Image of eye being scanned as a means of biometric identification
Biometric Identification - Knowing Who (and Where) You Are

Biometric Identification – Knowing Who (and Where) You Are

Biometric systems use people’s intrinsic physical characteristics to verify their identification. The characteristics that can be used by biometric systems include fingerprints, facial identification systems, voice recognition systems and in new developments – the analysis of DNA.

These systems have been employed by government agencies across the globe – however, development was originally pioneered by agencies such as the CIA and FBI in the United States to identify threats to national security and also to ensure that information sharing across agencies was secure.

So what technology is used in biometric identification?

There’s the ‘old school’ of biometric identification methods – voice recognition, iris and retina scans and fingerprint identification. Bit there are also newer methods involving scans that consumers might not be aware of. For instance, the fact that a visual scan of your ear reveals that it is as unique as a fingerprint. Even your heartbeat is as individual to you as a fingerprint.

Each of the methods of using biometric identification is unique and rely on sometimes emerging technology – but there is no doubt that the science of biometric identification is progressing and it seems set to become a global standard.

Today, biometric identification has spilled over into consumer products. Apple’s latest iPhone uses Face ID, a technology that unlocks the phone by using infrared and visible light scans to identify facial features. It works in a variety of conditions and is extremely secure. It relies on this technology to secure the device, as well as secure mobile billing records and authenticate payments (an application that seems to be gaining in popularity). Companies like Dell and Lenovo bypass traditional methods of signing in to their devices by also using fingerprint recognition technology.

The theory is that biometric recognition systems are easier to use, more convenient, and (theoretically) more secure. As far as the claim that these systems are easier to use is concerned, there can be no doubt that this is true. The password system is antiquated and can be extremely frustrating for users. The simple message of ‘username or password is incorrect’ is possibly one the most annoying features of online life in the 21st century – especially in an era of the Internet of Things where multiple devices are the norm for most individuals.

Biometric access control

By and large, biometric access control a rapidly maturing technology that is used to police our ability to gain access to places, allow us access to software and hardware as well as guard against unauthorized access to our online accounts. It is a form of identification other than what is till today the industry standard – passwords. However – newer systems such as biometrics are slowly gaining a foothold as the next generation of protection. Biometric systems scan physical characteristics in order to ensure that the person using various systems and functionality is authorized to do so.

Examples of biometric access control include scans of finger prints, iris scans, voice recognition and even such characteristics as the way we walk and our gestures. It is recognized as the next level of protection.

It replaces ‘ things that you know’ such as passwords with authentication based on ‘things that you are.’

Physical characteristics are almost impossible to duplicate – take for example a retina scan, which is only one example of a biometric safeguard – it is not possible with today’s technology to duplicate an individuals network of veins and other structures in the eye and so scanning this to allow access is at the forefront of safeguarding access.

Inherent privacy risks of biometric identification

Although biometrics holds enormous promise and has in fact been used for decades by government agencies across the world to safeguard data, enhance border security and identify those who may have hostile intent there are some issues with its use – or rather the way that the data that is gathered through its use is safeguarded. The privacy risks inherent in the use of biometrics are extreme.

Possibly the biggest risk is that governments have no issue with using biometrics for surveillance and there are very few pieces of legislation that prevent this. This is one of those instances where the Roman poet Juvenal may have had a relevant point when he wrote in his Satires ‘Quis custodiet ipsos custodes?’ – who will guard the guards themselves? As technologies like facial recognition become more advanced and surveillance on city streets the norm who will draw the line at just what level of invasive monitoring is permissible?

That may just be the tip of the iceberg. ‘Multimodel’ data collection is on the cusp of becoming a reality. This means that various types of biometric data will all be collected – and stored together to give those who are managing the data collection a more global idea of an individual’s identity and behavior patterns. Using this data and combining it with traditional data points (like passwords, addresses, geolocation data, gender, race, social security numbers, passport details and health status) may well end any idea of privacy.

And all of this without any sort of consent being sought – or required by law.

In the event of a data breach this information would be in the hands of players that are interested in only one thing – profit – and unlike the traditional passwords and other methods of identification biometric data cannot be changed. The vulnerability is enormous. You cannot reissue or reset an iris or a fingerprint.

Protecting biometric data

As has been proved time and time again, technology progresses and in lockstep so do the methods used by those who want to hack into databases. It could be argued that those players who would hack a biometric database will not have access to the real thing – they will not have a physical iris or a finger with a print.

The fact of the matter is that they simply do not want that real world expression of the biometric information (your eyes and ears and voice and fingerprints are safe). Their intent is (usually) to  capture information. They want the data about the individual – not their actual physical characteristics. Although by mimicking those characteristics inline they would have access to enormous amounts of data.

Using or selling that data is potentially enormously profitable. The individual in the 21st century needs to become increasingly concerned about how their data is secured. Be it a password or an iris scan – the protection of that data remains a concern.

There is very little – or next to no legislation that polices how biometric data is used. Neither by private companies nor by government. That information can currently be shared with little in the way of barriers, legislative or other.

Leading thinkers on the subject of biometrics are in agreement – industry and government need to apply their minds to how we develop protocols – perhaps based on cryptography, that will protect the data gathered via biometric techniques – and we need to give the owners of that data (ordinary people) control over how that data is used.

It seems that the more we advance toward that perfect data security situation the closer we come to an all-pervasive invasion of our privacy. It is a conundrum that we will continue to struggle with.