Don't Throw Away Your Passports Just Yet
By Joakim Thorén, CEO
It seems lately that more countries are turning to biometrics to ensure the safety of their borders. This January, Australia vowed it will replace passports as a means of identifying passengers after installing the latest biometric identification platforms, such as facial, iris or fingerprint recognition systems by 2020.
According to an Engadget article, installing these unique security measures will create a "fast, seamless self-processing experience for up to 90 percent of travelers." The article says by offering facial recognition, border control in Australia can focus its efforts on identifying high-risk passengers.
But is it really time to throw away tried-and-true passports as a means of identification? Probably not.
While biometrics are important, there's more to border security than iris scans. The U.S. just began placing fingerprints on its passports and biometrics scanners are being tested at some U.S. airports, albeit to verify passport identities. And while this method of multi-factor identification to secure nations' borders is commendable, it comes at a cost.
No organizations - including governments - are safe from foreign hacking schemes. Here are some examples. Over the past two years, the U.S. government has suffered severe hacks, including the IRS data and U.S. Office of Personal Management data breach that exposed millions of personnel records of federal employees. Imagine if hackers could access biometric details for each government employee? It's one thing to access personal information, such as social security numbers, that can be reissued under extreme circumstances. But it's another to compromise a one-of-a-kind biometric ID indicator, such as a fingerprint. If one's fingerprints were hacked in a database, that data will be forever compromised because humans can't simply replace their fingerprints.
While the move to make Australia's borders less congested and more convenient for travelers is commendable, the risk factors to security and privacy from biometric solutions alone too abundant. Governments have collected biometric data at borders for years, but it should not be kept in a database, no matter how secure, because there's always a risk it could be hacked.
It's paramount to secure user biometric with the highest level of security. Ideally, organizations must verify, but not share the data with other establishments. A great use case for biometric data is to enable use of a secure computing device, such as a smart card or a smart passport. That way the biometric data never leaves the secure device and the secure device produces a verifiable, timestamped and non-reputable digital signature. This technology is available, provides the highest level of security, and is easily implemented - all this without sacrificing the users' privacy.
Tags: iam, cybersecurity, two-factor, cybercrime, pki, smartcard, biometrics.