Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Biometric Architecture'

The Scope for Privacy-Sensitive Biometric Architecture

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 23 February 2003

© Xamax Consultancy Pty Ltd, 2002-03

This document is at


This document is one of a series of papers relating to biometrics. It is an amplification of slides 33-35 in the PowerPoint slide-set presented at the University of Hong Kong on 13 May 2002.

Biometric technologies, devices and applications have to date been extremely poorly conceived, have performed excruciatingly badly, and (whether or not they work) are extraordinarily privacy-invasive.

The purpose of this brief note is to provide an outline of my argument that it is entirely feasible to devise an architecture for biometric applications that is sensitive to privacy needs.

If and when engineers stop excusing themselves, and discover that they have a professional responsibility to consider the social implications of their work, the biometrics industry could apply such architectures, and thereby stop producing dangerous lemons and bankruptcies.

Conventional Architectures

The following diagram depicts the typical architecture that has been used for biometrics products to date.

A sensor measures a physical feature of a person. The measure is compared against a database of reference measures. The results are then transmitted to an application of some kind, commonly including the identifier(s) acquired from the person and/or from the database.

This is seriously privacy-invasive in a whole host of ways, which are discussed elsewhere in my papers.

Note that the depiction in this section is presented in a sufficiently abstract manner that it encompasses a wide range of potential applications, both:

Alternative Architectures

This section describes an architecture for one particular kind of biometric application. It is contended that architectures can be developed for other kinds of application, which are similarly protective of the privacy of that vast majority of people who are not found to be in breach of the organisation's rules.

The category addressed here is authentication against a block-list. An example of such an application would be at a border-checkpoint, where the intention is to screen travellers against a database that contains biometric reference-measures for persons who are not to be permitted to cross the border. This could include such categories as convicted drug-runners, people who have previously over-stayed or otherwise breached their visas, and terrorists.

The architecture is as follows:

A process to apply that architecture could proceed as follows:

In a number of presentations, I have made the assertion that border-guards generally do not need to know who the person is who they permit to go past them. They need only know that the test-measure matches the reference-measure on the person's token, and that the identity on that token is permitted to enter the country.

This assertion is true, but of course involves the normal sleight-of-hand needed to wake an audience up. The simple trick is that the story is incomplete. In order to support the management of aliens present in the country, the SPM needs to also send details of the border-crossing transaction to the Immigration system. But this is a quite separate function from the display on the border-guard's console: the assertion I make is true - the border-guard does not need to know the person's identity.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 13 May 2002 - Last Amended: 23 February 2003 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy