December 1, 2023 at 06:10PM
Interpol’s new “Biometric Hub,” collating fingerprint and facial data, aided in capturing a wanted smuggler in Bosnia. While promising improved security, its centralized data poses risks of cyberattacks and privacy breaches, with concerns about the system’s vulnerability to hacking and data leaks highlighted by security experts.
Meeting Takeaways:
1. Interpol’s New Biometric Hub:
– Interpol has begun deploying a new biometric security system called the “Biometric Hub.”
– The system will be implemented across Interpol’s 196 member countries.
2. Functionality and Data Collation:
– The Biometric Hub consolidates existing fingerprint and facial-recognition data for real-time criminal biometric record queries by border control and frontline officers.
3. Privacy and Security Concerns:
– Although backed by privacy guarantees, the extent of the Hub’s reach and data security is questioned.
– John Gallagher from Viakoo has expressed concerns about the system being a high-value target for cyberattacks, potentially leading to hacks and data leaks.
4. First Success Story with Biometric Hub:
– A fugitive smuggler was caught in Sarajevo using the Biometric Hub. The smuggler had been wanted since 2021 for organized crime and human trafficking charges and attempted to hide his identity with false documents.
– This first field use of the Biometric Hub led to the smuggler’s arrest and he is now awaiting extradition.
5. Data Protection Framework:
– Interpol assures that the Biometric Hub will follow a “robust” data protection framework.
– Biometric data that does not result in a match in the search is deleted and is not made visible to other users or added to Interpol’s criminal databases.
6. Implications and Expert Predictions:
– Despite the benefits in streamlining criminal background checks, the Hub’s vulnerability to cyberattacks remains a major concern.
– There is historical precedent for breaches involving sensitive biometric data.
– Gallagher foresees a potential future where, due to security vulnerabilities, biometric data might not be considered a trusted form of identification.
7. Response from Interpol and Idemia:
– Dark Reading has reached out for comments to Interpol and Idemia, the vendor for the Biometric Hub, but has not received any response at the time of the publication.
8. Future Challenges:
– Gallagher raises additional concerns about device malfunctions, such as camera networks being hacked, as well as the general vulnerability of IoT devices to cyber intrusions.
– The long-term trust in biometric security measures is called into question due to potential security management failures at various organizations.
Please note that these takeaways should be considered within the context provided by the original meeting notes and are based on the information available up to the knowledge cutoff date.