SIA Releases Offers Recommendation For Use Of Biometrics In E-Verify Program
The Security Industry Association recently released recommendations for use of biometrics with the federal government’s E-Verify employment verification program.
Security Industry Association members believe implementation of a biometric component to the E-Verify program should reflect the following principles to protect individual privacy and prevent identity theft:
1. Use biometrics to bind an individual to a credential associated with an identity based on presented biometric data and identity documents, which will be associated with a vetted Social Security Number. This will authenticate E-Verify transactions and create trusted audit trails respecting access to privacy data.
- Provides high assurance that the individual subsequently authenticating is the same person who enrolled.
- Provides non-repudiation of E-Verify transaction records, including who accessed specific data by date and time.
2. Use biometric authentication of the applicant, post-enrollment, with each subsequent verification of application for employment.
- Ensures job applicant is associated with only one Social Security number.
- Confirms individual presenting a Social Security number for employment or identification is the same person who originally enrolled with the Social Security number.
- Alerts if the live biometrics submitted don’t match the templates stored on the smart card carrier. This can trigger additional adjudication procedures to investigate why two different individuals are associated with a single Social Security number or other I9 identity documents.
- Deters identity theft for citizens while providing legal aliens with a means to validate their work status.
3. Avoid unnecessary distribution of biometric data by encoding biometric data to a smart card for possession by the person associated with the data. A terminal that performs a 1-to-1 match of a person’s live sample to the smart card data will be used for real-time authentication.
- Allows the applicant to authorize how the biometric data is used.
- Prevents unauthorized access to an applicant’s biometric data.
- Provides a mechanism for the person to possess their biometric data and limit alternative instances to the enrollment database.
- Protects citizen against identity theft.
4. Allow solutions including a 1-to-1 match with the smart card as a ‘personal vault,’ where an encrypted fingerprint or template is securely stored.
- Locks sensitive data stored on the card (example: Social Security number) against access so it is not retrievable except after successful match to the card-holder.
- Removes the need for biometric data ever to be extracted from the card, thereby allowing the smart card to lock it away from any fraudulent retrieval or copy. This will also ensure that the biometric data cannot be used for forensic investigation purposes.
5. E-Verify-sanctioned functions must include controlled distribution of biometric terminals to enable reporting of lost or stolen cards at easily accessible locations (such as the local U.S. Post Office).
- Provides a value-add function to the card making it more useful and attractive to card holders.
- Delivers assurances that the E-Verify data is not used for criminal investigation purposes.
6. Biometric data collected at initial enrollment must be stored in an encrypted database. Strong consideration should be given to establishing separate databases that secure the biometric from other personally identifiable information.
7. Utilize the experience and application expertise of industry and, in particular, the Security Industry Association to guide the implementation of biometrics in E-Verify applications.