Homeland Security to Propose Biometric Collection Rules
upstart writes in with an IRC submission:
Homeland Security to Propose Biometric Collection Rules:
The Department of Homeland Security (DHS) is to propose a standard definition of biometrics for authorized collection, which would establish a defined regulatory purpose for biometrics and create clear rules for using the information collected.
A proposed expansion would modernize biometrics collection and authorize expanded use of biometrics beyond background checks to include identity verification, secure document production and records management.
The proposed rule would also improve the screening and vetting process and reduce DHS' dependence on paper documents and biographic information to prove identity and familial relationships. It said the proposed rule would authorize biometrics collection for identity verification in addition to new techniques such as voice, DNA test results and iris and facial recognition technologies.
[...] Joseph Carson, chief security scientist and advisory CISO at Thycotic, asked if the DHS will collect only a mathematical computation of biometrics, or if it collect the actual raw data, as this really increases both security and privacy risks. "It should also be clear on what it can and cannot be used for since limitations in scope should always be clear. It is important to note that biometrics are not a replacement for passwords but are improved and secure replacements for usernames as they are typically used for identifiers and not actual secrets. It should also be made clear on how long the data will be kept and whom it will be shared with."
Carson said whilst biometrics improve identity proof, document verification and reduce password fatigue, they also introduce additional security risks that must be managed and secured using strong privileged access management. "It is important to protect the government, but at the same time, also protect the citizens," he said. "When biometrics are abused, or stolen, it impacts the citizen for life and the company/government for a limited time."
Read more of this story at SoylentNews.