Ontario’s Privacy-Protective Facial Recognition System

Efficient and accurate authentication of individuals is a growing challenge across a number of sectors. There are currently three main forms of authentication, based on something you know, something you have and something you are. The third form is especially interesting in light of biometric technologies as a means of verification. This article explores some recent applications of biometrics in Ontario.

OLG and OIPC Announcement
On November 12, 2010, Tom Marinelli, the Acting CEO of the Ontario Lottery & Gaming Corporation (OLG) and Dr. Ann Cavoukian, the Ontario Information & Privacy Commissioner (OIPC), announced a new development in privacy-protective facial recognition technology. This biometric system is scheduled to be implemented in 2011 in various OLG gaming sites throughout the province. The objective is to better protect the data of OLG customers, as well as support voluntary self-exclusion programs.

Self-Exclusion Program
One of the initiatives of the OLG is the voluntary self-exclusion program. This gives individuals the option to initiate a self-imposed ban from one or more gaming sites. Every casino in Canada offers a self-exclusion program, which varies in terms of scope, length and penalty for breaches. Ontario’s self-exclusion program enables individuals to opt out of OLG marketing and promotions databases. Individuals in the program will also be escorted from OLG gaming sites and issued a trespass notice. Enrollment in the program may last a minimum of six months and may extend indefinitely. As one of the OLG’s objectives is to detect program members who are attempting to enter a gaming site, it is necessary to improve detection.

Currently, the procedures for detecting self-excluded individuals consist of collecting a photograph and personal information, which was stored in secure binders accessible only to security personnel. However, such a manual identification process is largely inefficient and ineffective, especially since most people aren’t good at recognizing faces of those they don’t know.

In order to address these issues, a new system was developed through collaboration between iView Systems, an Ontario video surveillance and biometric firm and University of Toronto researchers Professor Kostas Plataniotis and Dr. Karl Martin. This new system combines a watch list module with a BE module. The watch list relies on traditional facial recognition technology for each casino patron. The BE module releases keys for each subject on the top matches list. Should a key be released, a match alert is sounded.

Privacy Issues & Biometric Encryption
Privacy professionals have been concerned that surveillance and biometric systems may compromise individuals’ privacy. Some of the main privacy issues regarding biometrics are outlined below:

1. Data Linkage – There is the possibility that biometric databases can be linked algorithmically for data mining, profiling and investigation.

2. Function Creep – This refers to expanding the scope of a system. For instance, the biometric data may be used for purposes other than the originally described purposes.

3. Data Misuse – Biometric data cannot be replaced or reset, thus they present a high risk for threat or abuse.

4. Security Vulnerabilities – Such vulnerabilities include: interception, replay, substitution, masquerade, spoofing, Trojan horse attacks and tampering.

In order to address the above privacy issues, the Privacy by Design approach (discussed in further detail below) has developed a process known as biometric encryption (BE). BE securely binds a key to/extracts a key from a biometric, such that neither the key nor the biometric can be retrieved from the data, except through verification with the correct live biometric sample.

According to the OIPC, the process of BE offers the following advantages over other types of biometric systems. These advantages are outlined below:
1. Images, biometric templates and keys are not retained. The user’s biometrics are never stored, thus they cannot be compromised. The original biometric is untraceable.

2. Multiple, cancellable, revocable identifiers. There is no way to associate a biometric with accounts.

3. Improved authentication security. BE securely binds account identifiers to an individual’s biometric. There is no need for the user to remember these identifiers.

4. Greater public confidence, acceptance and use. BE enables biometric data to remain under the control of the individual, which limits the possibility of identity theft and surveillance.

5. Greater compliance with privacy legislation.

6. Suitable for large-scale applications. Other biometric systems store data on centralized databases, which are highly vulnerable to identity theft. There is less risk with BE.

Privacy by Design Approach
The Privacy by Design (PbD) Approach was developed by Dr. Ann Cavoukian during the 1990s. It is based on the notion that technology can be used to protect, rather than encroach upon, privacy. PbD links the international standard fair information practices with the 7 Foundational Principles. These unique principles are as follows:

1. Proactive – PbD strives to be proactive, anticipating and preventing privacy invasions, rather than reactive.

2. By Default – Personal data is automatically protected in any IT system or business practice. Privacy protection is incorporated into the design of the system.

3. Embedded – Privacy protections should be embedded into the design and architecture of systems and practices; they are core components of the functionality of the systems.

4. Positive-Sum – All legitimate interests and objectives are included in a positive-sum/win-win approach. It is possible to balance the needs of privacy and security.

5. Lifecycle Protection – Privacy protection practices extend through the entire lifecycle of the data.

6. Visibility/Transparency – All stakeholders are made aware of the operations of the practices or the technologies used.

7. Respect for Users – Architects and operators are required to offer user-friendly options, such as strong privacy defaults and appropriate notice.

The applicability of these principles has allowed the PbD concept to be used in the following areas:
I. Information Technology
II. Accountable Business Practices
III. Physical Design
The PbD approach has been recently approved by the Council of International Data Protection and Privacy Commissioners as an “essential component of fundamental privacy protection.”

This article explores the Privacy by Design (PbD) approach, which was initially pioneered by the Ontario Information and Privacy Commissioner as a means of extending privacy concerns beyond legislation and regulation. The PbD approach fundamentally integrates privacy assurance into the design and operations of an organization’s systems and practices. The article looks at how PbD has been used to develop a new facial-recognition technology, which will be implemented in casinos throughout Ontario in 2011.

CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/Canada (CIPP/C) exam; the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:
• Canada – Provincial Privacy Commissioners (CIPP/C; II.B.e.i.1.b.)
• Policy Development & Implementation (CIPP/C; III.B.b.)
• Biometric Identification (CIPP/IT; VI.G.iii.)


Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>