http://www.theregister.co.uk/2005/02/03 ... _lsd_trip/
EU goes on biometric LSD trip
By Kevin Poulsen, SecurityFocus
Published Thursday 3rd February 2005 13:23 GMT
In December 2004, the European Commission adopted the biometric passports directive, a regulation that mandates the use of biometric facial images within 18 months and fingerprints within three years for all passports issued.
Biometrics such as fingerprints have long been used as identifiers, albeit mainly for catching criminals. But it is only in recent years that computational devices have come into standard use for companies and individuals that the use of biometrics has become viable everyday applications.
However, investigations conducted in the US and Europe have concluded that there is much work to be done to improve biometric technologies so that their full potential can be reaped. Different types of biometrics have differing levels of accuracy, leaving room for much improvement, and user acceptance still needs further testing.
Notwithstanding this, governments worldwide are demanding that biometrics are used as unique identifiers, with the primary emphasis being on improving security for such things as access control, electronic payments and authenticating travellers. One such scheme that has been raising concern is the US-VISIT scheme unilaterally imposed on international travellers to the US. This requires the transfer of large amounts of personal information on travellers to the US, in contravention of Europe's data protection laws, as well as the provision of fingerprints and facial images when entering the US.
Schemes such as this are driving the EU to develop robust standards for technology and to ensure that they are actually useful in real-life applications. As part of this, BioSec was set up at the end of December 2003 to engender a European-wide approach to the development of biometric technologies for security applications. It comprises a multinational consortium of companies, universities, public institutions and governments from nine European countries, providing a solid base for piloting prototypes and applications.
With a remit covering a very wide area, BioSec's three main objectives are:
* To enhance biometric technologies: including the refinement of user interfaces, sensors, devices and algorithms, and advancing the usability of biometric devices. Work is being done to improve storage systems, including personal, portable and centralised devices, to improve technology systems such as those that support transactions made over computer networks, and to enhance interoperability of devices and support for public key infrastructures.
* To ensure that technologies meet the requirements of real-world scenarios: the work that BioSec is doing in this area includes evaluating usability and acceptability of biometric technologies through field tests, including scenarios for physical and remote access, as well as contributing to the definition and adoption of standards and interoperable solutions for biometric-based transactions.
* To become the reference point for al European research into biometric technologies and to ensure that European experts are central to the development of international standards for biometrics to avoid the imposition of unworkable schemes.
The BioSec consortium was set up to conclude its work by end-2005. At the halfway point, the group has just help its second workshop at the European Commission in Brussels to present achievements to date and outline the challenges that are still to be faced. Progress has been good, with a number of workable prototypes developed and good results in field tests.
But a number of challenges remain in bringing biometrics into everyday use. BioSec has boiled these down into three main areas of concern, known to BioSec members as ‘LSD'. These stand for legal issues, such as concerns about privacy and data protection, standardisation issues, including technical interfaces and interchange formats, and deployment issues, divided into technological and social barriers to use.
Information about the work of BioSec can be found at www.biosec.org