Biometric authentication systems are presented as the best way to reach high security levels in controlling access to IT systems or sensitive infrastructures. But several issues are often not taken properly into account. In order for the implementation of those systems to be successful, the hidden risks and the related liabilities have to be carefully analyzed before biometrics can be used on a large scale for sensitive applications.
http://arxiv.org/abs/1203.0333
In order to fight the spread of the identity frauds we need to add new instruments to our security toolbox and biometrics can surely be one of them. Nevertheless biometrics can be part of a wider authentication system only after a careful anal-ysis of the scope and of the specific usage context. Such analysis shall take into account the alternative security measures and the risks of abuse and infringement of freedom and dignity.
Any uncritical acceptance of proposals based on technology only, even if
supported by some interesting benchmarks, shall be avoided. If the benchmarks themselves are missing, then we must be wary of the proposer’s seriousness. All these consideration are especially important when a company supplies identification/authentication services. Introducing a biometric system means the company takes charge of all the risks quoted above. Too often, this risk engagement is not carefully evaluated as the present paper suggests.
