W3C home > Mailing lists > Public > public-credentials@w3.org > September 2021

Re: the link between biometrics and PII needs careful management

From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 1 Sep 2021 13:33:33 -0400
Message-ID: <CANYRo8gm9KQhRLxzw_DAx-sKM-ELiHm2GRo4rfy3MnwkV1yR8Q@mail.gmail.com>
To: George Artem <georgeartem@gmail.com>
Cc: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>, Daniel Hardman <daniel.hardman@gmail.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
When is a link between biometrics and PII really needed?

   - fraud detection (avoid sharing a credential - NOT if a reasonable
   entropy templated biometric is available with the credential)
   - deduplication (avoiding Sybil subjects to ensure accurate reputation -
   NOT if a bond or stake can be imposed)
   - notification (biometric index into contact info for follow-up - NOT if
   the contact info is mediated under control of the subject)
   - notarization (a trusted third-party maintains the link but has no
   access to the credential itself - NOT if compromise of the notary is

I describe this and more in this short post:
Privacy engineering of VC protocols and practices is not as simple as
introducing a "holder" because biometrics and mandated biometric links
(like ankle bracelets or "certified - client credentialed" phones that
unlock with biometrics) are a persistent threat.

Biometrics are the ultimate coercion tool and any link to verifiable
credential protocols, in or out of band, needs to be treated with extreme
suspicion because digital credentials can reduce the friction in applying
biometrics by orders of magnitude.

I would like to open an issue to track this thread. Where should that be?

On Wed, Sep 1, 2021 at 10:14 AM George Artem <georgeartem@gmail.com> wrote:

> ++
> Sent from my iPhone
> On Sep 1, 2021, at 8:54 AM, Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl>
> wrote:
> I think the issue is a bit more profound than distributing sets of PII
> (which include biometrics) and linking them. Back in 1940-1945 (WW II),
> there were not biometrics. A high-quality (paper) citizens register was all
> took for the Germans to round up Dutch citizens of Jewish origin and deport
> them.
> *From:* Daniel Hardman <daniel.hardman@gmail.com>
> *Sent:* woensdag 1 september 2021 09:02
> *To:* public-credentials (public-credentials@w3.org) <
> public-credentials@w3.org>
> *Subject:* the link between biometrics and PII needs careful management
> https://www.technologyreview.com/2021/08/30/1033941/afghanistan-biometric-databases-us-military-40-data-points/
> My takeaway: Instead of putting PII and biometrics in the same database,
> we need to put them in different places, but prove that there's a link
> between the holder of a biometric cred and the holder of other PII. I see
> companies like iRespond doing this, but I also seem some
> biometric applications that are more troubling.
> This message may contain information that is not intended for you. If you
> are not the addressee or if this message was sent to you by mistake, you
> are requested to inform the sender and delete the message. TNO accepts no
> liability for the content of this e-mail, for the manner in which you use
> it and for damage of any kind resulting from the risks inherent to the
> electronic transmission of messages.
Received on Wednesday, 1 September 2021 17:33:58 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:22 UTC