Are your Biometrics really unique?
The term "Biometrics" and "Biometry" have been used since the early 20th century. In its beginning use, biometry referred to the development of statistical and mathematical methods applicable to data analysis problems in biological sciences. Within the last couple of years, a more familiar use of the word biometry has emerged. Today biometrics refers to the field of technology devoted to identifying and authenticating individuals based on biological traits, such as fingerprints, face recognition, retinal or iris scanning, and voice recognition. Many case studies, articles and lectures have been given on the ethical, moral and security issues involving biometric technology and data storage of these very 'personal' or 'unique' traits. This post highlights the questions raised among digital security and privacy experts within the field of Internet Freedom. The purpose of this blog is to point out just a few questions one should ask about the use of biometric technology as a way of identifying and authenticating you!
A few thoughts to ponder as you read are;
- "What is the difference between biometric identification and biometric authentification?" "And what are the implications for it's use?"
- "Do these technologies adapt or grow as I do (I gain or lose weight? Get contacts? Have an illness?)?"
- "Do the databases used for 'authentification' account for all ethnicities or gender types?" "How secure are these databases?" "Who has access to these databases?"
- "Are databases and biometric information ever sold, hacked, or shared across borders?"
- "What happens when 'authentification fails'?"
For a better overview on biometrics read this article.
"Now the real threat is the biometric recognition software"
Last week in Valencia, Spain, thousands of activists, journalists, designers and developers from 130 countries participated in the Internet Freedom Festival. This Festival focuses on digital rights and privacy, raising global concern to threats of freedom of information and citizen's security. Technology and attackers adapt much quicker than the general public, urging all to adopt tools to keep their online and offline self private, secure and safe. The problems aren't new, just alarming, inducing attendees into an almost paranoid state. But the threats and challenges are real and this Festival fosters relationships and solutions needed to exist in today's ever-changing world. Some sessions this year included; surveillance by the state, youth and digital literacy, 'fake news' and how it is used to defame journalist, biometrics as a threat to privacy, malware and phishing operations targeting Tibet, ways to keep journalist safe while they report and ways designers can bridge the gap between developers and end users. Read more about the Internet Freedom Festival below.
THIS IS AADHAAR: INDIA’S 750 MILLION BIOMETRIC AND ONLINE IDENTITY DATABASE AND ITS FUTURE AS AN ECOSYSTEM OF INNOVATION
Call it 'innovation', call it an 'identity for efficient welfare', but don't call it what it really is---a database of personal data denying individuals fundamental right to privacy. Promoted as a voluntary program, this 12-digit unique identification number, strengthened by a fingerprint and iris scan, provides India's residents a 'better life'. Providing access to bank accounts, phone services, energy recharges, food and health services. The problem? India has no data protection law, allowing the government and its partner's uncontrolled access to the world's largest biometric database. What happens if your identity is duplicated? How secure is the database? And who really has access? Find out more about these challenges and others facing Indian citizens, AADHAAR and what happens when 'authentification fails'.
India probes breach of biometric identity database
The Unique Identification Authority of India (UIDAI), which runs the world's largest biometric identity card scheme, has initiated a police probe into a major security breach. The probe was ordered on Thursday after the local Tribune newspaper accessed a database containing the identity details of more than one billion citizens, which was being sold for a meagre $8, the report claimed. An anonymous seller over WhatsApp created a 'gateway' for one of the newspaper's correspondents to gain access to the database, after which any identification number, referred to as AADHAAR, could be entered and the person's name, address, photo, phone number and email displayed. On Thursday, the UIDAI said the breach appeared to have been caused by the 'misuse' of a grievance-redressal search facility that can be accessed by the public. But Kiran Jonnalagadda, cofounder of the Internet Freedom Foundation, said, "the incident revealed a serious problem with data security. The breach involved the use of a backdoor created by the UIDAI for the use of authorized parties, a definition encompassing thousands of government officials." Read more about the breach that put 1.13 billion people's identities at risk.
Privacy is under threat from the facial recognition revolution
We are used to cameras watching us, recording our movements and actions. We use surveillance cameras to keep safe at night or identify individuals when a crime has been committed, we use facial recognition to unlock our smartphones, and we even watch our babies sleep from two rooms away. We don't think too much of these cameras invasion of privacy, but when facial recognition technology scans our face, producing an algorithm which is used to build gang databases, should we think twice? What about when drones are used to identify protesters in a peaceful march? Facial recognition and biometrics may be technological conveniences, becoming ubiquitous before legal decisions are made and citizen's give consent, producing lifelong implications to security and privacy. Find out more by reading this brief article.
Or click the button below for a more in-depth look at facial recognition technologies.
Aiding Syrian refugees, one iris scan at a time
"Over 6 million people are meant to be displaced by the Syrian civil war, leading to a human crisis on a scale not seen in decades." The United Nations High Commissioner for Refugees (UNHRC) has registered almost 4.6 million Syrians fleeing conflict. As part of the registration process UNHCR has introduced iris scanning. Instead of having identification papers, every individual seeking asylum gets their iris scanned which is put into a database for future identification. In partnership with Cario Amman Bank, the UNHCR has established a biometric ATM network in Jordan allowing refugees to withdraw cash using just their eyes as identification. This experimental 'processing' tool has indeed sped up the refugee registration process, but at what cost to privacy and data protection? Read the article or watch this 12 minute video, "Cashing in on Crisis? The Refugee Eye Scan Experiment."
A New Backdoor Around the Fourth Amendment: The CLOUD Act
"There’s a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy. It is built into a dangerous bill called the CLOUD Act, which would allow police at home and abroad to seize cross-border data without following the privacy rules where the data is stored. This backdoor is an insidious method for accessing our emails, our chat logs, our online videos and photos, and our private moments shared online between one another. This backdoor would deny us a meaningful judicial review and the privacy protections embedded in our Constitution." Read more and take action here.