Biometrics - Is our privacy really affected?

Events Wanneroo Business | Thursday, April 26, 2018


More than twenty years ago, biometric devices appeared in sci-fi movies, like a futuristic concept using a fingerprint to authenticate the user. There is a notorious scene in the movie “Sneakers” with Robert Redford (1992, Universal Pictures) where a group of hackers coerce a character into speaking specific words into a microphone and reuse that voice recording to break into a high-tech lab that uses voice recognition as the access control. Inspiring, even somewhat comical at the time; this technology has now become a reality.

Biometric devices are a form of identification devices used to authenticate an individual by using a part of their body or behaviour to identify them uniquely. Biometric authentication is considered an additional layer of authentication, using it in conjunction with a username/password combination. This authentication is known as multi-factor authentication.

While initially biometric devices were intended for access to buildings, smartphone technology has now introduced biometric technology to authenticate the users on the phone. TouchID is the name of the technology used in iPhone technology. Android phone technology uses a similar concept. Fingerprint technology is used to identify people authorised to use the phone.

One of the key places where biometric devices installed, is in schools. This technology is being used to manage truancy for some institutions and provide more enhanced services for borrowing books from the library, for example. Over the years, privacy concerns have arisen over biometrics, around storing of fingerprints, voice samples and other unique identifiers. Security has been of concern around biometric management systems and protecting the personally identifiable information that pertains to the individual.

The list below outlines some facts about biometric systems:

  • Biometric systems do not store samples of fingerprints and other body identifiers. When registering a user in a biometric system, the unique identifiers on your body get converted into the result of a complex mathematical equation, and it is difficult to reverse to represent the original identifier.
  • This information is not readily available to the legal system; if the Biometric information were stored such as fingerprints, law enforcement would need to have a warrant for an arrest or charges laid against an individual whose personal information is stored in the biometric system.
  • Malicious actors can still gain access to offline networks (regardless if the information is stored offsite or onsite), not connected to the Internet. Although more difficult and the likelihood of compromise is remote, with the right motivation in place, malicious actors can compromise these biometric management systems.

There is a significant responsibility for implementing biometric technology. Operating biometrics is no different than any other IT system introduced into a digital environment. There are seven essential tips that organizations should consider when applying this technology:

  • Develop a risk management plan that outlines all risks associated with the implementation of biometrics technology in your digital environment and ensures the organisation remediates any risks that are at or higher than the organisation's risk appetite.
  • Ensure that biometric management systems are isolated from critical corporate network systems and connectivity to these systems is minimised. (If you cannot avoid connectivity to the system ensure only the necessary communication required for correct operation is permitted).
  • Develop a policy that governs how biometric technology is used in the organisation. Ensure training is included and obligations around protecting information in this system is covered for all and that the workforce are aware of these obligations.
  • Develop processes around auditing and monitoring activity in the biometric system, ensuring that any access, privileged actions and changes to the system get flagged and reported to the appropriate stakeholders within the organisation.
  • Ensure maintenance of these systems, including software updates, vulnerability management, disaster recovery plan, incident response plan and backups are included in the overall management of corporate systems within the organisation
  • Ensure appropriate Service Level Agreements (SLAs) are set and agreed to with the biometric system vendor for support in the event of a disaster or outage of the system beyond the skillset of your current IT organisation.
  • Consult a change manager if this is a brand-new technology to be implemented. Change managers can assist with any culture and people-based issues that you may encounter through the implementation and provide a strategic roadmap to remediate any of these challenges.

Biometrics can add a whole new dimension of authentication for individuals. However, it can also raise concerns about individual’s privacy if not managed correctly. Ensure, that you seek appropriate and professionally qualified people to plan, deploy and hand over such systems and also, that organisations secure the system in line with the organisation’s risk appetite.

 

Bankwest Economic Update

Events Wanneroo Business | Monday, April 23, 2018

Economic Blog Update

 The facts and figures below are included in the latest update from Bankwest Chief Economist, Alan Langford, this time with a focus on unemployment and full time employment levels.


WA’s headline (ie seasonally adjusted) unemployment rate jumped from 6.1 per cent in February, to 6.9 per cent in March.  The steep rise in the headline jobless rate is a bit misleading, because the participation rate jumped sharply as well.

Nevertheless, the rise in the seasonally adjusted unemployment rate, coupled with annual re-analysis of seasonal factors, was enough to trigger a resumption of an uptick in the official trend jobless rate, which has now risen from 5.6 per cent in July last year, to 6.4 per cent, 0.8 of a percentage point above the national rate. Over the same period, WA’s trend participation rate has risen from 67.9 per cent, to 68.4 per cent - not enough to explain all of the rise in the jobless rate.

WA’s participation rate is the highest of all states, meaning the state’s economy has to generate faster employment growth to maintain the same jobless rate as states with lower participation rates.

But while it looked to be doing just that until about 9 months ago, the apparent ‘surge’ in full-time employment has now evaporated (Figure 1 in the attached graphical summary), if it was ever quite as robust as it seemed anyway.

That’s not to suggest that the recovery in the WA economy has stalled, but rather that it is one thing to generate strong full-time jobs growth when emerging from a very deep trough, but quite another to sustain it month after month, year in year out. The recovery in WA’s economy was always going to be stop-start rather than onwards and upwards, and so too will be the trajectory of full-time employment growth.

DOWNLOAD Graphical Summary

 


Sign Up for our newsletter

Subscribe to the WBA eNewsletter to receive invites to the latest events, local & business news, member notice board and special offers.

Follow Us