Government Applications
Airports | Government | Human Resources | Law Enforcement | Consumer | Financial | Computer | HIPAA
City of Toronto Considers Biometric Fraud Safeguard MeasuresCity of Toronto considers biometric fraud safeguard measures

As is the case in numerous jurisdictions around the world, various levels of government in Ontario are looking to implement measures designed to effectively fight fraud in their benefit-entitlement programs. One form of fraud of particular concern is "double-dipping," where an individual unlawfully obtains benefits under multiple identities. This form of fraud is not unique to Ontario, but quite prevalent in certain types of government benefit programs. As one source noted:

Fraud is a significant issue in public-sector programs. A persistent problem of state welfare entitlement programs is fraud perpetrated by double dippers -- individuals who illegally register more than once for benefits by using an alias or other false information. Many experts believe that fraud in programs like welfare can be as high as 10%, which translates to over $40 billion a year in potential savings if the fraud was prevented.

When it became clear that the City of Toronto was considering the introduction of a biometric measure in its efforts to control welfare fraud, the IPC (as the provincial oversight agency responsible for the protection of privacy in Ontario) worked with the City, as well as the Ministry of Community and Social Services, the provincial organization in charge of welfare across the province, to develop a legislative framework that would define the necessary privacy safeguards.

As a starting point, the IPC developed a list of procedural and technical safeguards that it believed should be present when biometric technology is used. Further, the IPC recommended that these safeguards be enshrined in legislation, in order to give them the force of law.

The IPC insisted that whatever biometric was used had to be encrypted; this in itself was an unprecedented requirement, not previously in existence in other statutes relating to the use of biometrics. The IPC's proposal to the government was that the following procedural and technical privacy safeguards should be in place prior to the implementation of any biometric technology:

  • the biometric (in the case of the City of Toronto, it was a finger scan) should be encrypted;
  • the use of the encrypted finger scan should be restricted to authentication of eligibility, thereby ensuring that it is not used as an instrument of social control or surveillance;
  • the identifiable fingerprint cannot be reconstructed from an encrypted finger scan stored in the database; ensuring that a latent fingerprint (i.e., one picked up from a crime scene) cannot be matched to an encrypted finger scan stored in a database;
  • the encrypted finger scan itself cannot be used to serve as a unique identifier;
  • the encrypted finger scan alone cannot be used to identify an individual (i.e., in the same manner as a fingerprint can be used);
  • establish strict controls on who may access the biometric data and for what purposes;
  • require the production of a warrant or court order prior to granting access to external agencies such as the police or government organizations;
  • any benefits data (i.e., personal information such as history of payments made) are stored separately from personal identifiers such as name or date of birth.

The Ontario government passed the Social Assistance Reform Act which, while not identical to the IPC's recommended safeguards, came fairly close. The IPC believes the legislation is unprecedented with respect to the breadth of the privacy safeguards regarding the use of an encrypted biometric. The following protections are enshrined in the legislation:

  • any biometric information collected under this Act must be encrypted;
  • the encrypted biometric cannot be used as a unique identifier, capable of facilitating linkages to other biometric information or other databases;
  • the original biometric must be destroyed after the encryption process;
  • the encrypted biometric information only can be stored or transmitted in encrypted form, then destroyed in a prescribed manner; and
  • no program information is to be retained with the encrypted biometric information.

Further, the statute includes the following provision:

Neither the director nor an administrator shall implement a system that can reconstruct or retain the original biometric sample from encrypted biometric information, or that can compare it to a copy or reproduction of biometric information not obtained directly from the individual.

Therefore, the biometric technology selected must not be capable of either reconstructing or recreating an original biometric pattern from the encrypted biometric nor having it matched to a copy or reproduction of a biometric not obtained directly from the individual (i.e., a latent fingerprint taken from a crime scene). As a result, the database containing the encrypted biometrics of welfare recipients would be of little interest to the police. However, should they or any other third party want to access the biometric information, they only could do so through the production of a court order or a warrant. Otherwise, they would not be permitted access to the data.

Also, the collection of the biometric information must be conducted in an open manner. As stated in the statute: "Biometric information to be collected from the individual to whom it relates shall be collected openly and directly from the individual."

The City of Toronto biometric initiative has not been implemented as of the date of this paper. However, the IPC believes the legislative framework introduced will provide effective privacy protection for government benefits-entitlement application of biometrics in Ontario. The IPC also believes that the Social Assistance Reform Act could provide a useful model for other jurisdictions beginning to consider the use of biometric technology to fight fraud in government programs and services.

back

RSS News Feed
RSS Biometrics Industry Events

Showcases
Fingerprint
Iris Recognition
Hand & Finger
Facial Recognition
Voice/Speaker
Consultants
Smart Cards/Multimodal
Signature/Keystroke
2D Barcodes
Sensors
Middleware/Software
Vascular Pattern Recognition

Applications



Site Search



Sponsor Links

BIO-key
 BIO-key develops and licenses advanced biometric finger identification technologies that are cost effective, scalable and easy to deploy.

Identica Corp.
Is the exclusive provider of the Techsphere Hand Vascular Pattern Recognition biometric solution in the USA, Canada, Mexico and the Caribbean Islands.

ZK Software
 ZKSoftware Inc. is a leading OEM/ODM manufacturer offering Fingerprint Time & Attendance and Access Control, Fingerprint Door Locks and IT products.

Ceelox
Ceelox is a developer and marketer of biometric authentication and biometric file security software products.

Datastrip
Datastrip is the leading provider of biometric verification devices in today's mobile arena, enabling fast, accurate identity verification.


Guides

What are "Biometrics"?
Biometrics Glossary
How Well Do Biometrics Work?
Identification vs Verification


Articles & Research

US VISIT Fact Sheet
The Anatomy Lesson
Smile: You're On Scan Camera
Privacy - Friend or Foe?
New Opportunities for Biometrics
Let Me In!
Archived Q & A's
Videos & Product Demos



Biometrics Events | Biometrics Links | Biometrics Press Releases
Biometrics Feature Articles | Biometrics Company Q&A's | Biometrics Product Videos/Demos
About Us | Contact Us | Advertising Info | Privacy Policy | Terms of Use