Puzzling Perception – Sacrificing Privacy for Decreased Security?
How much of our privacy are we ready to sacrifice in return for DECREASED security, not for increased security?
Biometrics vendors seem to be reluctant to make it clearly known that biometrics and a default/fallback password/PIN are used together in a security-lowering ‘two-entrance’ deployment, not in a security-enhancing ‘two-layer’ deployment, in what they call “2-factor” biometrics authentication.
The outcome is that we are awkwardly talking about how much of our privacy we could sacrifice in return for the increased security when we actually need to talk about the privacy sacrificed for lowered security.
I am wondering how long we stay indifferent to this idiotic and unethical situation.
Click the link for more- https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
** There are two houses in the picture above – one with one entrance and the other with two entrances: which is friendlier to burglars who want to sneak into?
The false sense of security has only been benefiting criminals, hasn’t it?
Biometrics has continuously contributed to providing a favorable environment to criminals, not to citizens, for nearly two decades and the public has been misled to believe that biometrics has provided better security for citizens. This false sense of security might well keep causing huge damages on our societal life for many more years unless somebody speaks out articulately.
Over several years we have repeatedly made clear that biometrics brings down security to the level lower than a password-only authentication where it is used together with a password in a ‘multi-entrance’ deployment, as against a “multi-layer” deployment.
We have received not a single logical or evidence-based refutation, which led us to suspect that the biometrics guys love a one-way propaganda but hate the exchange of opinions.
They might be prepared to allow people to debate on ‘spoofing’ and ‘data leak’, because they could counter these debates by talking about the eternal endeavor of improving technologies. But it looks like they are aware they cannot afford to be involved in the discussion on the negative security effect of biometrics used with a 'fallback password’ required against false rejection/non-match, presumably because there is absolutely no way of eliminating the presence of trade-off relation between false match/acceptance and false non-match/rejection due to the nature of the body features inherent in living animals.
In other words, it looks as though they are afraid that, should they publicly admit the necessity and actual presence of 'fallback measure', a default password/pincode in most cases, the very foundation of their decades-long allegation of “Biometrics brings better security than passwords” would evaporate right away.
As such we are led to suspect that all that the biometrics guys can do is turn a blind eye, cover their ear, close their mouth and keep earning as much quick money as possible before their 'business model' collapses.
Incidentally, we are also very worried to have noticed that biometrics data is seldom publicized in a logical and scientific manner.
Quite a few biometrics vendors publicize a part of a fact and do not disclose the other part of the fact, for instance, publicizing a nicely low false match/acceptance rate without saying anything about the corresponding false non-match/rejection rate, which could be alarmingly high, but remains unknown to the public.
Subsequently, this phenomenon comes with their silence on the need and presence of a fallback password/pincode against the false non-match/rejection, which brings down security to the level lower than password/pincode-only authentication, as repeatedly made clear in this article.
Moreover, we could add that unsubstantiated theoretical data is often presented as if it were the objective empirical data.