BOX 5.5
Items to Keep in Mind When Using Biometrics

1. Never design or use a biometric system that allows either remote enrollment or re-enrollment. Such systems have no good way of connecting a user with the enrolled biometric record other than additional authentication, so the advantage of using biometrics is lost.

2. Biometric measures can reveal your identity if they are linked at enrollment or at subsequent usage to your name, Social Security number, or other identifying information.

3. Remember that biometric measures cannot be reissued if stolen or sold. Consequently, your biometric measures will be only as secure as the most insecure site that has them. Do not enroll in a system that does not seek to preserve anonymity unless you have complete trust in the system administration.

4. All biometric access-control systems must have exception-handling mechanisms for those individuals who either cannot enroll or cannot reliably use the system for whatever reason. If you are uncomfortable with enrolling in a biometric system for positive identification, insist on routinely using the exception-handling mechanism instead.

5. The most secure and most privacy-sensitive biometric systems are those in which each user controls his or her own template. However, simply controlling your own biometric template, say by holding it on a token, does not guarantee either privacy or security.

6. Because biometric measures are not perfectly repeatable, are not completely distinctive, and require specialized data collection hardware, biometric systems are not useful for tracking people. Anyone who wants to physically track you will use your credit card purchases, phone records, or cell phone emanations instead. Anyone wanting to track your Internet transactions will do so with cookies, Web logs, or other technologies.