The headlines are full of recent data breaches and hacked accounts, such as Target in 2013 (40 million records) and Home Depot in 2014 (52 million records). Citibank launched a series of television commercials to make the public aware of identity theft that you can still view on YouTube. And the entertainment industry – that mirror of current trends and mainstream pop culture – legitimized the pervasiveness of this threat by offering the 2013 film “Identity Theft” starring Jason Bateman and Melissa McCarthy. We laughed at the antics as McCarthy took Bateman’s financial assets through the ringer, but it was laughter tinged with anxiousness as we recognized the very real possibility that it could happen to us.
So what to do? If passwords are notoriously easy to hack and cards can be falsified with minimal effort, what are we left with to protect ourselves? The answer may be as simple as “ourselves.” Enter the technology of biometrics.
The use of physical and/or behavioral characteristics to verify an individual’s identity as a security measure has taken on a new urgency considering the lack of protection of passwords and encryption keys. Fingerprint analysis, eye retina scans, and voice pattern recognition have all been explored in the real world and in science fiction (remember Minority Report and Tom Cruise’s eye replacement incident?).
But biometrics is set to come of age as smart devices become more advanced and nuanced via specific apps and connected plug-ins. Take for example Nymi, a wristband that contains a voltmeter to read a heartbeat. According to Karl Martin, one of its creators from the University of Toronto, one of Nymi’s most secure features is that, while a heart can be broken, a heartbeat cannot (paraphrased). Another example is the work being done at the University of California, Berkley, on a cheap head set that will be able to read your brain waves to verify your thoughts and so, the password that you are thinking of. Another concept being considered for development is the “password pill” that contains a microchip and battery and is activated by your stomach acid to emit a radio signal.
One thing is for sure – biometrics is a growing market; it is estimated to generate billions of dollars partly because of government support as an anti-terrorist and surveillance strategy, especially after the attacks of 9-11. But biometrics as an identity and security control has some security risks and privacy concerns of its own.
Let’s take a look at facial recognition. Currently Facebook has the largest facial recognition database in the world that it started to compile in 2010. In 2014 it updated the technology to a more accurate identification system called DeepFace. Facebook offers facial recognition as a service to its users to help them identify and tag friends and themselves in photos and other content that is posted on its platform.
Now let’s take it a step further. What happens if you combine the facial recognition and wearable technology such as Google Glass? The NameTag app for Google Glass is supposed to allow the user to look at anyone (including strangers) and the app will return a match with the stranger’s name, occupation, and Facebook profile if they have one. Can something like this facilitate stalking or harassment? Privacy advocates have taken notice. What if you don’t want to be recognized and/or tagged in a photo or by an app, especially by someone you don’t know? Do you have the right to be anonymous? Will national surveillance become citizen surveillance? As for its own part, Google has stated that it would not approve any facial recognition apps for Google Glass even though there are no current US laws that govern the use of face recognition technology. FacialNetwork.com, the developer of NameTag is offering the app in beta format and hopes that Google will change its mind since it believes the app can also be used to help identify criminals and sexual offenders and therefore can be seen as a safety tool.
Another concern that gets raised is the fact that these biometrics are stored in a database so all the information system security concerns are still there and as has been noted – if a regular database of passwords gets hacked you can change the password, but if a biometrics database gets hacked you can’t change your face.
Of course, face recognition, fingerprinting, and genetic (DNA) testing, are just a few of the techniques that are being used in biometric systems. Additional proposals include measuring ears, voice pattern recognition and behaviormetrics – based on patterns or rhythms of our conduct – are also being developed, tested and implemented. Conferences such as the Global Identity Summit continue to bring together experts to evaluate and discuss these biometric systems, current and future applications and ethical and other concerns regarding their impact on society.
So at this point we can say that there is no question that you are the best proof of who you are in this digital world. Or is there?
- De Chant, Tim, “The Boring and Exciting world of Biometrics,”
- www.pbs.org/wgbh/nova/next/tech/biometrics-and-the-future-of-identification/, June 18, 2013.
- Wired.com, “11 Body Parts Defense Researchers will Use to Track You,” www.wired.com/2013/01/biometrics/ Jan., 2013.
- Singer, Natasha, “Never Forgetting a Face,” www.nytimes.com/2014/05/18/technology, May 17, 2014
- International Biometrics & Identification Association (IBIA)’s Report “Biometrics and Identity in the Digital World,” http://bit.ly/1uWCodC, March, 2013.