With the rapid adoption of biometric identification technology by Apple and other giant mobile phone manufacturers, biometric technology has become a mainstream technology in 2015 by opening availability to more people for daily use. Does this mean that our privacy is even more at risk from snoopers, hackers, and identity thieves?
The answer is — not really. Today we are going to discuss how biometric technology is maintaining a delicate balance with privacy concerns as its use proliferates across many different markets.
The most common privacy fears and concerns that we have today are actually the same types of questions we had in mind when asked to put our credit card numbers on an online shopping site: “Who has access to my information?”
If we decide to give our biometric credentials in a departmental store to pay the bills for example, we want to be sure that it cannot be accessed by a hacker or government agencies – two core privacy concerns.
There’s been a lot of confusion and misinformation already about biometrics and privacy concerns, so today we are going to clarify the technology behind biometrics, how it works, how it’s stored, and how hard it is to abuse and misuse biometric data.
Biometrics, while having its limitations, offers substantial security benefits to the average consumer — including greater protection from identity theft, data theft, and possibly even financial fraud. It’s substantially more secure for privacy protection than using a basic password or four digit personal identification number (PIN).
How does biometric technology protect your privacy?
Biometric technology has evolved over the last few years and always maintained a delicate balance with end user privacy concerns. Let’s take a look at how biometric is maintaining this balance:
First, it’s important to realize that most fingerprint scanners available today in the market do not store a raw image of a fingerprint. Instead, they interpret a digital representation of certain characteristics of your fingerprint, which is called a template. To put it in an easier way, it saves the fingerprint as binary digits, not as a raw image. Every biometric scanner manufacturer has their own algorithm for creating these templates and most of them are not compatible with each other. Therefore, it’s nearly impossible to steal and use someone’s biometric template to access their accounts across all platforms.
Just for the sake of argument, even if a hacker does get access to the digital template of your fingerprint, it is nearly impossible to reverse engineer and use that to recreate the actual fingerprint — or any other modality of biometrics being used, as every system uses different algorithms for interpreting this data.
What if someone try to spoof or steal biometric data?
Just like any other technology, biometrics has its limitations too. It is possible to “steal” or “spoof” a person’s biometrics — as we have seen with the iPhone 5S fingerprint scanner hack. But that is not very easy to do. In fact, it can be much harder than guessing or brute forcing a password or PIN code. In order to steal a fingerprint:
- The attacker must have direct contact with the person
- Lift the print without ruining it or being seen
- Save it as a very high-resolution image
- Print it out in a high-res format
- And then manage to trick the fingerprint scanner into thinking the artificial print is real
Obviously it can be done, but this number of steps rules out many of the usual suspects. In order to stop these kind of spoofing attacks there are biometric scanners available in the market with strong anti-spoofing capabilities. For example, M2-FuseID™ is a fingerprint scanner which can avert spoof attacks with sophisticated liveness detection capabilities. This next generation fingerprint scanner captures both the fingerprint and the unique finger vein pattern inside your finger. If a hacker can spoof fingerprints, how will they be able to fool the vein detection system when it requires the presence of live blood flow for identification?
Biometric technology maintains the balance of privacy in our society in a way that is not entirely new to us. Therefore end users need to be well informed/educated of the privacy implications related to biometric technology. There might not be a single solution to minimize the potential privacy loss through the use of biometrics – but if you look around there will always be different protections for different scenarios.
Want consultation on a privacy friendly biometric solution deployment? Feel free to reach us at M2SYS Technology.