In this article, forensic document examiner, Mark Songer D-ABFE, CFC, discusses some of the methods used by identity thieves to acquire personal data and strategies that individuals can use to guard…
Successful biometric implementation programs have a controlled enrollment process where identity validation of individuals is initiated and biometric devices are located in a monitored and secured environment. The emerging industry standard for biometric programs requires user opt-in and protections for individuals’ biometric data.
In this article, biometric security expert Mark Songer provides an introduction to biometric data applications and the technical issues most frequently disputed in biometric litigation.
Biometrics describes the process of using physiological traits or behavioral characteristics to identify human beings. The long term potential applications of Biometrics are extremely broad, but biometric identification is commonly used in building security systems, payroll and employee timekeeping systems, laptop PCs and smartphones. There are generally two categories of biometric data:
Because biometric data is unique to each individual, it is one of the most secure methods of individual identification. Physiological and behavioral characteristics are virtually impossible to replicate, and best in class systems currently available will convert individual values into algorithms or unique derivatives of the original value that cannot be reverse engineered.
Biometric Templates – In some biometric implementation programs, the image itself is discarded and a mathematical representation of it is used in the individual verification process. This mathematical file is called a biometric template. These templates should be encrypted to prevent reverse engineering the data into the original biometric image.
Cancellable Biometrics – Mathematical algorithms can also be used to transform the original biometric characteristic into a distorted value that is unique to each individual, but not true to their physiology. This process is non-reversible, and cannot be used to obtain the original value.
Not all biometric systems on the market utilize best in class technologies, and there are still biometric systems in use that store unencrypted or weakly encrypted depictions of users’ biometric data. Strong security measures should be prioritized in the selection and implementation of any new biometrics systems, and older systems should be updated or replaced to comply with current best in class security standards.
The following organizations are involved in developing standards relevant to biometric systems and data:
Privacy is at the center of most biometrics disputes. In 2008, the State of Illinois became one of the first to enact a Biometric Information Privacy Act, which provides specific protections for a person’s biometric identifiers or biometric information. Since that time, other states have passed similar laws.
Forensic investigations involving biometrics data vary in scope, but typically include an assessment of specific elements of policies and procedures. Three main procedural categories are:
If the biometric security practices of a business or employer are in question, a Certified Biometric Security Professional may be called upon to review the policies and procedures in place, analyze the device(s) to confirm how data was collected, stored, and disposed of, and whether it is in compliance with the applicable laws and industry standards.
For more information, contact the author of this article or submit an inquiry.
In this article, forensic document examiner, Mark Songer D-ABFE, CFC, discusses some of the methods used by identity thieves to acquire personal data and strategies that individuals can use to guard…
In this article, forensic document examiner, Mark Songer provides an overview of forensic document examination. Topics discussed include training and qualifications for forensic document examiners as…
A former FBI Special Agent who was also a Forensic Examiner within the FBI’s Questioned Documents Unit spearheads our Questioned Document Examination (QDE) practice. We are engaged in a broad…