Biometric Security: A Path Backward?

The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.

By Blake Evermon
June 3, 2016

The dawn of a new age of security is upon us. Biometric security is an emerging field filled with definite advantages and enormous risks. Hollywood has portrayed the supposed effectiveness of biometric safeguards, such as eye scanners, fingerprint readers and facial and voice recognition software, in spy thrillers like “Mission Impossible,” “The Recruit,” “Minority Report,” “Enemy of the State,” “Agents of S.H.I.E.L.D.” and “24.” The popular assumption is this technology is both capable and infallible. While biometrics is good, it is not perfect. If the future of identity is found in biometrics, then the future of identity theft will be all about stealing and hacking biometrics.

In today’s technological age, it is important that governments, corporations and individuals address the following questions before technology is accepted and promulgated in policy:

1. What moral implications are associated with using this technology in the workplace?
2. What are the civil liberty and privacy concerns associated with using this technology?
3. Is there a less invasive way to solve the problem?
4. How can this technology be abused by bad actors, both now and in the future?
5. What are the future trends concerning this technology?

Once an individual has answered question four, it is critical to step back and ask questions one, two and three once again through the lens of question four. Marc Goodman’s book, Future Crimes, reminds us of the risk inherent when technology outpaces critical thinking. He states, “The cornucopia of technology that we are accepting into our lives, with little or no self-reflection or thoughtful examination, may very well come back and bite us.”

Biometric security is at the forefront of the ethics and technology debate because it is an extremely personal way to authenticate someone. We tend to think our voices, eyes, heartbeat, facial features and palm prints are unique features that belong to only us. If you are asking what biometrics is, the short answer is that biometrics is you.

Biometrics are now used to access our phones, cars and homes. Biometrics is used to access our medical records, pay for our children’s lunches, clock in and out of work, start our computers and withdraw money from ATM machines. Retail giants such as Walmart and Costco are considering biometric checkout options using your fingerprint, which marries your biometric data to your financial institution.

The inherent risks are obvious. First, the computer systems between corporate businesses and financial institutions must be able to communicate and interface with one another. Second, all of the stakeholders involved (e.g., the retail store and the financial institution) must have access to a central database of biometric data from which to draw in order to make this system work. There will still be the same lines of connectivity (data capture, data matching, data storage) between the parties that is required with non-biometric authentication (PINs, passwords, etc.).

A person (or company) can change their passwords in the event of a breach. But will a person be able to change the vein pattern in their palms? If you need a new credit card because it was stolen or even if your Social Security number was snatched, you can do that. However, once your biometric data is stolen, there is no reset. Biometrics are permanent identification markers. Once they are compromised, it is out of your control forever.

Given the enormous data breaches at Sony, 7-Eleven, J.C. Penny, eBay, JPMorgan Chase, Citi Group, AOL and Home Depot, the risk of a biometric data breach is extremely high. Moreover, because you cannot change the data, biometric data will become the primary target for cyber criminals.

In this case, technology is outpacing law and regulation. We are in danger of sacrificing our privacy for convenience and an illusion of increased security. The world’s largest biometric database is run by the government of India, who has the ambition of fingerprinting, photographing and capturing the iris scans of its 1.2 billion citizens. More than 690 million Indian nationals have been documented so far. The U.S. Department of Justice, The Department of Homeland Security and the Department of Defense have established a vast biometric database to combat terrorism and other crimes in a post-9/11 world. It is likely the U.S. government will force the private sector to cooperate with government entities—through laws and regulations—in managing, securing and sharing biometric information.

Government agencies are targets for cyber theft as well. The U.S. Office of Personnel Management (OPM) says that roughly 5.6 million fingerprints were stolen in a cyber attack. I know this all too well—mine were one of them. It is distressing to me that all we received was a letter offering free credit monitoring for a few years. Thieves have access to much of my data through this OPM breach, which means we don’t have the safeguards to protect our systems.

We should not make more information, permanent information, available as a source of authentication when less invasive and alterable means are available. Our world is moving toward creating a permanent online profile of each individual. Civil liberties and privacy concerns are being forfeited in the name of convenience and the illusion of maximum security. It is time to rethink our approach to biometric security as the emerging standard of authentication—it is a path backward for civil liberties and privacy.

---

Author: Blake Evermon is a doctoral candidate in public administration at the University of Illinois, Springfield. His research interests include refugee assimilation, the Arab-Israeli conflict, Islamic radicalization, emergency management and terrorism. His professional experience includes analysis for the U.S. government and information/cyber security for educational institutions. He can be reached at [email protected].

(4 votes, average: 4.75 out of 5)
Loading...