Faced with the rise in virus attacks, Trojan horses and other hacking attempts, both private individuals and businesses are increasingly turning to supposedly infallible solutions such as biometrics. Fingerprint, hand or even iris recognition fascinate the general public because of their futuristic aspects and are espoused by the authorities because of the high level of protection they provide - and not only in the field of information security. The European Commission recommends incorporating biometric elements into EU passports and a Japanese bank has already introduced a hand-recognition system so that its customers no longer have to enter a PIN code when withdrawing money from their bank machines. Several information-security solutions based on biometrics have been widely marketed for several years now, and some schools even use fingerprints to authorize children access to the canteen.
Under pressure from the United States, European countries must decide whether or not to incorporate biometrics into identity documents, but experts unanimously state that the consequences of such wide-scale use of this technology remain unknown. Biometrics today is far from infallible, with error rates as high as 40% in the case of facial recognition. As for fingerprint recognition, which is considered to be the most accurate, tests carried out in Japan in 2002 showed that they too could be counterfeited: the researcher made gelatin copies of fingerprints which fooled 11 of the 15 biometric systems tested. The experiment was repeated at the last Chaos Computer Club in Berlin. This time, the hackers who took up the challenge copied fingerprints using liquid latex ...
In the majority of cases, the information required for fingerprint, iris, hand or facial identification must be stored. But where do you draw the line between the necessary storage of information and an infringement on privacy? According to some privacy-rights organizations, the spread of biometrics, especially in countries with poor human-rights records, results in making personal data filing commonplace. The French Data Protection Authority (CNIL) has, for example, found the use of fingerprint recognition to identify pupils in school canteens to be 'disproportionate'.
Biometrics also provokes such controversy because it is based on “tools” that cannot be changed or replaced in the event of a problem. Those who are most skeptical about it talk of the possibility of “organ theft” if hand or fingerprint recognition techniques become common in the banking sector. Others paint a particularly bleak picture of the future, similar to that of "Minority Report": the hero of the film is forced to undergo an eye transplant because his iris has been "blacklisted" by the authorities. Even if we have a long way to go before such spine-chilling examples from science fiction become a reality, biometrics still poses the problem of finding a happy medium between security and privacy. This debate is only just beginning.
