privacy and biometrics: a developing case study
DESCRIPTION
Privacy and Biometrics: A Developing Case Study. Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI. Overview. Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics - PowerPoint PPT PresentationTRANSCRIPT
Patrick J. Gossman, Ph.DDeputy CIO
Wayne State UniversityDetroit, MI
OverviewPresent a short case study, still in
development, to illustrate the “power” of privacy concerns around biometrics
Discuss key questions that may be raised in any campus deployment
Lead into an in-depth review of the law
11/18/10 Wayne State University 2
The SituationA large urban campus, 100 buildings200 custodial staff, unionizedCentral check-in inefficient, error-proneDesire distributed readers so staff can report
directly to their work locationRemote check-in easily spoofed with
magnetic stripe card readers
11/18/10 Wayne State University 3
Perfect SolutionBiometric readers inside all buildings for
check-in and check-out of custodial staffBiometric readers well-proven technologies,
not easily spoofedInitial up-front cost, but reasonable
maintenance costs
11/18/10 Wayne State University 4
So, why are we installing CARD readers?Privacy became a key issueConcern about dealing with privacy led to
many other questions:Does the technology solve our problem?Introduce other problems?Worth the cost?Maintenance questions?
11/18/10 Wayne State University 5
Biometrics - Privacy ConcernsHow secure are the data?Hosted solution, added concerns?Who has access?What data are we gathering?If released, how might it be used?How long do we keep it?What will be done with it?
11/18/10 Wayne State University 6
SecurityStorage is in highly secure environmentsSAS 70 security auditAccess to data is strictly controlled by
password and roleAll data are transmitted via VPN
11/18/10 Wayne State University 7
What Data?Biometric identifier vs. tracking dataBiometric identifier considered was hand
geometryPhysical images would not be storedHand geometry technology is encrypted on
both ends (storage and reader) and of no use if decrypted otherwise
11/18/10 Wayne State University 8
How Will Data Be Used?Management reports onlyReports using biometrics would be no
different than if card readers or manual entry of attendance data were deployed
11/18/10 Wayne State University 9
So why are we installing CARD readers?No guarantees (are there ever?)Technology sounds complex, obtuseDon’t trust what you don’t understandDon’t trust technology and administration Deployment plan with biometrics would close
some loopholes, but not allTherefore, start with less intrusive process
11/18/10 Wayne State University 10
In Our Case. . . More WorkCard readers are accepted and address the
first problem of efficiency – staff go directly to work assignments
Biometrics would help eliminate spoofing and problems with lost cards
Neither solves absence between check-in and check-out
Building access is a related issue
11/18/10 Wayne State University 11
In Your CaseProblem analysis is critical.Biometrics are just tools.Processes are critical.Total plan must be solid, ROI analysis solid,
need for biometrics solid, particular technology well chosen.
Campus culture cannot be ignored.
11/18/10 Wayne State University 12
ClosingChoose least intrusive technology Make it simple to understandTransparency is requiredConsider broad participation in decision
process to aid adoptionDifferentiate between what is required by law
and what is required by your culture
11/18/10 Wayne State University 13
Patrick J. Gossman, Ph.D.Deputy Chief Information OfficerWayne State UniversityDetroit, MI 48202
[email protected](313) 577-2085
11/18/10 Wayne State University 14