Title: EXECUTIVE SUMMARY

Executive Summary

This deliverable is part of the 3rd work package of FIDIS which focuses on high-tech oriented identity technologies. Biometrics is one of these technologies, and has been researched in combination with digital signatures and public key infrastructures (PKIs) in deliverable D3.2: ‘A study on PKI and biometrics’. Another deliverable, D3.6: ‘Study on ID Documents’, concentrated on electronic ID documents, including machine readable travel documents such as the European e-passport, and contained an analysis of the security and privacy aspects of biometrics in combination with e-ID documents. This document builds further on these two reports. It discusses the use and implementation of biometrics from a technical, legal, security and forensic point of view in various applications and schemes in the public and private sphere. It contains also references to D6.1: ‘Forensic Implications of Identity Management Systems’.  

The report describes in detail the use of biometrics in an authentication process and hereby puts emphasis on the two different comparison functionalities of biometrics, i.e., verification and identification. These functionalities should be properly distinguished and it is shown that an effort for establishing accurate definitions for describing the complex biometric process, such as is presently ongoing in ISO/JTC 1 SC 37, is indispensable for a fruitful debate and understanding of the critical aspects of biometrics. The report further explains in technical detail the biometric capture and extraction process and aims to enhance the discussion about biometric systems by stressing various quality factors, in particular the system errors and failures in relation to both the verification and identification mode. In addition, the limitations of the current definition of quality factors like FAR (False Acceptance Rate) and FRR (False Rejection Rate) are discussed.  

The aforementioned technical aspects of biometric systems are not taken into account in the legal treatment of biometrics. The Directive 95/46/EC on data protection does not expressly mention biometric systems as such and the criteria for the processing of biometric data are not clear. The Data Protection Authorities in the national member states retain as a result an important ‘margin of appreciation’ in allowing specific biometric applications. Analysis of several decisions of national DPA showed that this may even result in conflicting opinions on similar biometric systems. The report further shows, with reference to recent developments in the context of SIS II and the Prüm Treaty, that there is an indication that biometrics may eventually become a primary key within the framework of Justice and Home Affairs in the European Union without an appropriate regulation.  

In order to facilitate the research and discussion about biometrics in identity management systems, and building upon previous attempts of classification, this report maps the differences in control, purposes, functionalities and regulation of biometric applications and suggest five types of biometric applications: a government controlled ID model (Type I), an access control model (Type II), a public-private (mixed) model (Type III), a convenience model (Type IV) and a surveillance model (Type V). Each type has different privacy and security concerns and the discussion about biometric applications could become more focused if a system could be classified in the appropriate model. Regulation could then specify which models require most attention and focus their recommendations and rules on a specific type.  

The report further illustrates various privacy problems in relation to biometrics and these types, such as the difficulty to meet data quality principles or the fact that not only captured biometric samples but also the biometric templates may contain sensitive information about someone’s health, as no systematic research has been carried out so far with respect to remaining additional information in such templates. The report also includes some new demonstrations and analysis with regard to the user/capture and the capture/extraction threats with commercially available fingerprint scanners. The success of fingerprint spoofs vary from none to high for the tested devices and from the biometric scanners which do not provide for any data encryption, finger print images could be reconstructed.

The report highlights the benefits of biometrics as well, such as that biometrics remain a unique tool to link an individual to the digital world, as evidence in forensics or as a tool to provide enhanced privacy by requiring an additional authentication factor to prevent unlawful access.  

It concludes with several recommendations, such as with regard to the template storage and biometric system architecture leading to the concept of encapsulated biometric. An encapsulated biometric system incorporates the full biometric processing in one tamper resistant device which is able to deliver trustworthy but non biometric credentials that proof that the recognition process of the enrolee has been completed successfully.