Biometric security has gained enormous momentum since my first warnings on this subject several years ago in this column. By now, millions of us have surrendered our biological patterns, exposing our fingerprints, facial features, palm layouts, irises, ocular vein structures, even our heartbeat patterns. And once this information is out there, in a hackable state, your identity is at much greater risk than if you just lost a card, or a PIN, or digital cash.
Anything issued to you, even your Social Security number, can be replaced to prevent a data thief from stealing your identity time and again. But you cannot be issued a new set of fingerprints, nor a new face (though some of us would definitely like that), nor a different palm print.
And no, the hacker does not need to chop off your thumb, Hollywood-style. He only needs to feed your fingerprint signature for authentication.
Let me explain. When you climb on an airplane or pass a secure access point, you may be inspected to ensure that you expose your own iris, or press your own palm on the reader. But when you are called to supply a biometric from the privacy of your own home, your ability to cheat is staggering.
There is something about the complexity of biometric data that assures us that it is really secure. And as it has been shown so many times, any measure of security, however effective, may become a negative security factor when its efficacy is exaggerated. Hype kills the security potential of any defense. One bank executive was so happy to report to me that he now feels safe keeping the most delicate bank secrets in his travel laptop, since “nobody has my thumb.”
The technology gave rise to modern crime novels where the victim’s biometrics were used to place biological markers in the crime scene and secure a false conviction. The bad guys seem to have more imagination. What about the ultimate biometric—our DNA? With the momentum behind biometrics rushing ahead, our entire biological makeup will be as safe as the government computers from which were stolen millions of personnel files of top-secret individuals.
Biometrics is cool, one must admit. Indeed it is, and convenient too. But the technology is like rich, creamy milkshakes: irresistible at the moment, but with accumulating damage down the road. The convenience of biometrically secured payment is very costly in the long run. It would be best if we could hold off a little longer until digital cash relieves us of the need to prove who we are every time we buy a dollar’s worth of goods.
“We don’t hire you to lecture us on security doom,” my clients say: “Solutions please, for the reality as it is!” Okay, here is what can be done. Let’s look deeper into the essence of biometric security. We read, then digitize, a biological parameter that, in its essence, is invariably richer, more detailed, more refined than a digitized camera image one captures, stores, compares, etc. Say, then, that if I have stolen your fingerprint, I have stolen really the projection of your fingerprint on the digital recording framework I have set forth. I have no record of the gap between my record and your thumb (or between my record and your iris, palm, etc.).
This distinction is crucial. It serves as a basis for voiding my theft of your fingerprint. Should you upgrade your biometric reader, and should the authenticating databases switch to a greater resolution image, then the former low-resolution image will not work. Your identity will be safe. It works like a camera image. The scene ahead is much more detailed than any photograph thereof. And a picture taken with a low-resolution camera cannot pass as a high-resolution image.
This principle can be re-applied as many times as necessary. The challenge is organizational. We need to upgrade the readers and upgrade the databases. It’s not a one-user strategy. It’s a national initiative. I use this column to call upon major cybersecurity organizations, across-the-board privacy advocacies, and proactive government offices to think ahead, humbly, with the expectation that our biological identifiers will be compromised, and put us at grave risk.
A schedule, a plan, a public program is so essential. Nobody is as vulnerable as us right now. Woe to us if our biological definition is wholesale compromised!
—Gideon Samid • Gideon@BitMint.com