From Dustin Kirkland, an interesting way to think about fingerprints:

I could see some value, perhaps, in a tablet that I share with my wife, where each of us have our own accounts, with independent configurations, apps, and settings.  We could each conveniently identify ourselves by our fingerprint.  But biometrics cannot, and absolutely must not, be used to authenticate an identity.  For authentication, you need a password or passphrase.  Something that can be independently chosen, changed, and rotated.  I will continue to advocate this within the Ubuntu development community, as I have since 2009.

From the Canyon Edge: Fingerprints are Usernames, not Passwords.

I am currently at the BTAS conference in Washington DC getting up to speed on the latest research on biometrics. Here are a few trends I have observed so far:

• an obvious lack of research on what I would call traditional biometric problems, including fingerprint matching, iris matching, and face recognition for high quality, passport style photos. These appear to be mostly solved problems.
• recognition of spoofing as a challenging problem, as is evident in the quick attacks against the iPhone 5S fingerprint sensor,
• a continuing trend to focus on challenging acquisition environments, included face photos taken at an angle (faces in the wild) and matching from video.
• more interest in different kinds of sensors, including cell phone cameras, touch pads, and the Kinect.

Here is some more information about the conference:

BTAS 2013 … is the premier research conference focused on all aspects of biometrics. It is intended to have a broad scope, including advances in fundamental signal processing, image processing, pattern recognition and statistical and mathematical techniques relevant to biometrics, new algorithms and/or technologies for biometrics, analysis of specific applications, and analysis of the social impact of biometrics technology.

BTAS 2013 | Biometrics: Theory, Applications and Systems.

Here is an interesting EFF article about the recent report from the Human Rights Council on anonymity, encryption, and free speech.

Today, governments all around the world are seeking to ban, block, or redesign personal communications technologies based on a misguided notion that these technologies are too secure.

Anonymity, Encryption, and Free Expression: What Nations Need to Do | Electronic Frontier Foundation.

A new book chapter by Jean Camp and myself is now available. It appears in a new collection edited by George Yee titled Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards. Here is the abstract, citation information, and link to the book.

In August 2007 approximately 445,000 letters were sent to retirees who belonged to the California Public Employees’ Retirement System (CalPERS). This was a routine mailing, but all or a portion of each pensioner’s Social Security Number (SSN) was printed on the address panel of the envelopes, making this event all but ordinary. This massive breach of sensitive SSNs, along with names and addresses, exposed these people to potential identity theft and fraud. What are the harms associated with a data breach of this nature? How can those harms be mitigated? What are, or should be, the costs and consequences to the organization releasing the data? While it is very difficult to predict the specific consequences of a data breach of this nature, a statistical model can be used to estimate the likely financial repercussions for individuals and organizations, and the recent settlement in the TJX case provides a good model of harm mitigation that could be applied in this case and similar cases.

Patrick, A. S., & Camp, L. J. (2012). Harm mitigation from the release of personal identity information. In Yee, G. O. (Ed.), Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards. (pp. 309-330).