There are a number of aspects that need to be explored to assess biometric techniques. They not only affect the methods themselves, but also legal and economic considerations are important. No biometric procedure offers absolute detection reliability. This is partly due to the method per se - the comparison of the data is carried out according to the rules of probability, so can never provide 100% security. For example, people may be falsely rejected, others may be mistakenly accepted, or the feature may be so small that it can not be detected by the device. On the other hand, physical characteristics can change - due to age, illness or injury.
Problems in practice
The Federal Office for Information Security (BSI) responds to a request in this regard that in such cases an "alternative procedure should be available as an exception treatment", eg "other biometrics" or "other technical procedures up to manual control by personnel a passport ".
How exactly this is done in practice remains unclear. When determining which exemptions are to be used at what time? What does a patient with pathological changes in the eye who is at an airport in another country and whose iris scan suddenly no longer fits his reference profile? And even though the comparability and interplay of biometric data is ensured by an international standard (ISO / IEC 19794), the question is who, and how often, are the issuing and reading devices certified, certified and maintained.
Only a few examples illustrate that the implementation into practice has pitfalls. Another important point is data security:
Personal or personal data are subject to data protection regulations. This means that their collection, storage and processing is only permitted on the basis of an existing legal basis or a voluntary and informed consent of the person concerned.
However, this does not necessarily protect such sensitive data from misuse. In particular, centrally stored data can be used for other purposes in the case of inadequate safety precautions or conclusions can be drawn about other characteristics of the person (for example, certain eye changes may indicate illnesses such as diabetes or hypertension).
Another problem is that domestic German or EU regulations are not necessarily internationally valid. Just think of the discussion about the storage and recovery of data collected by international airlines in the US. (The captured passenger data is translated into a program that assesses every traveler to the United States according to their threat potential, especially the fact that this data is not only stored for 40 years, but those affected have no right to see the reviews.)
Despite all concerns, one must not forget that even the passport photo in the good old identity cards is a biometric feature, which - unlike the newer methods - passes on information about the Passträger unencrypted!