From: Clinton Collins [mailto:[log in to unmask]]
>Doesn't have to be that way. What they might get is a one way encrypted hash
>of some data points of your biometric information but that doesn't mean they
>have your biometric information.
Well, call me a skeptic. But if nation states can't be bothered incorporate sensible biometric security design with critical documents like passports, can we really expect some phone app developer to have clue?
And even with selected data points derived from a biometric, the computing power today and the right algorithms could very well lead to intense computational analysis those data points, potentially deriving or extrapolation part of the original biometric data, or perhaps 'just enough' of it to leverage against another biometric authentication scheme -- think banking or voting, or even one that may not even exist today.
I'm no poo-pooing all of these ideas, I'm just trying to highlight the weak links, risks and above all maintain perspective of the threat landscape.