* Posts by Jeff Stapleton

1 publicly visible post • joined 3 Apr 2008

Coming up: the fingerprint-grabbing keylogger

Jeff Stapleton

I told you so...

The biometric keylogger comes as no surprise. As the X9F4 working group chair that develped the American National Standard X9.84 Biometric Information Management and Security, published in 2001 and revised in 2003, and coordinated its ISO 19092 counterpart published in 2008, we have been advocating digital signatures for authentication and encryption for privacy of biometric data for years. These standards have been promoted at numerous security and technology events, but the vendors and most of the buyers just don't seem to understand the importance of securing the biometric data. In the news recently, there's a certain large company who was awarded a $1B contract (yep, that's a "B") by a 3-letter agency to develop a national biometric database. If security isn't built into this system, I shudder to think about the consequences and the impact to national security.