusion is allowed, and that scientific methods for performance evaluation are followed. The article concludes with expected developments regarding technology use and advancements that bear on security and privacy, including data streams and video, de‐anonymization and reidentification, social media analytics and cyber security, and smart camera networks and surveillance.