The double edged sword of using biometrics for data security

Steven Hodson

Just how secure is our data?

Just how secure are all those databases that our information is stored in?

Security companies would have us believe that biometrics are the best way to secure our data and to verify that we are who we say we are. This is why you see things like fingerprints, photographs, and iris scans being collected in giant databases as well as being used as a verification to view those databases.

The problem is those databases are only as secure as the people both working on them and supposedly protecting them. So what happens when one of those people decides that they are also a perfect way to make money by selling that biometric data to the highest bidder.

This is what has happened in Israel as the records of 9 million Israelis, both living and dead, has ended up in the hands of criminals. This data includes name, date of birth, their national identification numbers, and family members; but what is even worse is that the database contained the information of the birth parents of hundreds of thousand adopted citizens.

This breach was discovered this past Monday when a contract worker for the Israeli Welfare Ministry was arrested for stealing the country's primary national biometric database back in 2006. It was only after he was fired from his job for unrelated reasons that he began to offer the database for sale resulting in his arrest.

Subsequently an additional suspect uploaded the whole biometric records database to the web where, with some quick Google searches, you can find more than a few torrents for the files.

via Fast Company