INF529: Security and Privacy In Informatics The Future of Privacy Near and far Prof. Clifford Neuman Lecture 15 1 May 2020 Online via Webex Course Outline • What data is out there and how is it used • Technical means of protection • Identification, Authentication, Audit • The right of or expectation of privacy • Social Networks and the social contract – February 21st • Criminal law, National Security, and Privacy – March 6th • Big data – Privacy Considerations – March 13th • International law, Jurisdiction, Privacy Regulations • Privacy Regulation (civil) and also Healthcare – April 3rd • The Internet of Things – April 10th • Technology – April 17th • Elections, Politics, Other Topics – April 24th • The future – Near and Far – may 1st Today’s Presentations Biometrics and related technologies • Vaidhyanathan S - Privacy Concerns for Biometrics • Yi-Ting Lin - Privacy of Facial Recognition • Haotian Mai - Access and use of DNA database BY VAIDHYANATHAN SWAMINATHAN ▪ What constitutes Biometric data? ▪ How are Biometric data collected and stored? ▪ Biometric data collection and storage by the U.S. Government. ▪ Biometric data collection and storage by Private entities ▪ Privacy concerns ▪ Biometric Information Privacy Act ▪ Recommendations to improve Privacy and Security. “Biometrics” is the primary term for body measurements and calculations involving those measurements. They are metrics related to human characteristics and they are typically identified and utilized on an individual basis. Biometric data points can include things like: ▪ Fingerprints ▪ Body odor ▪ DNA ▪ Palm veins ▪ Face recognition ▪ Ear form ▪ Palm prints ▪ Keyboard strokes ▪ Iris recognition ▪ Gait analysis ▪ Hand geometry ▪ Voice ▪ Retina ▪ Body geometry ▪ Biometric data is primarily used for identification but also for authentication. ▪ Hardware-based recognition system - Data is stored on a specific piece of hardware and works with the device to recognize the data, without storing the data on the device itself. ▪ Portable token system - A fob or a smart card to store biometric data. When using this method, the user will need to present their card or fob and then their biometric data as a two-step authentication process. ▪ Biometric server- Data is held on an external server and it is more susceptible to cyber attacks. To reduce the risk of data being breached, it must be encrypted when being transferred over the network. The issue with encryption is deciding where encryption keys will be stored and who will be trusted with access. ▪ Use of biometric data isn’t new and the police have been fingerprinting people for over a century and have had biometric databases since the ’80s. ▪ The U.S. Department of Homeland Security (DHS) takes approximately 300,000 fingerprints per day from non-U.S. citizens crossing the border into the United States, and it collects biometrics from noncitizens applying for immigration benefits and from immigrants who have been detained. ▪ Any individual who applies for employment with the federal government or a sensitive position requiring a background check will be asked to supply a fingerprint ▪ State and local law enforcement officers regularly collect fingerprints and DNA, as well as face prints and even iris scans. ▪ As of January 2020, it is legal in 46 states for software to identify an individual using images taken without consent while they are in public. ▪ Any individual who applies for a driver’s license will provide a face-recognition ready photographs. ▪ Recent advances in camera and surveillance technology have improved the accuracy of biometrics capture and identification at a distance, making unobtrusive collection easier. ▪ Private and public security cameras in use by police are more capable of capturing the facial features to support facial recognition-based searches. ▪ Two of the world’s largest biometrics databases are the FBI’s Integrated Automated Fingerprint System (IAFIS) and DHS’s Automated Biometric Identification System (IDENT). ▪ IAFIS includes over 71 million subjects in the criminal master file and more than 33 million civil fingerprints. ▪ IDENT stores biometric and biographical data for individuals who interact with the various agencies under the DHS umbrella and contains over 130 million fingerprint records on its files. ▪ In addition to the federal databases, each of the states has its own biometric databases – generally a fingerprint database and a DNA database. ▪ Facebook has one of the best-known private biometrics database. ▪ Facebook’s face recognition service allows users to find and tag their friends which has seen dramatic increases in accuracy due to the volume of photos uploaded and tagged on Facebook. ▪ Facebook currently has over 845 million monthly active users and requires each one of those users to sign up under their real names, and then makes its users’ names and primary photos public by default. ▪ “Google Photos” which houses over a million of pictures uses similar technology that extracts and analyzes data from the points and contours of faces that appear in photos taken on Google Android devices. ▪ Template that Google extracts is unique to an individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person and is used to organize and group together photos based upon the individuals appearing in the photos. ▪ What does the Government say? Biometrics databases can be used effectively for border security, to verify employment, to identify criminals, and to combat terrorism. ▪ What does the Private Organizations say? Biometrics can enhance our lives by helping us to identify our friends more easily and by allowing us access to places, products, and services more quickly and accurately. ▪ Biometrics’ biggest risk to privacy comes from the government’s ability to misuse it for surveillance. ▪ The problems are multiplied when biometrics databases are “multimodal,” allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. ▪ Geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance. And if the government gets its way, all of this data could be obtained without a warrant and without notice or warning. ▪ Standardization of biometric databases causes additional problems as the data once standardized becomes much easier to use as linking identifiers, not just in interactions with the government but also across disparate databases and throughout the society. ▪ Large standardized collections of biometrics could lead to many vulnerable copies of that linked data that could wind up in the hands of identity thieves. ▪ Biometric data compromises would be catastrophic as unlike a credit card number or a password, your biometric data can’t be revoked or re-issued. ▪ Extensive data retention times can lead to additional problems. Biometric records stored in IDENT are retained for 75 years or until the statue of limitations for all criminal violations has expired. ▪ Civil fingerprints stored in IAFIS are not destroyed until the individual reaches 75 years of age and the criminal fingerprints are not destroyed until the individual reaches 99 years of age. ▪ Due to the usage of advanced facial recognition technologies in crowd and security cameras, anyone could end up in the database, even if they aren’t involved in a crime. ▪ By happening to be in the wrong place at wrong time. ▪ By fitting a stereotype that some in society have decided is a threat. ▪ Data sharing can also mean that data collected for non-criminal purposes, such as immigration-related records, is combined with and being used for criminal or national-security purposes with little to no standards, oversight, or transparency. ▪ If any of the data in the system is inaccurate and propagated throughout several other systems, it can be extremely difficult to correct. ▪ A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first. ▪ Absent a valid warrant or subpoena issued by a court of competent jurisdiction, a private entity in possession of biometric identifiers or biometric information must comply with its established retention schedule and destruction guidelines. ▪ No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first informs the subject or the subject's legally authorized representative in writing ▪ That a biometric identifier or biometric information is being collected or stored; ▪ The specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; ▪ and receives a written release executed by the subject of the biometric identifier or biometric information or the subject's legally authorized representative. ▪ No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or