At 03:37 PM 11/4/2002 -0500, Phillip H. Griffin wrote:
Privacy objects are already available in X9.84 and XCBF and rely on
the familiar EnvelopedData and EncryptedData, and a named variant of
EncryptedData. But biometric information is public, not private. It's in your
hair left on the brush in the hotel, in your prints left on the glass at dinner, and
by anyone who wishes to scan or photograph for the purpose of trying to mimic
another.
I think there is a world of difference. It is one thing for an individual to risk exposing themselves by physically following me around to gather hair from my comb, fingerprints from my dinner glass, etc. It is another thing for someone half a world away to issue a query and obtain countless such samples.
The threat of the former capability does not justify enabling the latter capability.
(And if biometric data is essentially "public", what value has it in certification?)
Cheers! ____tony____
Tony Bartoletti 925-422-3881 <azb@xxxxxxxx>
Information Operations and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900