Biometrics to Foster Consumer Protection: A Double-Edged Sword
Apple recently filed for a patent to include biometrics protection on their devices (iPhone, MacBook, iPad, etc.). The objective? To discover the identity of the user so as to protect the device—or specifically the information in it—from being stolen. The way it would work is by installing sensors (hidden?) in these devices. The sensors could pick up biometric information through the scanning of fingerprints or retina, voice identification, face recognition and even DNA sampling. The sensors are designed to not impede task-productivity (of course unless the user is illegitimate), while at the same time making sure the user is who they are supposed to be.
The big question here is how comfortable consumers will be with purchasing devices that have the ability to (and utilize this ability daily) gather very private and sensitive information about the user. It is not enough that some of us already store financial information, passwords, and the like in our phones and computers, but now these devices will be able to identify us every time we use them.
Some groups are not so happy about this new patent, calling it “traitorware.”
I recently lost my iPhone at an IKEA store, and of course was not able to recover it. After having to shell out over $300 for a new one (a new 3GS, that is, not the iPhone 4), I am starting to think biometrics technology sounds good. Of course the other side of the coin is, how comfortable do I feel with my devices (and Apple) knowing who I am, where I am, and even how fast my heart is beating?
Image Credits: http://en.wikipedia.org/wiki/File:IPhone_keyboard_unblurred.jpg;
http://en.wikipedia.org/wiki/File:Fingerprint_picture.svg
Good article Carolina. I think it’s important that consumers understand biometric technology before passing any judgment on its use in smart phones.
Biometric enrollment templates stored on a phone are not actually an image of the fingerprint at all. They are a mathematical representation of the data points that a biometric algorithm extracts from the scanned fingerprint. The algorithm then uses the template to positively identify an individual during subsequent fingerprint scans. No image of the fingerprint is ever stored or transmitted across a network. In addition, the algorithm is “one way” which means that the template that is extracted can never be used to recreate the original fingerprint image. In other words, it is nearly impossible to reverse engineer the data that is sent to positively identify an individual and successfully “steal” their biometric identity.
Thought this might help to clear the air about biometric technology!
Hello John,
Thanks so much for reading and posting your comments–useful insight for us all. Do you know whether retina scans, voice identification, face recognition, and DNA sampling also work in the same way as fingerprint scans?
I thought Apple’s biometric hearbeat patent was an interesting idea also.
Carolina
OK, they will stock templates, not the actual fingerprint images. Indeed, this is how most modern biometric technology works. For security concern, but even more for efficiency reasons: templates are alphanumerical data which is easier to stock.
To tell, however, in general, without any specification of the particular technology involved, that it is “nearly impossible to reverse engineer the data” is a display of faith, not a reasonable argument.
Lots of hackers have repeatedly displayed the lack of security of such commercial uses of biometrics, not to say concerning electronic passports ! So, still confident?
The main problem with biometrics is the following: in most of the cases, they do increase the accuracy of the identification process. But if and when they are hacked, you are in big trouble. You can’t change your fingerprint like you change your password…