Protecting Biometric Data with Extended Access Control
Biometric datasets represent very sensitive personally identifiable information (PII). When used to authenticate a subject’s transactions and travel, they could be misused to track the subject’s actions and movements. In the case of fingerprints, biometric datasets could even be used to falsely incriminate the subject in a physical crime.
In addition to these privacy concerns — which are taken more seriously in some parts of the world than others — there exists an important realization for anyone who relies on biometric data: if biometric datasets fall into criminal hands, they could be used to impersonate the subject, and thereby allow criminals to evade safeguards intended to identify and apprehend them.
Much work remains to be done to devise acceptable ways of controlling the use, storage and communication of personally identifiable information. However, the European Union has been proactive in standardizing a scheme for controlling the release of biometric datasets from their citizens’ ePassports and other electronic identity documents.
An innovation in the security of machine-readable travel documents (MRTD), Extended Access Control (EAC) has been adopted and deployed by the EU, as well as by some countries outside the EU.Download File