Formal Accountability for Biometric Surveillance: A Case Study

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9484)

Abstract

Surveillance, especially using biometric systems, threatens the privacy of individuals. Accountability is an established approach to supporting privacy in general, but it must follow a rigorous process and involve close scrutiny of actual data handling practice to be effective. In this paper, we consider a specific, real-world biometric surveillance system, based on camcorders and bodyprint identification. We show how formalisation can be used to achieve the required level of rigour and exemplify how our formal approach to accountability — in the sense of verifiable compliance with personal data handling policies — supports the privacy of individuals monitored by the system. The formal accountability framework is general enough to be reusable in other settings.

References

  1. 1.
    PrivAcy pReserving Infrastructure for Surveillance (PARIS) Project. http://www.paris-project.org
  2. 2.
    Albiol, A., Albiol, A., Oliver, J., Mossi, J.: Who is who at different cameras: people re-identification using depth cameras. IET Comput. Vis. 6(5), 378–387 (2012)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Article 29 data protection working party: opinion 3/2010 on the principle of accountability (2010). http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf
  4. 4.
    Butin, D., Chicote, M., Le Métayer, D.: Log design for accountability. In: 2013 IEEE Security and Privacy Workshop on Data Usage Management, pp. 1–7. IEEE Computer Society (2013)Google Scholar
  5. 5.
    Butin, D., Chicote, M., Le Métayer, D.: Strong accountability: beyond vague promises. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Reloading Data Protection, pp. 343–369. Springer, Netherlands (2014)CrossRefGoogle Scholar
  6. 6.
    Butin, D., Le Métayer, D.: Log analysis for data protection accountability. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 163–178. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Campisi, P.: Security and Privacy in Biometrics. Springer, London (2013)CrossRefGoogle Scholar
  8. 8.
    Bennett, C.J.: Implementing Privacy Codes of Practice. Canadian Standards Association, Rexdale (1995)Google Scholar
  9. 9.
    Denman, S., Fookes, C., Bialkowski, A., Sridharan, S.: Soft-biometrics: unconstrained authentication in a surveillance environment. In: Digital Image Computing: Techniques and Applications (DICTA 2009), pp. 196–203. IEEE Computer Society (2009)Google Scholar
  10. 10.
    Jain, A., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Trans. Circuits Syst. Video Technol. 14(1), 4–20 (2004)CrossRefGoogle Scholar
  11. 11.
    Kanak, A., Sogukpinar, I.: BioPSTM: a formal model for privacy, security, and trust in template-protecting biometric authentication. Secur. Commun. Netw. 7(1), 123–138 (2014)CrossRefGoogle Scholar
  12. 12.
    Lloyd, J., Jürjens, J.: Security analysis of a biometric authentication system using UMLsec and JML. In: Schürr, A., Selic, B. (eds.) MODELS 2009. LNCS, vol. 5795, pp. 77–91. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1(2), 33–42 (2003)CrossRefGoogle Scholar
  14. 14.
    Salaiwarakul, A.: Verification of Secure Biometric Authentication Protocols. Ph.D. thesis, University of Birmingham (2010). http://etheses.bham.ac.uk/1166/
  15. 15.
    Saornil, M., Rodríguez, F.J., Montenegro, M., Ma, Z.: PARIS project deliverable 6.1: biometrics use case description (2014). http://www.paris-project.org/images/Paris/pdfFiles/PARIS_D6.1_Biometrics_Use_Case_Description_v1.0.pdf
  16. 16.
    Socolinsky, D.: Design and deployment of visible-thermal biometric surveillance systems. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR’07), pp. 1–2 (2007)Google Scholar
  17. 17.
    Spanish data protection agency: instruction 1/2006 on processing personal data for surveillance purposes through camera or video-camera systems (2006). http://ec.europa.eu/justice/policies/privacy/policy_papers/docs/instrucciones_videovigilancia_en.pdf
  18. 18.
    Wheeler, F.W., Weiss, R., Tu, P.H.: Face recognition at a distance system for surveillance applications. In: Fourth IEEE International Conference on Biometrics: Theory Applications and Systems (BTAS 10), pp. 1–8 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Vinh-Thong Ta
    • 1
  • Denis Butin
    • 2
  • Daniel Le Métayer
    • 3
  1. 1.University of Central LancashirePrestonUK
  2. 2.TU DarmstadtDarmstadtGermany
  3. 3.InriaUniversité de LyonLyonFrance

Personalised recommendations