1 / 14

Privacy and Biometrics: A Developing Case Study

Privacy and Biometrics: A Developing Case Study. Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI. Overview. Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics

austin-chaney
Download Presentation

Privacy and Biometrics: A Developing Case Study

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Biometrics: A Developing Case Study Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI

  2. Overview • Present a short case study, still in development, to illustrate the “power” of privacy concerns around biometrics • Discuss key questions that may be raised in any campus deployment • Lead into an in-depth review of the law Wayne State University

  3. The Situation • A large urban campus, 100 buildings • 200 custodial staff, unionized • Central check-in inefficient, error-prone • Desire distributed readers so staff can report directly to their work location • Remote check-in easily spoofed with magnetic stripe card readers Wayne State University

  4. Perfect Solution • Biometric readers inside all buildings for check-in and check-out of custodial staff • Biometric readers well-proven technologies, not easily spoofed • Initial up-front cost, but reasonable maintenance costs Wayne State University

  5. So, why are we installing CARD readers? • Privacy became a key issue • Concern about dealing with privacy led to many other questions: • Does the technology solve our problem? • Introduce other problems? • Worth the cost? • Maintenance questions? Wayne State University

  6. Biometrics - Privacy Concerns • How secure are the data? • Hosted solution, added concerns? • Who has access? • What data are we gathering? • If released, how might it be used? • How long do we keep it? • What will be done with it? Wayne State University

  7. Security • Storage is in highly secure environments • SAS 70 security audit • Access to data is strictly controlled by password and role • All data are transmitted via VPN Wayne State University

  8. What Data? • Biometric identifier vs. tracking data • Biometric identifier considered was hand geometry • Physical images would not be stored • Hand geometry technology is encrypted on both ends (storage and reader) and of no use if decrypted otherwise Wayne State University

  9. How Will Data Be Used? • Management reports only • Reports using biometrics would be no different than if card readers or manual entry of attendance data were deployed Wayne State University

  10. So why are we installing CARD readers? • No guarantees (are there ever?) • Technology sounds complex, obtuse • Don’t trust what you don’t understand • Don’t trust technology and administration • Deployment plan with biometrics would close some loopholes, but not all • Therefore, start with less intrusive process Wayne State University

  11. In Our Case. . . More Work • Card readers are accepted and address the first problem of efficiency – staff go directly to work assignments • Biometrics would help eliminate spoofing and problems with lost cards • Neither solves absence between check-in and check-out • Building access is a related issue Wayne State University

  12. In Your Case • Problem analysis is critical. • Biometrics are just tools. • Processes are critical. • Total plan must be solid, ROI analysis solid, need for biometrics solid, particular technology well chosen. • Campus culture cannot be ignored. Wayne State University

  13. Closing • Choose least intrusive technology • Make it simple to understand • Transparency is required • Consider broad participation in decision process to aid adoption • Differentiate between what is required by law and what is required by your culture Wayne State University

  14. Patrick J. Gossman, Ph.D. Deputy Chief Information Officer Wayne State University Detroit, MI 48202 pgossman@wayne.edu (313) 577-2085 Wayne State University

More Related