Administration of Biometric Database Systems:
What is Being Done to Ensure Adequate
Security of biometric databases?
Dissertation Idea Paper
Submitted in Partial Fulfillment
of the requirements for the Degree of
Doctor of Professional Studies in Computing
School of Computer Science and Information Systems
August 12, 2005
Biometric technology has been around for many years, since the 19th century, specifically
in the form of fingerprinting. Since September 11, 2001, commonly known as 9/11, there
has been a ramp up of biometric technology, with specific focus on combating terrorism
aimed at the United States of America. There are numerous papers written discussing
aspects of biometric technology development and applications for other biometric
characteristics, and this is in its infancy. The specific human characteristics, the testing
already completed, the results of the tests, and biometric systems currently used in
collecting the biometric data on each particular characteristic are all discussed in detail
but not much is being written on the biometric databases that store this data.
1. Essence of the Research
The focus of this paper is to look at the administration of biometric databases in the
United States. In particular,r it will explore what kinds of technologies will be use to
make them secure. The goal of the International Civil Aviation Organization (ICAO)
is to have centralized databases. This will increase the risk of the use of biometric
data as a key to interconnecting databases . Even though paper will concentrate on
the biometric databases in the USA, it may at times refer to outside agencies since the
USA collects biometric data outside its borders. The collection of biometric data
outside of the USA is mainly for the purpose of the Homeland Security objective,
which this paper is not focused on.
Biometrics is used to identify people based on their biological traits. It is a growing
technological field which has deep implications because proving identity is becoming
an integral part of our daily lives. It is evident that our identity is frequently required
whether through passwords, signatures, cards, etc. Biometrics allow us to
authenticate ourselves with things that we carry with us wherever we go, such as our
hands, eyes, voices, faces, fingerprints, etc. Biometric systems involve converting
unique human body characteristics into digital codes, and storing them in a database.
Biometric data is captured, extracted and encoded as a biometric template . The
collection and storage of some biometric data is intrusive and this entire process
could have far-reaching impact on the user‟s behavior.
2. Significance of the Research
Authorities have to demonstrate that they are capable of securing and properly managing
this very sensitive information. In recent times we have seen where personal data has
been mismanaged by banks in the form of stolen identities. The level of trust in the
institutions that should be safeguarding our privacy has failed.
Biometrics is a fallible technology and security breaches are a fact of life. It is therefore
imperative that the authorities responsible for ensuring the correct implementation for the
administration of biometric databases. Biometrics is in its infancy so while authorities
are concentrating on how they will collect the data they should also be paying equal
attention to safeguarding this sensitive information and its integrity. Because it is
relatively new there is no way of telling what kinds of things it could be used for when
placed in the hands of the unscrupulous. No one envisioned the level of security theft to
which it has reached today, yet it has complicated many a person‟s life, creating various
kinds of hardships for them.
The Computer Security Institute and FBI conducted a study of organizations that
experienced security breaches. The seventh annual survey polled 503 American
corporations, government agencies, financial and medical institutions and universities. It
reported 90 percent of respondents detected computer security breaches that year .
Despite these alarming statistics, the United States has yet to develop a long range
method of administering these large-scale multimodal databases.
3. Research Effort
Being in its infancy, research on the administration of biometric technology may be quite
limited. However, there are questions being raised in many articles with regard to
biometric data security so it stands to reason that there must be work being completed.
These databases, besides storing precious information, have the potential to be extremely
large. There are still a lot of unanswered questions with regard to the whole idea of using
biometrics for identification and verification. These databases, even though managed in
the USA, will possibly be linked to databases in other countries. Standardization and
possibly integration of databases create many challenges for developers, this could be
part of the reason why there has not been a great deal written on the correct
administration to be applied to them.
4. Research Approach
With the recent attention on extended biometric technology, the research methodologies
I will engage could be quite varied. It will involve many interviews which will range
from interviews with those who select keepers of the databases, the administrators of the
databases as they are today, developers of the software used in creating the databases and
possibly attending some biometric conferences. There could be other methods I will
employ if I think of any others.
If at all possible I will try to interview experts in the field of biometrics, as well as
experts in the medical research field to find out what kinds of threats are possible if
biometric data get into the hands of the unscrupulous. There could possibly be other
kinds of threats that unimaginable today by the average person, and as technology
emerges, as hackers become more sophisticated, and as the unscrupulous become more
resourceful, who is to say how biometric data can be manipulated to expose people to
even greater risks, i.e., health risks.
 “An Open Letter to the ICAO”: A second report on „Towards an
International Infrastructure for Surveillance of Movement‟, March 30, 2004.
 Paul Rosenzweig, Alane Kochems, and Ari Schwartz, “Biometric Technologies:
Security, Legal, and Policy Implications”, Legal Memorandum #12, June 21, 2001.
 Tommie Singleton, “Biometric Security Systems: The Best Infosec Solution?” March
01, 2003, Volume 30, Issue 9
Other Readings not cited
Dario Forte, “Biometrics: Untruths and the Truth”
Edwin P. Rood and Anil K. Jain, “Biometric Research Agenda: Report of the NSF shop
Workshop”, April 29 – May 2, 2003
Larry Greenemeier, “Programs Aim for Safer Travel, Shorter Lines”, August 16, 2004,