Biometric systems offer convenience and high security, but a data breach can seriously threaten an individual’s identity and privacy. To prevent this, it is necessary for countries, companies, and individuals to strengthen security awareness and take proactive measures.
Currently, we are looking forward to a better life with the development of convenient technologies. In particular, innovations in information technology are rapidly changing our daily lives, and biometric information systems are attracting attention as a technology that meets security and convenience at the same time. Fingerprint recognition on smartphones, iris recognition for access control, etc. have already become a part of our lives and are likely to be used in more diverse fields in the future. However, we shouldn’t overlook the problems behind this convenience. When a person’s unique information – their biometrics – is compromised, the potential for serious privacy breaches and the resulting damage can be unimaginable.
The movie Minority Report (2002) tells the story of a near future where eye scanning is used to identify people. In that society, the iris is the absolute proof of identity. Because people can be identified through eye scanning, they only need to use their eyes to ride the subway or go shopping. While this seems like a convenient technology, it’s also an iconic example of the use of biometrics and the problems that come with it. Technologies that use physical or behavioral features that are unique to each person, such as the iris, to secure information are called biometric technologies. This includes physical characteristics such as fingerprints, veins on the back of the hand, and facial features, as well as behavioral characteristics such as handwriting, voice, and gait.
Biometrics have the advantage that they are present in everyone, are unique to each individual, do not change, and can distinguish many people with a small amount of information. They are expected to replace text passwords and provide a higher level of security than traditional passwords because they cannot be easily imitated. Biometric information also has the advantage of being convenient and secure because it is always on your body. With these advantages, we can expect biometric systems to become widespread in the near future. However, as with any technology, biometric systems are not without their risks, especially if they are compromised, which can be devastating.
Unlike traditional passwords, biometric data is difficult to reset if it is compromised – if a password is simply numbers or letters, you can simply replace it with a new one, even if it is compromised. However, biometric data has a fundamental problem: it is a physical characteristic of us, and once it is compromised, it cannot be reversed. This makes a biometric breach not just a data breach, but an event that threatens a person’s very identity. A biometric breach can lead to financial fraud, identity theft, and, in severe cases, even a person’s life. This is why we need to be more vigilant about biometric data breaches.
For example, fingerprint data used in South Korea’s resident registration system, vein recognition on the back of the hand used in school dormitory access systems, and voice or handwriting recognition are all types of biometric data. While biometric data is considered highly secure and much more secure than traditional password systems, it is also irreversible if it is compromised. If someone were to illegally obtain your DNA information and find out about your genetic issues, it could be a serious invasion of your privacy. Once biometric information is compromised, it’s hard to prevent further harm because it can’t be changed as easily as a password.
It would be irresponsible to dismiss these risks as mere technophobia. In the past, when barcodes were introduced, suspicions were raised that they would be inserted into individuals’ bodies and used to track their location. However, we now use biometric technology conveniently, for example, in e-citizen issuance machines that use fingerprint recognition. Biometric systems are undeniably valuable for their convenience and efficiency, and there have been no significant reports of problems caused by fingerprint data leakage.
However, the real problem with biometric information systems is not the technology itself, but the management of the technology. The impact of a biometric breach can be devastating, and the importance of a security system to manage it is becoming increasingly important. In 2011, the SK Communications’ Nate and Cyworld hacks became a huge issue in terms of scale and damage: 35 million people’s personal information was stolen, leading to a surge in spam messages and voice phishing, and even credit cards being issued without the victims’ knowledge. When personal information is compromised, the damage is not only limited to the original source, but it is very likely to spread to secondary and tertiary sources.
Biometric data, in particular, is highly personal and therefore has the potential to invade privacy. Biometric data is often impossible or very difficult to change after a breach, making it nearly impossible to stop the damage. If DNA information is compromised, it can be used to identify diseases or genetic information, invading privacy. Recent research has also shown that information extracted from biometric data can be used to reconstruct the original biometric data, which compounds the problem, especially if biometric systems are adopted on a national level. Biometric information can also be misused in the event of a conflict or war between nations. The Dutch government’s population registration program in the 1930s was abused by the Nazis during World War II, leading to the massacre of Jews and Gypsies.
However, South Korea is still a “security-insensitive” country with a lack of security awareness. According to the 2010 Information Protection Survey, 63% of Korea’s companies have made no security investments in their systems, leading to a steady stream of hacking incidents, and even large companies are failing to address the problem of personal information leaks. The government is making efforts to put in place security measures, but there is still a lack of systematic measures.
Addressing the security of biometric data requires not only a national response, but also the active participation of individuals and companies. Governments need to strengthen legal and institutional mechanisms to protect biometric data, companies can no longer delay investing in security, and individuals need to be aware of how their biometric data is being used, what the risks are, and be careful about what they provide. Information is power, and biometric information is among the most sensitive of all, so great care must be taken to protect it.
In October 2011, the Korean-led ‘Biometric Information Protection Technology’ was adopted as an international standard, and the use of biometric information systems was expected to increase significantly, not only in financial transactions and e-commerce, but also in access control systems and immigration services through e-passports. Since then, biometric technology has evolved into various forms, including fingerprint, iris, and facial recognition, and has expanded its applications to smartphone authentication, public services, and medical data management. Biometric technology has gained even more attention since the COVID-19 pandemic, especially with the expansion of non-face-to-face services.
While Korea is playing a leading role in the development of biometric technology, building a security system to safely manage biometric information remains a major challenge. The recent misuse of technologies such as deepfakes has raised concerns about the misuse of biometric information, and legal and technical security systems are being strengthened to address this. In order to establish itself as an advanced biometric information utilization country, it is essential to go beyond simple technological advancements and establish a comprehensive security management system that can safely handle and protect data.