One way that shows a lot of promise in trying to combat identity theft is implementing biometric identification. You can see this on television crime shows like CSI, NCIS, etc. Biometrics include fingerprints, facial recognition, voice patterns, retinal scans, DNA, the list goes on.
Although it has been a scapegoat for many identity thefts, in many ways technology has provided some of the most solid defenses against the rising tide of identity theft. RFID tags, data encryption and innovations along those lines have gone a long way to helping us secure our personal information. The Federal government is even considering using biometric ID cards to combat illegal immigration. In fact, it's easy to make the argument that the problem isn't in the technology but in our lack of interest in protecting personal information.
Victims of identity theft report that it can take three to five years, or even longer to fix an identity theft problem. Keep in mind, you can get a new credit card in two weeks, once you have all the information to the bank or credit issuing authority. But who's going to the issue you a new set of fingerprints if they get stolen?
The idea of somebody stealing your biometric information isn't as farfetched as you might hope. It has already been shown how simple it would be to plant false DNA evidence. This article even goes so far as to say, "Any biology undergraduate can perform this."
In the end we will probably see the same problems arise, and some think the problem may get even worse. This is because the way biometrics work isn't really any different from credit cards.
What's The Difference?
It's easy to think of credit in terms of the plastic cards in our pocket, since we can touch them, and that makes it more real. But this isn't the case. Today, credit is really nothing more than a long string of numbers stored in a computer somewhere. When you swipe your card at the local Wal-Mart, the information stored on your card is converted into a number as well and sent to your bank. If the numbers match up you get to walk home with a bag full of goodies.
Biometric identification works in a similar manner, but you're using your fingerprint instead of a card. It will still be turned into a string of numbers and run through a computer network. In the end does it really matter where the string of numbers comes from when an identity thief gets hold of it?
Despite the predictions of some experts, a database is still just a database. A hacker can still steal data from a computer or network, it doesn't matter if that data is a credit card number, or a digital voice print.
As far as security is concerned, many experts agree that maintaining "token" forms of identification are probably superior. Token identification is a card, password, PIN etc. – something that can be canceled, or changed if it is lost, misplaced or stolen. On the other hand biometric identification can't be lost, misplaced, or loaned to a friend, but it can't be replaced if it's compromised, either. This, combined with certain privacy issues (tracking, profiling, consumer-related privacy issues etc.) are making experts give serious consideration to whether or not biometrics are a viable option on a large scale.
It's easy to understand why this brings a sense of security, since no two fingerprints are the same. On the surface it seems like a secure form of identification. But security doesn't come from knowing that you are you, security only comes from knowing the information associated with your name is accurate, no matter what database that information might be in. In other words, if an identity thief managed to convince a fingerprint scanner that they were you, they will probably not come back to court if they manage to get released on bail/bond. In that situation, proving who you are won't help.
Biometrics have a few quirks of their own, though. For example, some states have started implementing a "no–smiles" policy for driver's licenses. This is because those states are now using facial recognition software to stem the flow of driver's license fraud. But the software might get confused if the subject smiles.
Furthermore, advocates like to say it's impossible to duplicate (for example) a fingerprint, but that's already been proven wrong. In fact, it's easy to do with a simple laser printer, and a little bit of spit.
But the biggest consideration is that a biometric identity system is only going to be as good as the information that's put into it in the first place. In other words, your fingerprint won't tell anyone who you are, all it can really do is keep you from using somebody else's identity once you are in that system. In fact, identity theft expert John Sileo said, "If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history — and our thumbprint will become just another Social Security Number."
And that would be a grim future indeed.