Biometric identification is now becoming common place in our day to day lives, it is a means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits (Rouse, 2019), the most common of these we know are finger print scan passwords on our smart phones and laptops along with facial recognition and retina and iris patterns on the same devices.
As it becomes more common place in our day to day lives, we see this form of identification as a relatively new technology however it has been around in various forms for many many years. As it becomes for common place and featured in more and more items and as even some governments begin to adapt many questions arise how truly secure is it? As technology security tech evolves so does the tech to break it, how easy can it become to impersonate someone else? Do we truly trust these companies of which many lately have had constant data breaches to store our biometric data safely? Do we trust these companies with our biometrics data to begin with? Can we trust our governments to use and integrate this technology appropriately? How much privacy do we really have when it comes to our biometrics? After all we need to remember biometrics are not something you can just password reset these are usually features that do not change much for you through out your life and aren’t as simple as a password reset if fallen into the wrong hands. We truly need to find answers to these questions and much more.
The long history behind biometrics and its issues continuing with it in the modern day
Using biometrics as a means of identification is by no means a new technology, we’ve been using finger prints to identify people for many years, in fact its believed it may have even been used in during the Babylonian business transactions in 500 BC and foot and palm prints were known to be used in fourteenth century china(Nadeau, 2019). When the industrial revolution sparked rapid city growth in the 1800s all kinds of biometric methods were used from measurements of arm lengths, height and other body parts till eventually one main metric became the standard, the fingerprint (Nadeau, 2019). Now a main question takes place in the technology age in a day where we have so many technological advancements should we really continue to use biometrics for so many of our day to day stuff when it comes to securely identifying us for even accessing our phones?
There are many reasons as to why we should move away from the use of biometrics, biometric technology today is still largely inaccurate, biometric data is also easy to copy and our biometrics are not secret your face can be easily captured by anyone (Grimes, 2019). Security and computer vision specialists from the university of North Carolina were able to build a system which uses digital 3-D facial models based on publicly available photos to successfully trick five facial authentication systems which are widely used((Xu, Price, Frahm & Monrose, 2016) ,(Newman, 2019)). Which brings us to the main flaw of using biometrics so much in our lives and its main security flaw, the main advantage of traditional security measures, if someone has been using your credit card or an account or stolen a password they are re-settable, it is possible to change or reset your password or pin for a device or credit card if they have been compromised and by doing so you could lock the person out, the same cannot be said about biometrics, if compromised or stolen its not possible to reset your fingerprint of iris or face, once compromised it will always be compromised(“Are Biometrics Good or Bad for Digital Security? – InformationWeek”, 2019).
Convenience is what people like the most and being able to unlock devices at a glance or by simply touching them with your finger tip is one of the main reasons biometric identification has begun to grow, this combined with ever increasing populations and a digitalizing world has made biometric identification appealing for everyone. For users its convenience, however for governments the reasonings can be very much different biometric identification can easily be overused and possibly take away many of our rights to privacy. To a government there are only Pros being able to identify people to a high degree with low chances of identifying the wrong person are just a small part, this technology not only allows a government to identify a person but also gives them the ability to track a person without them even having knowledge of it via avenues such as facial recognition over cctv and cctv becoming more widespread in many countries including wide use in Australia((Han, 2019), (“Street safety cameras – City of Sydney”, 2019)) it would not be hard to implement technology to track every person in their day to day lives, this in fact has already been implemented in some countries (Mozur, 2019) an example can also be seen in the following video.
The fact is we even here in Australia are already almost at such a level of tracking and surveillance at a commercial level, big shopping malls already use your biometrics for multiple purposes. Center’s such as Westfields use cameras placed above ad boards to scan you, decipher your age, gender, socio-economic background and even mood and use these to build a profile, based on these the ads shown on the board are
then tailored to you and using this technology combined with Bluetooth and Wi-Fi data given off by your phone some malls are also able to track you through out the mall and determine what stores you enter and how long you’ve spent there((Anscombe, 2019) (Butler, 2019)). The majority of this tracking is done without most shoppers even being aware which for me raises large privacy concerns as we don’t truly know how far this kind of technology can go and what data can be collected on us without any knowledge at all if these biometric based tracking technologies were further implemented across shopping centers.
The first leap, where its led and the uncertain future
In India a program was launched to give every citizen a unique, biometrically-verifiable identification number where a person’s biometrics
would be linked to a person’s Aadhar number using iris scans and fingerprint records, now over 99% of the adult population are enrolled (Perrigo, 2019). The program has somewhat worked for the government however that isn’t to say there wasn’t and still are major issues with
not only the program but the whole idea itself. There have been many concerns, one of the mains being privacy and security any breaches or compromises of the database could affect a person for their whole life time(Perrigo, 2019) and as we stated earlier it isn’t as if someone can change their genetic data or fingerprints like they could a password. Such breaches have already appeared to take place where a reporter was able to purchase personal information leaked from the database from a broker for as little as $7(Perrigo, 2019).
Initially the program was meant to be voluntary however it had forced itself upon citizens as the number became compulsory to receive welfare payments and as private companies began to implement the identification number it became near impossible to buy a cell phone contract or open a bank account(Perrigo, 2019) although the country has supposedly passed laws to stop private companies requiring users to provide their Aadhaar details mandatory various reports are claiming people must still mandatory authenticate their number and that future laws could simply bypass the Supreme court judgement and when an opposition MP tried to pass a law to ban Aadhaar authentication by private companies it was struct down by the majority government who support Aadhaar(Henning, 2019).
There are now major privacy concerns in India no one is certain that the Aadhaar data is secure or full proof and with the fact that many companies had access to much of this data for a long period of time no one can be certain how many breaches occurred and who they occurred with(Frayer & Latif Khan, 2019).
The overall pro’s and con’s of using biometric’s
- Uniqueness of signature’s
- Costs over time & less paperwork, sociability
- Ease of use when dealing with large populations
- User friendly
- Immutable, can last an entire life time without changing. which leads to many issues concerning data breaches and stolen biometric data.
- Still large security flaws
- Can and has lead to many privacy issues
- Can lead to large scale surveillance of everyday civilians
- Accuracy is still questionable
- Biometrics aren’t private
Our current state, can we stop the move?
We now come to the underlying question, how we in Australia should approach biometrics and what if any policies should we implement? The truth of the matter is the majority of people prefer convenience and don’t stop to consider the cons when it comes to such a topic. Another issue we run into is that most governments would not like to make policies on such a matter as those policies could inhibit their potential use of biometrics, as noted earlier our cctv infrastructure is ever growing and the honest truth is most governments would not want to rule out and constrain themselves on being able to increase surveillance to the fullest. Australia is already using biometrics on a larger scale overall from shopping malls personalizing ads, to our everyday phones, to even our airports and passports as seen here. The real question we should be asking is if it is too late to move off such an old technology and find something new?
Anscombe, L. (2019). If you hover too long in Pandora, they’ll know. Retrieved 5 October 2019, from https://www.news.com.au/finance/business/retail/westfield-is-using-facial-detection-software-to-watch-how-you-shop/news-story/7d0653eb21fe1b07be51d508bfe46262
Are Biometrics Good or Bad for Digital Security? – InformationWeek. (2019). Retrieved 5 October 2019, from https://www.informationweek.com/strategic-cio/security-and-risk-strategy/are-biometrics-good-or-bad-for-digital-security-/a/d-id/1331991
Butler, R. (2019). How shopping centres are spying on you. Retrieved 5 October 2019, from https://honey.nine.com.au/latest/how-shopping-centres-are-spying-on-you/2fd78bc3-eeaa-46e2-87bd-4070b4192d94
Frayer, L., & Latif Khan, F. (2019). NPR Choice page. Retrieved 5 October 2019, from https://www.npr.org/2018/10/01/652513097/indias-biometric-id-system-has-led-to-starvation-for-some-poor-advocates-say
Grimes, R. (2019). 6 reasons biometrics are bad authenticators (and 1 acceptable use). Retrieved 5 October 2019, from https://www.csoonline.com/article/3330695/6-reasons-biometrics-are-bad-authenticators-and-1-acceptable-use.html
Han, E. (2019). ‘Boost in arsenal’: shops across Sydney getting 1000 more security cameras. Retrieved 5 October 2019, from https://www.smh.com.au/politics/nsw/boost-in-arsenal-shops-across-sydney-getting-1000-more-security-cameras-20190205-p50vqs.html
Henning, M. (2019). India expands its controversial biometrics database Aadhaar – netzpolitik.org. Retrieved 5 October 2019, from https://netzpolitik.org/2019/india-expands-its-controversial-biometrics-database-aadhaar/
Mozur, P. (2019). One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority. Retrieved 11 October 2019, from https://www.nytimes.com/2019/04/14/technology/china-surveillance-artificial-intelligence-racial-profiling.html
Nadeau, L. (2019). Tracing the History of Biometrics. Retrieved 5 October 2019, from https://www.govtech.com/Tracing-the-History-of-Biometrics.html
Newman, L. (2019). Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?). Retrieved 5 October 2019, from https://www.wired.com/2016/08/hackers-trick-facial-recognition-logins-photos-facebook-thanks-zuck/
Perrigo, B. (2019). https://time.com. Retrieved 5 October 2019, from https://time.com/5409604/india-aadhaar-supreme-court/
Rouse, M. (2019). What is biometric verification? – Definition from WhatIs.com. Retrieved 3 October 2019, from https://searchsecurity.techtarget.com/definition/biometric-verification
Street safety cameras – City of Sydney. (2019). Retrieved 5 October 2019, from https://www.cityofsydney.nsw.gov.au/community/health-and-safety/street-safety/street-safety-cameras
Xu, Y., Price, T., Frahm, J., & Monrose, F. (2016). Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos. Austin, TX: The University of North Carolina at Chapel Hill. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/xu