Al eerder schreef ik over de onjuistheid van het idee dat biometrische authenticatie/identificatie zo veilig zou zijn. Deze foute gedachte leidt een hardnekkig leven.

De Europese privacy toezichthouder EDPS schreef een lezenswaardig document waarin op de risico’s van biometrie wordt gewezen en waarop ik graag de aandacht vestig.

Lees bijvoorbeeld:

“Biometric identification/ authentication systems are safer for users”

Any of the multiple systems in which our biometric data are processed can suffer a security breach. Unauthorised access to our biometric data in a system would allow or facilitate (in the case of multiple authentication factors) access in the rest of the systems using such biometric data. It could have the same effect as using the same password on many different systems, so the scale in biometric deployment is a problem in itself. Moreover, unlike password-based systems, once biometric information has been compromised it cannot be modified or cancelled.

If biometric information was previously stored in a few databases (mainly for public security or border control purposes), it is now stored in an increasing number of devices. This greatly increases the probability of a security breach leaking biometric data (during its collection, transmission, storage or processing), something that is already happening.