Skip to content

Protecting Personal Information

FEDERAL PRIVACY LAWS “have failed to keep pace with technological change,” according to Ari Schwartz of the Washington, D.C.-based Center for Democracy and Technology. He made that point in testimony at a recent Senate hearing on protecting personal information.

Schwartz says one problem is that the Privacy Act of 1974 covers only data that falls under the “system of records” classification, and much of the personal data that the government keeps falls outside that realm.

As defined by the law, a system of records must be regularly retrieved by the individual’s name or some other identifying number or concept, such as a Social Security number. But the advances in search and database technology mean that many government data-mining programs do not require a search by name. They, thus, stay outside the Privacy Act’s reach, despite relying on databases chock full of personal information.

Additionally, Schwartz cites various contractor databases that the government uses without bringing that private information into a federal database that might come under the law’s jurisdiction. Schwartz exhorted Congress to step in and devise a bill that would provide the changes needed to safeguard personal information.

Another topic discussed at the hearing was the vulnerability of biometric information increasingly being used for identification.

The E-Government Act of 2002 should be amended to require that all biometric data be stored and transmitted in encrypted form, to protect it even in the event of a data breach, said Peter Swire, professor at the Moritz College of Law at Ohio State University and a fellow at the Washington, D.C.-based Center for American Progress.

Swire advocated a biometric encryption approach that matches a biometric to a PIN or key, which is only produced if the proper biometric is presented.

But even those approaches are sometimes vulnerable, because they rely on and reuse actual biometric information for verification, says Terrance Boult, computer science professor at the University of Colorado.

Although certain types of biometric encryption, such as the one-time PIN and biometric data, can provide perfect security, in actual practice the biometric data is often used more than once. This provides the means to beat the encryption in repeated use, even if the PIN is changed.

However, Boult, who founded biometrics company Securics, Inc., does point out that encrypting the biometric, even if it is tied to a reusable PIN, is “still better than raw templates. It just isn’t near as secure as you would want it to be.”

There are also other types of biometric encryption, such as Securics’ solution, which transforms the data from biometric form into what he calls biotope™ form. The biotope does not use the actual biometric for verification, so even if it is compromised, the biometric is not, which makes it more secure, according to Boult and Walter Sheirer, lead biometrics engineer at Securics and a University of Colorado graduate student. This technology has not been widely reviewed by independent parties and is not commercially available.

If it works as intended, the fact that it does not use the actual biometric could be an important advantage, because, as Swire notes, “It is hard enough to get a new Social Security number once you have been the victim of identity theft. Once your fingerprint is known, though, you can’t get a new finger.”

Both Boult and Sheirer, like Swire, are concerned that the government is not doing enough to protect biometrics. “The government of the United States has made it clear that privacy is not an issue to them; they view biometrics as not being private data,” says Sheirer. And indeed, Homeland Security Secretary

Michael Chertoff recently referred to fingerprints as being “hardly personal data” and “not particularly private.”

Boult points out that he has made more headway in promoting these privacy-enhancing technologies when he emphasizes security rather than just privacy.

“Once those databases get compromised, and they will if we build large databases, two things happen: Those people have a privacy implication who were compromised. But if their fingerprint can be used to, say, access a weapons depot, it’s a national security concern too. If their fingerprints can be used by somebody who wants to try and enter a federal building using somebody else’s identity, that’s a problem of security, not just privacy,” says Boult.