Privacy

Biometric Privacy

Imagine not having to remember login IDs and passwords, and using a fingerprint or retinal scan for all of your logins. It is called biometrics, and it is already happening. Unlike passwords, where anyone with the password can access the account, biometric systems use both hardware and software to authenticate the user. For example, the newest iOS and Android phones use facial recognition to unlock the phones and authorize transactions.

Although this new technology is convenient, it comes at a price. For biometrics to work there has to be a database of biometric scans to match against. That leads to questions about the security of stored biometric data. In the event of a security breach, you can easily change your password. However, you cannot change your biometric data, such as your face, fingerprints or retina.

And of course, no security is flawless. Researchers have shown that it is possible to generate artificial fingerprints that can fool biometric identification systems. These fake fingerprints probably cannot be used to gain access to a specific account, but when used across a network they can generate a number of successes.

Early versions of face unlock features on smart phones could be easily fooled by photos of the phone owner, but the technology has evolved since way back in 2011 and is less likely to accept a flat image. More recently, there were complaints that the iPhone X could not distinguish between Chinese users, so facial recognition is still far from perfect.

Biometrics are not only becoming more common in phones and other consumer technology. The Transportation Security Administration has announced plans to expand the use of biometric technology at airport security checkpoints. The Electronic Frontier Foundation has expressed concerns about this, saying this would “allow CBP (Customs and Border Protection) and TSA to collect any biometrics they want from all travelers—international and domestic—wherever they are in the airport. The data collected from these programs—your fingerprint, the image of your face and the scan of your iris—will be stored in FBI (Federal Bureau of Investigation) and DHS (Department of Homeland Security) databases and can be searched again and again for immigration, law enforcement, and intelligence checks, including checks against latent prints associated with unsolved crimes.” The EFF also points out that these databases are “often riddled with errors and inaccuracies.”

There have been legal questions about whether people can be compelled to turn over a password to legal authorities where the courts have ruled in favor of the citizens. On the other hand, there have been cases where defendants have been required to provide biometric information in order to unlock a device.

We are still in the early days of biometrics, so we can expect more uses of biometrics as the technology develops. And we can also expect more legal challenges to the privacy issues raised by the use of biometrics.