Biometrics: Key for the Digital World
Biometrics are becoming ubiquitous, which means that they are everywhere. This conference is about presenting the situation of this technology in the digital world.
2018 Year in Biometrics: Trends and Perspectives
As soon as you identify yourself somewhere, biometrics is here. Nowadays, everyone is expecting biometrics. It provides much better security while users have more convenience.
What is sold is not a product but an experience. Biometrics is part of it, and face recognition appears to be the best one. But there are also other forms:
- Finger prints
- Voice recognition is gaining attraction in some markets like Russia and China, but not that much in Europe. It’s also a good way to complete biometrics identification.
- 3D face is also gaining a bit of attraction.
Another reason of the increasing of biometrics is that we can merge them with other technologies like artificial intelligence, which improves noticeably facial recognition. But biometrics does not come without risks, as they can never reach a 100% safety level. But it is not mandatory, as long as it’s good enough to complement the first modality.
To protect yourself, you should always separate your key information. There is no point to be afraid about biometrics becoming available because our information is already almost everywhere. The biometrics themselves are not that valuable, it’s mostly the information associated with it which is.
In the future, you will not have to build your own program in order to leverage on biometrics and digital identities. Everyday, there’s a new method to use biometrics, especially in payment and the retail ecosystem.
Speaker: Alexandre AMARD, PWC
US-Europe: Biometrics Privacy
Biometrics is the best and the simplest way to identify a person. It’s a personal data not assigned by a third party and not chosen by the person itself, because it depends on inalterable human characteristics and intangible biological identity. That’s why any misuse or misappropriation of this data could produce very serious consequences on the individuals. This situation explains why there is a specific legal framework.
GDPR classifies biometric data as a special category of data which has additional safe guards and additional guarantees. Unlike any other categories, the very nature of the biometrics data isn’t enough to class it as a special category of data. You also need to look at the purpose of its processing and the technical processes.
There’s almost always a mandatory privacy impact assessment or a data impact assessment that needs to be done while you’re processing biometrics data. The fact that biometrics data is so timeless and so reliable is the reason why there are some concerns which lead the French data protection authority to find an approach to the biometric data in 1998. This authority classified it in two different categories:
- With traces: fingerprint, DNA, which leave traces behind. They have been more protected then the others because the risks were higher.
- Trace free biometrics: they require the presence of the person to preserve it. Face recognition is trace free but there’s no need for the person to be present because we can do facial recognition with cameras.
There is also another criterion in order to differentiate processing of biometric data, which is the storage. Is it on a biometric device where the individual has a complete control, or in a central data base, where not only the concerned individual can have access but also other people?
Even if there is the GDPR, it is not harmonized in the European Union. Those data are not really about the privacy regulation and they are not really about GDPR. They’re about the security measures you settle to protect your biometric data and about the trust you have from your clients.
Speaker: Olga KUROCHKINA - K&L Gates
Panel Debate: Biometrics for Digital Identity - The Single Trustable Link Between the Physical Person and Digital Ecosystem
Biometrics is about facilitating customer journey, convenience, and how to use it in the respect of the regulations.
Digital identity is something you can use, and which is easy to use, and very nice for banks to have. Digital identity protects you with anonymization or biometric templates. It’s simple for any end user to understand, in a very flexible way. Digital identity is a physical identity for the digital words.
Is biometrics control back to the individual and who should handle this? In some way, the government should manage it because of the trust people rely on it. But it is limited by money and capacity. What we need to have is an ID depending of what service you are linked to. For e-gov, government can do that and for e-banking, your bank must provide you credential and monitor it.
If you have two bank accounts, you are going to have for sure digital ID for any service you want to apply to.
The enrolment and the way you’re matching the thing that has been provided to a digital identity is important. In some cases you need to have a one-to-one and in other cases you need to have one-to-many. If you look FIDO, you first authenticate into the digital service and it understands that you have a FIDO token. From now on, it can accept this authentication mechanics based on biometrics as a replacement of log-in, password, etc.
The enrolment process at home must be managed in different ways according to where it has value. For the bank, it has value to do that on site for the customers. Today, we have a multifactor biometric authentication because for example 3% of the population doesn’t have fingerprints working. Depending on the bank, the country or the project, things can be different. You need as many biometrics as possible if you don’t want to lose people.
Speakers: Jean-Noel GEORGES, Tactilis; Gil BERNABEU, GlobalPlatform; Nicolas RAFFIN, Idemia; Yves CHEMLA, United Biometrics, Julien LARSONNEUR, Feitian Technologies