Some risks remain in cloud-based biometric research system, DHS report says

The Department of Homeland Security (DHS) has released a report to assess the potential privacy impacts of its new biometrics research system, and describe steps DHS has taken to mitigate risks in its use of biometric security tools.

The Privacy Assessment for the Cloud-based Biometric Analytic Environment says the project managed by the Biometrics and Identity Technology Center within the DHS Science and Technology Directorate (S&T) is designed to “provide an analytical environment to support research, development, testing, and evaluation,” of biometric collection, matching, image capture, data management and other practices related to biometric technology. The goal is to identify ways to optimize the system and maximize protection for personally identifiable information (PII) collected and maintained by DHS component partners.

Per a news item on ExecutiveGov.com, the system will be “housed in a designated Amazon Web Services S&T GovCloud partition, where it will be employed to test tools like facial, iris and fingerprint recognition.” It will use real-world biometric data collected by DHS during operations, because of hurdles presented by testing on synthetic biometric data.

The majority of the risks identified in the report have been mitigated through tools such as encryption, minimizing the amount of access and shared data, and guidelines around compliance. However, the use of real biometric data means a few risks remain only partially mitigated. There remains a risk of inaccurate or incomplete biometric, biographic, and/or demographic data being used in the Cloud-based Biometric Analytic Environment system. There is a privacy risk in that someone’s PII may be used without their consent, and a problem with options for addressing inaccurate information.

According to the report, “currently, DHS Components deploy biometric collections and matching tools for use in facilitating trade and travel for individuals. The performance of these government off-the-shelf or commercial off-the-shelf systems is often reliant on supplier provided configurations and thresholds and supplier claims of performance.” Using off-the-shelf applications means there is greater need for S&T to perform objective, independent evaluations of the available biometrics products to gauge their suitability for DHS use cases.

“These evaluations may include assessing the performance of current capabilities, assessing the performance of alternative capabilities, or optimizing the configuration and thresholds of current systems,” says the report. In brief, feedback will focus on accuracy and performance metrics, room for improvement or refinement in configuration or design, and suitability and compatibility with DHS infrastructure.

Article Topics

biometric testing  |  biometrics research  |  cloud services  |  Cloud-based Biometric Analytic Environment  |  data protection  |  DHS