Road2BUP: Privacy – Regulating Identity

We are nearly one month away from Biometrics UnPlugged in Tampa, Florida. All summer we have been shedding the spotlight on major topics in identity management. In June we featured ideas in next generation biometric and mobile commerce, now, one month away from the major industry event, we are turning our lens to privacy.

Last week, in our privacy primer, we took a look at some of the aspects of biometrics that could keep the paranoid up at night. Today we’re going to examine an idea that can help combat the specific privacy concern of fraud: regulation.

FindBiometrics, The Road To Biometrics Unplugged

The second stretch of The Road To Biometrics UnPlugged is focused on privacy.

It’s Who You Are

In terms of biometric services, all of the benefits stem from a high level of certainty that you are who you are and authentication speeds that can enable real world applications. With more recent innovations in commercial biometrics, a high level of convenience paired with better-than-password security can be in the hands of anyone with a current generation smartphone. Embedded sensors and biometric software can allow for payment and account login at the touch of a finger or a glance at a front-facing camera.

In industrial, government and enterprise situations, access and border control solutions can benefit from this convenience and security with a high level of assurance thanks to regulated background checks and vetting processes that come with enrollment. With the mainstreaming of commercial biometrics, there is no household equivalents of, say, the TSA Pre✓ program advanced screening process used for express airport security.

But Who Are You?

The lack of screening processes in consumer biometric enrollment can serve as an obstacle in terms of what a biometric device is allowed to authenticate a user for. Traditional means of identity theft, like the forging of ID documents, can be used to fraudulently purchase a cell phone and it takes even less sneakiness to hack into an email account and associate a biometric identifier with another name.

These are simplified examples meant to illustrate a point. A positive biometric authentication can prove that you are you, but the big question without proper assurance infrastructure in place is who are you?.

Who Cares Who You Are?

As a mainstream identifier, consumer biometrics have the potential to offer anyone with a strong authentication device easy and secure access to banking, border crossing, health services and government eServices. This is what’s at stake: all of the most inconvenient personal transactions made secure and easy. In order to use biometric authentication offered on a commercial device from your own home for these kinds of services, it’s important that there be as little doubt as possible that the fingerprint, face, vitals or iris registered under you name are in fact yours. Essentially the problem boils down to this: without identity assurance upon enrollment, a biometric authentication can only ensure that you are the enrolled device user – it can’t confirm your biographic data.

A Direct Line Of Trust

The solution to this problem is not one that requires new technology, it simply needs standards and practices. It could be a simple as requiring biometric enrollment at the point of smartphone purchase, or perhaps an expanded service at trusted enrollment centers.

In the end, the idea is a long line of established trust that ties a person’s identity to her biometric data. With this kind of assured standard of registered identity, the door will be open to a new era of secure and convenient living.


Join us throughout August as we dive further into the topic of biometrics and privacy. Have something to add? Follow us on Twitter and use the hashtag #Road2BUP. Haven’t registered for Biometric UnPlugged? Don’t worry, registration is still open through the event’s website.

August 13, 2014 – by Peter B. Counter