Idemia exec says new innovations could improve biometric data privacy at EU borders
EU Member States and biometrics vendors are broadly ready to implement the Entry/Exit System as it comes online, as seen during an eu-LISA Industry Roundtable event, though work continues on important details from how to assess data used for training algorithms to how biometrics can provide high assurance of identity claims without creating the potent for compromised privacy.
The event focusing on ‘Biometric Technologies in Identity Management and Verification’ was held in Strasbourg on June 16. The event also included a series of presentations from biometrics providers and researchers on topics related to border biometrics deployments.
A series of officials from EU countries and eu-LISA itself set the scene with a series of presentations, followed by a session on passenger processing at land and sea ports. Presentations were made by representatives of Isorg, Jenetric, NTT Data, and Idemia. A final set of presentations on identity management as a service included InnoValor, iProov, Innovatrics, SITA and Augmentiq.
InnoValor’s Read ID and iProov each discussed technology being used with Eurostar, emphasizing the things that people can do on their own ahead of time, with their own devices, to speed border processes, as did presentations by Innovatrics and SITA.
Stronger privacy protections coming
Idemia Strategic Innovation, Public Security and Identity Division Head Vincent Bouatou presented the company’s view on enhancing biometric applications to protect user privacy.
Bouatou described the workflow of a typical interaction between a service provider and user, secured by an attribute challenge and response, and then compared it to an architecture for minimal disclosure enabled by biometrics through a trusted third party.
This system works very well in theory, but is “a bit problematic” in practice, he says.
Centralized databases, smart cards or personal documents such as biometric passports, or personal devices can be used in such architectures, but each involves its own limitations, according to Bouatou.
Technologies and approaches like homomorphic encryption, multiparty computation and verifiable computing can help. Homomorphic encryption can be used with a centralized database to secure access without decrypting biometric data, with multiparty computation preventing manipulation in the back-end. Proof of computation can allow an airline or airport to verify that the response received is actually the result of comparing the submitted data with the reference data issued by a trusted authority (like a passport photo).
The relatively novel technologies Bouatou suggests are not yet mature and production-ready, he warns. They will remain areas of interest, however, for their potential to upgrade the privacy protection of many digital ID systems around the world, and the massive EES in particular.