The case against biometric identity theft protection

The case against biometric identity theft protection

According to Winston Churchill, there is no worse mistake in leadership than to hold out false hopes. One area where false hopes have long abounded is information security, and it's happening again.

This time the false hope we're extending is that we can deploy one simple piece of technology that will significantly reduce the problem of identity theft. Of course, identity theft is a huge and growing problem. Each year, the identifying information of millions of Americans is stolen from corporate databases. Companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.

Worse, identity theft can harm victims through lost savings, rejected loans and denied jobs. CIOs are faced with a security challenge that threatens the viability not only of the IT organization but of the entire corporation as well. To date, the countermeasures that we've deployed -- passwords, PINs and authentication tokens -- have been ineffective. All can be stolen and used by the nefarious.

This has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. But do the benefits of biometrics outweigh the risks?

Biometrics rely not on something you have (a credit card) or something you know (a PIN), but something you are(your fingerprints, palm prints or retinas). Those unique biological identifiers are electronically read and converted to a string of ones and zeros and sent to an authenticator. There the information is compared with the string of numbers on file in the authenticator database.

And there is the weakness, for the risk of transmission interception or database theft remains unchanged. If a credit card number can be stolen, then the sequence of numbers that make up a fingerprint can be stolen just as easily. It might take thieves a little time to gear up to this new challenge, but gear up they will. Undoubtedly, in the years to come, news reports about fingerprint, palm print and retinal eye scan thefts will be just as common as credit card number thefts are today.

Related Links

Other Columns by George Tillmann

IT services account managers: Planning globally, acting locally

Customers and clients and consumers, oh my!

Aligning IT with the business is not enough

When it comes to IT's customers, one size does not fit all

Don't report to the CEO? Maybe that's OK

So, does that mean biometrics will leave us right where we are? No, they will leave us in a worse place. Think about it: If you lose your credit or ATM card, the issuing company can replace it. If your PIN becomes compromised, the bank can give you a new one. Even a Social Security number can be replaced. But what do you do if someone steals your retina scans? Who is going to give you new eyeballs?

What will stop thieves from electronically sending your stolen fingerprints to your bank to confirm that you really do want to clean out your bank account through an ATM in Islamabad? What will you do when your digitized fingerprints wind up on a government No Fly list? If you think it takes forever to board a plane now, wait until every law enforcement agency in the free world has your fingerprints on file as a suspected thief or, worse, a terrorist.

The reality is that biometrics are a feel-good measure designed to give people the false impression that they are more secure than they were before, when in fact they are more at risk. Identity theft victims report that it can take three, five or more years to clean up the financial mess left after a stolen Social Security number. How long will it take to clean up a stolen fingerprint?

Where does this leave the CIO? Not in a very comfortable position. While the threat of information theft is unchanged, the risk of inflicting unnecessary hardship on employees, customers and citizens is very real. In the coming years, we will see how many CIOs stand up to the unenviable task of confronting the uncomfortable facts and how many surrender to spreading false hope to a fearful constituency.

George Tillmann is a former CIO, management consultant and the author of The Business-Oriented CIO (John Wiley & Sons, 2008). He can be reached at

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments