A friend of mine was telling me recently how safe manufactures grade their safes, they don't simply say this is unbreakable/uncrackable ( only a fool would say that ). What they do say is that they say you need X amounts of TNT or N hours to crack this safe, clearly limiting their liability you may think, but actually its useful and practical information to anyone who has a safe. Firstly they know that there are no guarantees, but they also know what level of additional security they may need to layer on to get closer to full peace of mind. In the case of the fact that it takes 2 hours to crack the safe the owner could employee a security guard to patrol the safe location every 1 hour, hopefully not creating a window of opportunity for the cracker to do the deed. When you want to secure digital data similar considerations need to be taken into account.
Ive recently been involved with debating the security of biometric systems used in schools with a biometric firms Principal Sales Engineer based in the US. The issue we have as a group is that whilst Im sure all measures today are being take to secure the data in terms of encryption technology, the plain fact remains that history has shown us that what ever cryptography we used today is likely to be compromised in a reasonable time frame say 5-10 years. Therefore when we encrypt any sort of date we need to be aware of this since if the data has uses outside this time window then clearly we cannot rely just on this means of security.
At this goes to the very heart of the debate in biometrics in schools, the Engineer in question dismissed are complaints about encryption technology not being adequate for 10 years plus by first acknowledging this fact ( which is a great step forward ),
"I personally believe their will be another breakthrough in the next 10
to 15 years. Whether is it quantum computing or the DNA processor they
have been working on for the last 10 years. They can now beat a person
in tic tac toe. 5 years ago they could count to 10 with 80 percent
accuracy. They are much faster because they don't have to calculate
they just know the answer. But it is going to be a while and belive it
or not there are higher levels of encryption out there. There are 512
and even 1028 based encryption. Like the computer industry, there is
always someone out there building a stronger based encryption."
Further that statement shows that the industry as a whole knows we need stronger encryption because we know its only a matter of time for it to be broken, but he then goes on to say that
"As I said above the great thing about using encryption on keys and or
files is the fact that if there is a problem with a key or the actual
encryption you can encrypt the info with a better encryption or even
encrypt the encryption such as is done with 3 DES. It is DES encrypting
DES encrypting DES. The US government went from a standard of 3 DES to
AES 256. Not because 3 DES had been broken…. It has not. But because
they saw there were some weekensses that could be exploited and maybe in
the next 10 years or so it may be broken. Now do you think that all the
info that they have stored in 3 DES is still in 3 DES… I think not.
They reencrypted it in the new standard."
Whilst this is all well and good there is a piece to this solution that makes the US government solution ok but not for the average school. In that it relies on the fact that the person who is responsible for the re-encryption has guaranteed sole access to the data, in other words no one has taken an illicit copy, or more likely has some backup media, or an old hard disk. Whilst I can imagine that the US government has plenty of physical security measures in place to make sure they own the only copy of the data, I can't imagine that the average school will have similar system in place, and let's be realistic they can't with theft being the obvious one.
In fact I encountered a similar experience when working for Cisco, we were trying to pitch wireless networking to a large bank. Whilst they accepted the notion that the encryption technology we had chosen prevented illegal access to the network, we could not demonstrate to them that any data sniffed off the network could not be decrypted in a time frame that still made the data useful to an outsider. These guys were smart and did truly understand the nature of securing the business data.
So to summarise a responsible biometric manufacture would secure biometric data as best they can today, but once the software has been deployed if that data is to be truly secure it needs have sufficient physical security measures in place provided by the owner to ensure that in the future the encryption based solution still has adequate merits, the moment you do not have complete ownership of the data all bets are off...and by their own admission the biometric provider in this case said their guarantees is for appx. 10 years, in the case of biometric data for kids that data is sensitive for 60-70 years.