This is an excellent, comprehensive article to demonstrate that the science behind biometric technology is virtually impossible to reverse engineer and recreate an image. Our company has written about this quite often in the past few years as the debate has heated up about biometrics and the purported privacy issues that surround the technology.

There is one thing that is missing from the article, and it's not through any oversight by the author or those resources used for research. That is the fact that Privacy advocates generally fear the logging and tracking of users interacting with a system (especially by governments), and the subsequent dissemination of information collected to external bodies.

Privacy advocates strongly feel that the idea of capture, storage and use of biometric data (specifically by governments either through mandated deployments for social services/social issues or request of data and records from private business) to assemble a comprehensive citizen knowledge base and thus exercise covert control of society in general is violating individual privacy and proves to be a valid point. This was not the intention of biometric technology from the outset and largely overshadows the true tangible benefits that biometric systems can bring such as; efficiency increases, cost savings, productivity boosts, tighter security, environmental benefits and others. In addition to this concern, it is also widely believed that mass quantities of biometric information can be captured at once from hacking into a private industry biometrics system with the fear that compromised biometric information may lead to permanent loss of identity that cannot be changed like a social security or bank account number. It’s also a valid point, and one that’s difficult to refute.

Food for thought to remember that the fears of using biometric technology extend well beyond the science of the technology.

Wow.. I'm sooo surprised to hear, from business writers and sales people, that templates are somehow secure and enhance privacy. Too bad they they don't present a factual security analysis instead of repeating the same old misleading statement that you cannot get an image back or that encryption protects privacy. People argued that using asking for and storing SSN and DOB increased security and privacy too. Unfortunately, it had just the opposite effect. Storing/Sharing non-revocable identifiers reduces security and privacy. Encryption does not help much when the system must decrypt to use it and when the system must therefore have the keys.

Traditional fingerprint templates invade privacy and impact security because they can be used to create effective fakeprints and identify people across databases without their knowledge. Company's and writers that keep propagating that myths and logical fallacies in this article are doing a longterm disservice to the community. Scarfo's statements that there are more damaging things someone could give out on the Internet does not mean biometric data does not deserve protection -- even my freshmen learn to identify logical fallacies in arguments. Lumidigm just lost more credibility with respect to security, it seems someone is selling hard but may not really understand the security implications of what is inside. Its one thing to make cost/security/privacy tradeoffs but another to mislead the public.

Bergen's statement that the data is of little use because it is a bunch of 1s and 0s is totally wrong -- everything in the computer is 1s and 0s so his argument would imply all computer data is of little use. I would hope this is just an errant writer misquoting people, in which case they should publicly correct the statements.

The comment stating its a good article to "demonstrate that the science behind biometric technology is virtually impossible to reverse engineer and recreate an image" is even more laughable. Nothing in the articule begins to try to prove anything, let alone actually prove it. Repeating already disproven myths does not proving anything other than the ignorance of the person saying it. On the positive side, at least the comment does recognize that compromised Databases are a valid concern (and will eventually be a big problem and potentially an industry killer.) The average citizen no longer trusts that companies can protect anything they store. They've learned that "encryption" does not magically solve the problem. If you cannot revoke it (like one can a passord) and if it has any value in identification or linking individuals then storing it is privacy and security risk.

To balance all the negativism above, I would agree with most of the statements about the advantages (size/speed) are correct. Users can choose to trade speed, size, accuracy, privacy and cost, but they should be making an informed choice and not be mislead by sales people and writers. I'm posting this because we as a community have to self-policing to stop the misleading statement that, if left unchecked, only reflect badly on the industry.

For those that want to look at some science that shows how to reconstruct acceptable fingerprint images from templates look at

FM model based fingerprint reconstruction from minutiae template Feng, J. and Jain, A., Int.l Conf on Biometrics, pp544--553, 2009, Springer view PDF at www.cse.msu.edu

Fingerprint image reconstruction from standard templates. Cappelli R, Lumini A, Maltoni D. IEEE Trans Pattern Anal Mach Intell. 2007 Sep;29(9):1489-503. view article at ieee.org

Full disclosure: I have a financial interest Securics Inc and in technology that produces revocable tokens that do provide tokens that have privacy enhancements. Securics was founded to address the problem of privacy/security of non-revocable biometrics. The technology is published (and patented) and tested. It can be rapidly deployed for fingerprint verification using a variety of sensors.

Terrance E. Boult El Pomar Prof. of Innovation and Security, U. Colorado at Colorado Springs Also CEO/CTO Securics Inc

Overall, this is a nice article on the science of biometric technology; the more education the better. However I find it unusual that the author would not reference or seek comments from the actual company MorphoTrak, whose system was chosen for the project. 24hr. Fitness chose our technology over several others for various reasons and one can be absolutely certain that from the outset the privacy and security of their member's information was paramount. As the lead manager for the project I worked with them to provide literature explaining how the system works and as a result to date they have over 2.5M members enrolled in an opt-in program. The big win for this project overall is the wide acceptance of using a fingerprint biometric on a volunteer basis for an application where the emphasis is more on covenience than security.

Dave,

We had no idea that Morphorak was the supplier, the news reports didn't mention a vendor for the project and I don't remember getting a release from you PR folks.

Bio-M templates is just the combination of bytes i.e 0s and 1s and its very difficult to restructured it. and all you work on is your DBs if you apply higher Security then your template is saved.