We welcome a comment from our partner Sandro Fontana regarding the technical methods of using/storing biometric data for access control of public employees.
Regardless of how much one may or may not agree on stricter access control for public employees, I don't quite understand the access control process based on fingerprints, wished/requested/desired by Minister Bongiorno.
Several times I have read a declaration by the minister - at least it is presented as a declaration - which reads: "The system allows you to transform the fingerprint into alphanumeric characters which, only in part, will be sent to the administration".
Going even beyond the "transformation into characters", it seems that there is a desire to build a sort of database containing information -perhaps derived- from the fingerprints of civil servants, so as to be able to make a comparison for identification purposes when the employee shows up to "push in" on entry/exit.
But someone will have warned the minister that there is THERE IS which already contains these fingerprints and which could(1) therefore allow a strong form of authentication based on this biometrics?
An authentication process which, in the most delicate part(2), would be carried out locally: which would make even the Guarantor for the protection of personal data.
There would therefore be no need to build a new centralized DB for fingerprints, even if "partial": it would simplify the system architecture, increasing its security and implementation costs would also benefit.
Naturally, a second and welcome side effect would be to finally see the CIE exploited and exploitable.
In short, using the CIE as a company card could be a clever thing.
(1) “could” and “would” … conditionals are still very useful - whatever many journalists/announcers think about them-
As many know, at the moment the use of the CIE in digital mode is as elusive as the manipulation of dark matter; but I'm an optimist by nature [paranoid only by trade]
(2) some deity will know why he chose to encrypt the fingerprints with a key he possesses of the Police Forces … whatever security architecture implies this phrase.