Fickle Pickle wrote "I am not claiming that the biometrics are foolproof". Well actually this thread started out with exactly that sort of claim: Kevin Cox wrote that "[it is] very, very difficult for someone else to steal their identity. The only way for an electronic identity to be stolen is to physically kidnap or take control of the person". These claims are just not true; they should not have been made; biometric proponents too often get away with quite careless exaggeration of their powers.

And the rest of the argument is also pretty slapdash. Forgive the nitpicking, my point is not to split hairs so much as to show that a solid security threat & risk assessment is sorely missing.

"if the error rate on the biometric is 1% and the likelihood of the phone being stolen and used for fraud is 1 in 1000 and the likelihood that the thief knows the pass phrase is also 1 in 1000 then the chance of an imposter succeeding is 1 in 100,000,000. (OK I know they are not independent but you get the idea)". They are certainly not independent but 'getting an idea' -- presumably a rough idea -- is not the way to design and justify a security system! You cannot assign these probabilities without knowing what the threat vector is. If someone is trying to defraud me, then the chance of my phone being stolen is not 1 in a 1000, it may be closer to 1!

Another loose claim is that "a reason why biometrics are useful is that when a fraud is detected there is a physical link to the real person that may be used in evidence". But for unsupervised biometrics, where the threat that concerns me the most is taking over someone else's bio and replaying it to impersonate them, you have no link to the fraudster, only the original innocent's template!

Cheers,

Stephen Wilson.

Stephen,

A person's identity is the sum of the relationships with other people and organisations. Those relationships are represented in many different ways. For example, I have a relationship with a bank through owning a credit card and I represent my assent to using the credit card in different ways - typically with a physical signature. If my credit card is stolen and someone forges my signature then part of my identity is stolen but not my whole identity.

These relationships and the way we agree to express them are each vulnerable and each can be stolen without too much trouble. If however, we have an electronic me and one relationship is stolen then with a well designed system the other parts of my "electronic me" will become aware of the theft and again with a well designed system compromising one relationship does not compromise others. This is what I mean by it being difficult to steal an electronic identity.

With an electronic identity with a rich set of relationships any level of security for a particular threat can be created through multi factoring. That is, we include more and more relationships before an action is taken to whatever level of security is needed for the action to occur. An electronic me makes two factor, three factor, four factor etc authentication simple and easy to accomplish.

The electronic me is not a specific design to guard against specific threats. It is an artifact (the electronic me) that makes it possible for specific "threat vectors" to be addressed to an appropriate level of risk.

It makes more sense if you think of the electronic me as an architecture to implement identification solutions and it gains its utility through the interconnection of relationships.