Perhaps it’s not so simple. Have we really considered the implications of storing and using biometric data? It may be convenient, but is it safe?
What is Biometric data?
Biometric identification is a system that helps recognize a person based on their unique physical features. In this article, we’ll be referring to those features as “biometric data”.
There are over 20 unique identifiers including fingerprints, facial features, and vocal characteristics. We’ll look at these and others in more depth later on.
How does biometric authentication work?
Biometric technology is used to authenticate an individual’s identity. This is already a feature in many personal devices, but it’s also employed for additional security in highly-restricted areas. Governments and corporations are turning to biometric authentication to protect both physical and digital locations.
Regardless of who is using them, all biometric security systems will contain three key elements:
- The sensor that captures the biometrics.
- A storage device to hold the original data.
- Software to compare the two.
The process of authentication is quite simple; let’s take the example of a smartphone with a fingerprint sensor. When setting up the biometric security system, you provide your fingerprint and your device stores this data for future use. Now, before accessing the phone, the system will compare your fingerprint with the one on its database. If they match, you can unlock your phone.
Below is a list of the most popular biometric identifiers and how the user authentication works in each case.
- Fingerprint scanners: One of the most recognizable and popular types of biometric data. In most use cases, a built-in scanner examines the ridges of the finger to authenticate the individual. In some devices, the camera doubles as a fingerprint scanner.
- Voice recognition: Recently, the number of smart devices in homes has exploded. Devices like Amazon Alexa and Google Home are getting better at understanding commands and following speech patterns. They’re also learning about the people around them. These devices can even identify the speaker by analyzing unique sound waves in their voice.
- Facial recognition: In its infancy, facial recognition software had to store a user’s image and compare it to a new photo every time someone tried to gain access. Now, this technology scans for unique patterns in the user’s face, and can even recognize people when they change their makeup or facial hair.
- Iris recognition: While not as mainstream as facial recognition, iris authentication is often considered to be more secure. Iris recognition is becoming popular in areas with restricted access, like government buildings and corporate labs.
- Hand geometry: Hand geometry uses the specific physical features of each hand to identify its owner. These identifiers include thickness, skin tone, and distances between various points on the palm and fingers.
Myths and misconceptions about biometric data
Hollywood movies depict biometric data as a virtually impenetrable defense. The criminals in these fictional stories often have to resort to using a victim’s severed finger or eyeball to bypass security.
Of course, the reality is far less macabre. Criminals don’t need to chop anyone’s limbs off to get around biometric sensors. Still, these representations are indicative of the misconceptions that many people still have. Let’s dispel some of the myths that persist around this subject:
Myth 1: Biometric data is private
It is not. You upload selfies to the internet, you’re filmed on the street, and there are hundreds of documents that contain your signature. Most of the popular biometric identifiers like your voice, face, and fingerprints can be extracted remotely. If you use social media, all of these physical features may be completely accessible to criminals through your photographs and videos.
You might own your fingerprints and your voice, but you’re not the only one who has access to those uniquely personal elements.
Myth 2: Biometrics can’t be hacked
It’s true that the biometric data you use to open apps and unlock devices is not easily obtainable. In most cases, it’s stored as encrypted binary code rather than image files. However, a simple rule applies here: recorded data is hackable data. There’s no doubt that cybercriminals want your biometric data, and have ways and means of obtaining it — and these methods will only become more sophisticated as time goes on.
Myth 3: Biometric data is an upgrade from passwords
Biometric authentication can seem like a modern evolution of the old-fashioned password but it’s far from impregnable. In 2014, hacker Jan “Starbug” Krissler proved this when he used photographs to recreate fingerprints from the now president of the European Commission, Ursula von der Leyen. With these 2D images, he could theoretically have unlocked her phone, if he had access to the device — unless she used a password. Nevertheless, biometrics can greatly improve your security as one layer in multi-factor authentication.
Is biometric data abuse common?
Let’s leave hackers aside for a moment; there are plenty of other reasons to be concerned about widespread biometric data use.
For one thing, there’s corporate abuse. Private companies, like facial recognition startup Clearview AI, scrape the internet for facial images and then sell the data to the highest bidder. Over 2200 organizations — including universities, law enforcement agencies, and supermarkets — use Clearview AI’s 3 billion-photo database, without any accountability or oversight.
Compounding the problem is the fact that biometric identification isn’t always reliable. The New York Times highlighted the case of a black man from the US who facial recognition systems misidentified. This technical error resulted in the man facing real jail time.
Then there was a 2018 incident in Australia. Police there tried to identify potential criminals following a football match, and their facial recognition tech misidentified 92% of those profiled. “No facial recognition system is 100% accurate under all conditions,” a police spokesperson explained. Worried? Well, you should be.
The growth of biometric data market
Biomarket technology market is experiencing fast and frightening growth. As per Statista research, it will reach $55.42 billion by 2027, while the identity verification market will increase by $18 billion by the same year. I-scoop.eu reported that around 1.3 billion devices will support facial recognition by 2024.
Moreover, quite a lot of people don’t see biometric data usage as a threat. Mastercard and Oxford University carried out a study in which 77% of participating consumers consider facial recognition secure, while 93% of them see fingerprints as a secure identification method.
So we are likely to face more privacy issues and abuses due to such an exponential growth.
How to protect your biometric data
Biometric data seems to be here to stay, and its use will only grow more prevalent in the future. However, a security-first mindset and some common sense could still help you protect yourself from the negative repercussions of this tech.
- Think carefully before you opt into using biometric data. Biometric authentication will become more popular, but that doesn’t mean you always need to use it. Before you allow a new app to scan your fingerprint, take a second to think about security risks. Perhaps it’s safe to use biometrics with your banking app, but a new social media service could stay password-protected. Take it on a case-by-case basis.
- Use biometric data for two-factor authentication, along with strong passwords. Passwords are not going anywhere. And unlike biometrics, you can change your password whenever you feel like it. Focus on creating strong, hard-to-guess passwords; if you want to use biometric data, include it as part of two-factor authentication.
- Contact your local government. Some US states, the European Union, and other regional governments are already taking steps to regulate the use of biometric data. This could be a huge part of data-security and the personal privacy debate in the future, so get involved. Find out what your government representatives think about biometric security and make your own voice heard.