Bio-metrics is the group of techniques which use some form of body measurement as a 'key' to some secure system or other. They appear to offer the answer to those seeking to ensure security of digital signatures. Let me be clear; they are not. The technical explanation is that they cannot be revoked. What does this mean?

In the world of digital signatures, the technical aspects for ensuring a cryptogram cannot be attacked by brute force arithmentic attack, are fairly well established. Arrangements for the management of keys are not. They are, surprisingly, singularly unconvincing. The chances are growing that the management of keys will prove too difficult, and will defeat attempts to introduce workable systems.

A 'bio-metric' is the idea that, for example, in order to gain access to your business account, you place your eye near to the camera on the cash point wall, and your retina is examined, and checked against records held by the bank. If they match you get access to the account. Instead of your eye, it might be your thumb-print, or even the smells in your arm-pit! You can, for the sake of argument, be thus uniquely identified.

This seems to be perfect, but a moment's thought suggests this has huge risks.

Once the bio-metric is captured, it is communicated to and held in digital form somewhere on a computer. Ask then two questions.

1. How could that record ever be compromised?

   There are potentially several ways. Say that you bank begins by taking a digital ID from your retina.

   1. A spoof machine is set up. You think it is checking your eye, but appears not to be working. In fact it belongs to a criminal gang who can then use it as they wish.
   2. Someone may be able either to replicate your bio-metric, or more likely 'insert' the bio-metric reading, for example, between the device which captures the image, and the device which tests it against the database.
   3. A company holding such records is compromised in some way. It may suffer a burglary, whether digital or physical, or it may go bankrupt, and the receiver sells off the ID database.
2. The point is that this is your lifetime key.

   What happens if that record is ever compromised? Good practice with all forms of encryption keys is that they are given a specific life. They should be revoked and replaced every so often - as often as is necessary. Your bio-metric cannot be revoked. My retina is my retina for life.

   How many bio-metrics can you have. You have two retinas, and ten fingers.

   Can a bio-metric be shared? Say that you are now told that you can only be allowed into your place of work by use of a bio-metric. Your retina is to be examined. That's ok, you think. If it doesn't work out, I have lost nothing. I do not trust the company, but I am only at risk for that job. When I move, on that's it.' You are right until, a year later, and you are now in a new job, you discover later that the same system has been sold to the Land Registry. To move house, you have to sign using your eye. Of course that system is secure - except that who knows who from your former employers has your retinal ID. Whoever this may be can, with not a lot of technical wizardry, prove himself conclusively and incontravertibly to be you.

   We have a government which is like a dog chasing its own tail. It is confused, and going around in ever decereasing circles. Every so often a problem comes up, and some bright spark suggests, as an answer, some form of smart card, uniquely linking the owner to card. The latest (today 29 Oct 2001) is a card for asylum seekers. The ideas are regularly vaunted, then people get down to thinking about it, eventually they admit that the idea is just plain daft, and will not work.