[Dave Birch] I actually rather enjoyed my day out at Biometrics 2009 because it was an opportunity to catch up with old friends and see what the buzz is. Yes, you can have LinkedIn and Twitter, but there's still no substitute for hanging out in the coffee area at a big conference. Some of the content was, though, somewhat reminiscent of Biometrics 2008, 7, 6... we're still not at a mass market, and part of the reason is that no-one seems to know what that mass market is. Is it fingerprint scanners in every laptop? I doubt it. Is it logging in to your bank using voice authentication? Maybe. Is it using your National ID Card to get served in a pub? Doesn't look like it at the moment.

Personally, based on a couple of sessions I sat in on, I thought there was some confusion about the proposition -- not from everyone -- and I suspect that at least part of the problem is that the major integrators come from the government and defence space, so their approach to the market and their product set reflects that. If you've made a living selling large-scale automatic fingerprint identification systems to law enforcement agencies, then it may be difficult to make the transition to selling improved authentication to banks. And there's no reason to suspect that that improved authentication will be achieved using the same technologies anyway.

I happened to be sitting next to Forum friend Maxine Most from Acuity Inc, one of the world's leading analysts of the international biometrics market, and she made a key point early on in the day: the mass market is about mobile phones, not PCs. This was a central element of my presentation on biometrics in the event space and was further amplified by the Precise Biometrics presentation advocating match-on-SIM going forwards. This, as an aside, suggests to me that there is a premium on biometric technologies that synergise with mobile phones -- we're talking about the mass commercial market here, not law enforcement and national security -- so that really means voice recognition and voice authentication (I don't buy the fingerprint-scanner-in-handset model in the mass market). A couple of people remarked that these biometrics didn't seem to be getting much coverage compared to fingerprints, iris and the like, which I imagine is also a reflection on the government and law enforcement focus of the show.

I sat in on a panel about privacy, which lacked some of the more robust debate that I associate with privacy issues and ended up with a slightly predictable conclusion, that biometrics can either increase or decrease privacy depending on how they are deployed, although it was never made entirely clear what was meant by privacy in the first place. I expressed my basic concern that the industry might do something really dumb so that we never get to use biometrics in a privacy-enhancing role.

yet the thoughtless use of biometrics will not only not solve the identity problem but will also mean a privacy nightmare.

[From Privacy Value Networks » Blog Archive » Do biometrics help or hinder?]

How can using your biometrics in transactions being privacy-enhancing? Surely, any use of biometrics must compromise privacy by leaving "personal" data all over the place? Well, an example that I gave before is the use of fingerprints to check that alcohol purchasers are of legal age in the North of England. The potential drinkers register for the scheme by presenting supporting documents and putting their finger on a scanner. Their fingerprint template then goes into a database. But that's all that goes into the database. When the customer wants to buy a drink, they put their finger on the scanner, which then sends the template for matching. If it's in the database, you get a green light. If it's not in the database, you get a red light. No names, no details. Nothing to steal. Nothing to leak.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

biometrics, ID cards, passport