Feeds

EU goes on biometric LSD trip

Consortium considers legal, standardisation and deployment issues

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

In December 2004, the European Commission adopted the biometric passports directive, a regulation that mandates the use of biometric facial images within 18 months and fingerprints within three years for all passports issued.

Biometrics such as fingerprints have long been used as identifiers, albeit mainly for catching criminals. But it is only in recent years that computational devices have come into standard use for companies and individuals that the use of biometrics has become viable everyday applications.

However, investigations conducted in the US and Europe have concluded that there is much work to be done to improve biometric technologies so that their full potential can be reaped. Different types of biometrics have differing levels of accuracy, leaving room for much improvement, and user acceptance still needs further testing.

Notwithstanding this, governments worldwide are demanding that biometrics are used as unique identifiers, with the primary emphasis being on improving security for such things as access control, electronic payments and authenticating travellers. One such scheme that has been raising concern is the US-VISIT scheme unilaterally imposed on international travellers to the US. This requires the transfer of large amounts of personal information on travellers to the US, in contravention of Europe's data protection laws, as well as the provision of fingerprints and facial images when entering the US.

Schemes such as this are driving the EU to develop robust standards for technology and to ensure that they are actually useful in real-life applications. As part of this, BioSec was set up at the end of December 2003 to engender a European-wide approach to the development of biometric technologies for security applications. It comprises a multinational consortium of companies, universities, public institutions and governments from nine European countries, providing a solid base for piloting prototypes and applications.

With a remit covering a very wide area, BioSec's three main objectives are:

  • To enhance biometric technologies: including the refinement of user interfaces, sensors, devices and algorithms, and advancing the usability of biometric devices. Work is being done to improve storage systems, including personal, portable and centralised devices, to improve technology systems such as those that support transactions made over computer networks, and to enhance interoperability of devices and support for public key infrastructures.
  • To ensure that technologies meet the requirements of real-world scenarios: the work that BioSec is doing in this area includes evaluating usability and acceptability of biometric technologies through field tests, including scenarios for physical and remote access, as well as contributing to the definition and adoption of standards and interoperable solutions for biometric-based transactions.
  • To become the reference point for al European research into biometric technologies and to ensure that European experts are central to the development of international standards for biometrics to avoid the imposition of unworkable schemes.

The BioSec consortium was set up to conclude its work by end-2005. At the halfway point, the group has just help its second workshop at the European Commission in Brussels to present achievements to date and outline the challenges that are still to be faced. Progress has been good, with a number of workable prototypes developed and good results in field tests.

But a number of challenges remain in bringing biometrics into everyday use. BioSec has boiled these down into three main areas of concern, known to BioSec members as ‘LSD'. These stand for legal issues, such as concerns about privacy and data protection, standardisation issues, including technical interfaces and interchange formats, and deployment issues, divided into technological and social barriers to use.

Information about the work of BioSec can be found at www.biosec.org.

© IT-analysis.com

Related stories

Plugs to be pulled on EU biometric visa scheme?
EU biometric RFID scheme unworkable, says EU tech report
Europe kicks UK out of biometric passport club
Fingerprints to become compulsory for all EU passports
Everything you never wanted to know about the UK ID card

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.