Biometric Security: Multiple Opportunities for Exploitation and Breach

Technology and automation is viewed by many as the ultimate, if not logical, replacement of human bias, errors, risks and inconsistencies when it comes to safety and security risk management.

In other words, machines and computers are expected to do a better job than people providing security. Especially in routine tasks such as access control, identification verification, etc.

However, most laypeople, technology suppliers and even security practitioners have a tendency to gloss over the multiple links in the chain required for even rudimentary automated security procedures.

In short, supplanting humans with systems introduces new and varied risks not immediately apparent... including new and more complex security threats.

Each layer of interaction, including access and network recall presents different opportunities for one or more bad actors to breach or disrupt the system. Often invisible or outside the oversight of frontline security personnel and management.

Biometrics is occasionally confused with biosecurity. That is, all things bio must have a correlation due to the shared premise, therefore security remains a consideration for all facets. While that may be true in some instances, it is not a default consideration.

In other words, biometrics may be related to biosecurity but in far more complex ways than just work association.

In particular when it comes to monitoring or early warning of threats.

This leads to an increasingly common fallacy that body temperature as an additional or conjoined means of security or access control provides assurance and protection from biosecurity threats and hazards.

Unlikely, if at all. Especially where ambient temperature variables exist such as outdoors, seasonal highs/lows. Not to mention the highly variable human skin surface temperature inconsistencies.

In sum, supplanting humans with technology for routine tasks, including security, may yield rewards, but they are neither universal nor guaranteed.

Moreover, technology and change of any kind introduces variance and potential errors, especially in the pursuit of security, control and protection.

Finally, adding toys and widgets to the security environment may contribute to more security and safety theatre. That is, it looks good, entertains, seems to be valid but in fact it remains make believe...at a high cost, including insecurity.

Tony Ridley, MSc CSyP MSyI M.ISRM

Security, Risk & Management Sciences