Do Biometrics Pose a Risk to Privacy?
The last decade has seen quick developments in technology. From smart devices to biometrics – there has been a lot of advancements to make our life easier. Biometrics are used in many sectors of the industry today. This technology is primarily used for user authentication. You might have seen biometric input devices in banks, police stations, and private offices. There are various biometric input technologies such as iris and retina scan, fingerprints, and voice recognition. In fact, this technology is so easily available that it just might be on your smartphone. While it does make things easier, the more information we provide online, the more security threats we have. With our biometric information out in the open, there are chances that hackers can make use of our data even more than before.
Applications of Biometrics
Biometrics are simple to use and have replaced passwords. This is most evident in the new range of smartphones. You can now unlock your iPhone X by simply looking at it for example. The phone will instantly perform a face scan to determine whether you’re its owner or not. Finger scans are also very common in mobiles these days.
Most people don’t want to spend time remembering and typing a long security password. So they depend on the biometric data instead. And biometrics always look so safe, don’t they? Your phone password can be copied by someone but they can’t copy your fingerprints.
And since your fingerprints will never change, they seem to be a simple, easy, and secure way of authentication. When it comes to sensitive data such as financial information, users prefer entering biometric details instead of passwords that can be leaked.
Biometrics are used in several sectors today. From banks to retail stores, when it comes to user authentication, organizations have started depending on biometrics. Banking systems use a combination of iris scanning, fingerprints, and voice recognition to make authentication as secure as possible.
While biometrics are used to protect our privacy and our data, there is something about biometrics that’s not commonly discussed.
Biometrics Pose a Risk to Privacy
You might haven’t thought of it before but biometric data can be stolen.
The best thing about biometrics is that they are permanent. They can never be changed. And this is also the worst thing about them. If someone gains access to your biometric authentication details, they can use your data without you being able to change it.
If hackers gain control of the servers where your biometric details are stored, they can use them or alter them to ensure they can get an easy access to your accounts. With an increasing number of data breaches, nothing is safe anymore.
Consider this scenario: A hacker organization gets hold of your biometric data (let’s say voice recognition) and wants to morph their own voice to gain hold of your accounts. Once they enter your accounts, there isn’t much you can do because you cannot change your voice. If it were a password, you could’ve easily changed it, but not your voice and fingerprints. This is why for some, traditional passwords are still preferable when it comes to securing sensitive data.
You might think now that this idea is far-fetched but did you think 20 years ago that companies can track our activities to make a complete user profile of us and use it for targeted advertising? Did anyone even imagine this business model?
And now here we are. All our online activities are monitored. Practically any online service you use also uses your data. What if the biometric agencies decided to use your data to create a complete profile of you? Or what if they’re already doing it?
It will be really easy for them to track you. Your bank, your favorite retail store, your financial status, your health condition, and practically anything and everything there is to know about you. We’re already being watched by several organizations. It doesn’t seem far-fetched if they’d want to track us more.
New Technologies Combined with Biometrics
Taking your biometric data requires your permission. For now. So if your bank wants to get an iris scan, they’d have to sit you down and make you look into a special camera. Which means it’s all consensual. Your biometric data cannot be collected without your permission.
But this is going to change. Researches from Carnegie Mellon University are working on a camera that takes rapid iris scans of everyone in a crowd. And this can be done from a distance of up to 10 meters!
Amazon Rekognition, a similar facial recognition software developed by tech-giant Amazon, has also come under scrutiny. So much so that the Orlando police department decided to drop the use of the controversial face recognition technology.
And there will be new technologies that will squeeze more data from our biometrics than what we currently collect. Law enforcement agencies have DNA databases that have only a small part of the genome. But human DNA is an entire database of information in itself. Who knows what kind of information can be taken out of it.
Rules for Biometrics
Currently, there are no rules on biometrics and governments don’t regulate their usage. This means they can be used in any way. With vague or almost non-existent rules, federal departments in the US can force you to unlock your phone with your fingerprints.
While there are rules on passwords, there are not many regulations on biometrics. Current laws are not ready to handle biometrics based intel as of now. If a law enforcement agency collects your biometric data without your knowledge, there is not much legal help you can get.
Under such circumstances, hackers can easily steal our biometric information and have no solid case against them. This is a recipe for disaster. It can be used for fraud, identity theft, and other crimes. All these are real problems. While you might think biometrics help you stay secure, they can actually become a double-edged sword and harm you.
To make sure biometrics aren’t used against us, the government should start by creating effective laws regulating their use.
Biometrics are used to make things simpler and more secure. While fingerprints are harder to copy than passwords, the problem is that once you’ve entered your fingerprints, they cannot be changed. Passwords can still be changed if they’re hacked. Right now, there is a requirement to create laws related to their use so biometrics can be regulated.
With the way biometrics are used in almost all sectors, it’s important to regulate their usage so they don’t end up in the wrong hands. For now, it’s best to use the old and trusted passwords wherever we can and not rely on biometrics as much.