WASHINGTON, Feb. 25 (UPI) -- A simplified approach to embedding small computer chips into identity cards, in order to hold fingerprints and other data, could be a way to meet heightened security in the post-Sept. 11 world without raising privacy worries, a privacy advocate said Monday.
Most proposals raised recently involve connecting the chip-containing "smart cards" with a central database of biometric information, such as fingerprints and retinal or face scans. This concentration of data has raised red flags in the privacy world, since a security breach would compromise hundreds or thousands of individuals' IDs, said Ari Schwartz, an analyst at the Center for Democracy and Technology in Washington.
"(A database is) easier to protect because it's centralized, but once it's compromised it means a lot more ... you can't send out patches for the cards," Schwartz told United Press International.
At the recent Biometric Consortium Conference in Arlington, Va., two companies discussed a simpler way of utilizing fingerprint information.
Baltimore-based Biometric Associates and Global Biometric in Tampa, Fla., have similar plans to use the smart card itself to hold the fingerprint data. People would get the cards by proving their identity at a trusted agent, such as a bank or government agency, which would provide only the person's name to the companies.
The smart card would store at least one fingerprint onboard. When the person went through a security checkpoint, the card's fingerprint data would confirm identity, and the database would confirm the person had indeed been issued the card. The ID would be worthless to anyone but the owner, and replacing a lost card would involve repeating the verification process.
"If the only way to get that biometric info into the card is through some third party that's done a verification check, you don't have the concerns about a centralized database but you do have something to reference it on," Schwartz said. "It's similar to what's being done with digital signatures; they may not go back and check every single signature, but if you want to, go ahead and check if this person really did sign up for this ID at this time."
Doug Kozlay, president of Biometric Associates, said the cards would safeguard the data with encryption almost 10 times stronger than the best system available on the Web. The approach would also simplify deployment and cost issues by keeping the biometric system confined to a mass-produced card, he said in a presentation.
The efforts have taken on new urgency since the World Trade Center and Pentagon attacks, said Michael Shapiro, Global Biometric's chief operating officer.
"Our technology was already well under development. ... We are bringing the most advanced technology to market sooner in order to meet ever-increasing security needs," Shapiro said in a statement.
The idea of limiting the biometric information to the card might also ease worries about misuse of such a powerful ID system, Schwartz said.
"People could feel more comfortable that this wouldn't be used for some sort of greater governmental control than a centralized database would," Schwartz said. "You can't really use it beyond some small set of original purposes."
