Biometrics: Password Life-Slaps & The iPhone 5S

The media frenzy around the fingerprint scanner on the new iPhone 5S has cast a giant spotlight on the biometrics industry. Kathryn Cave investigates the potential and danger of biometrics… and what it all really means.

The media frenzy around the fingerprint scanner on the new iPhone 5S has cast a giant spotlight on the biometrics industry. Kathryn Cave investigates the potential and danger of biometrics… and what it all really means.

The email had me bouncing in my seat and ranting at anyone who’d listen:  “your record has been suspended as we have received mail back from you marked as ‘no longer at this address’.”  This was rubbish... pure unbridled rubbish. I’ve been at the same email (and physical) address for years. Besides, the message didn’t even help me retrieve my password… I still needed to prove who I was. 

The following black-zone of filling out CAPTCHA codes, hitting refresh on my email, engaging in pointless correspondence with customer service - and still not getting into the system - left me a dribbling ruin. Anyone who's experienced it for themselves  knows that only a password ‘episode’ can send you on the rapid trajectory from irate barking, through to broken defeat, in the space of half an hour. 

This is a large part of the case for biometrics - the system which uses facial recognition, fingerprints, iris scanning or more recently, palm vein or finger vein technology to verify your real identity. This is a system which (theoretically at least) actually knows who you are, and because of it, could spell the end of a million half-remembered passwords. But this is precisely the problem for many… it all feels a bit Big Brother. 

Yet in a world where somebody will always have your details, perhaps the time has come to decide who you most want to protect yourself from? Is the problem, hackers stealing your money, your government checking up on you, some other government watching you... or maybe it’s something more vague? Rajiv Gupta, CEO of Skyhigh Networks made an interesting point recently when I asked him about the Big Brother implications of his cloud monitoring system. He replied that giving employers the opportunity to monitor their applications more effectively “is preventing the Bigger Brother which is NSA or the US government or whatever from digging into your data.”

The promise of biometrics is that it provides more safety. But now the inclusion of the fingerprint biometrics in the in the new iPhone 5S, and consequent media frenzy around its lack of security (it was hacked within two days of release) has cast a giant spotlight on the industry.  Dan Feekes, Principle Architect at biometric startup IdentaChip, believes this is a real cause for concern: “At the moment, I have sleepless nights over Apples’ TouchID and public acceptance of its biometric implementation. My nightmare is I envision TouchID being perceived by the general public as a gimmick/toy and insecure.”

“I see the dream ending [and] with TouchID being seen in the same light as Apple’s ill-fated handwriting recognition effort on the Newton in the 80’s. In such a high profile test case for biometric security, all of us who make our living designing and researching biometric solutions stand to gain or lose with Apple’s success or failure,” he continues.

Yet this is not the view of everyone. Mizhan Rahman, CEO of M2SYS, an organisation that offers hybrid biometric solutions to a global client base, believes: “[the inclusion of biometrics within the iPhone 5S is definitely] good news for the industry. Finally a company like Apple has come forward and put fingerprints in the phone. This means that it is available to millions of people who would never have seen fingerprinting.  Historically it had a negative stigma because it was used exclusively by law enforcement - making it available to wider audience people will be a good thing.”

What does biometrics mean?

The use of biometrics, or, “the measurement and analysis of unique physical or behavioural characteristics as a means of verifying personal identity” can be traced back to 14th century China. 500 years’ later Sir Francis Galton stumbled upon fingerprinting, and in 1891 Juan Vucetich was the first police officer to convict a murderer using a bloody print. In the intervening time period, computerisation and improved mapping techniques have pushed biometrics from the arena of crime into a whole host of new areas.

The biggest market is still currently law enforcement says Rahmen, but things are changing rapidly and he has a very wide range of clients across multiple sectors. “Many companies take our engine and integrate with their solution,” he says, describing “very mixed” usages from banking to national ID. In fact, biometrics are now even being used in marketing with organisations providing brand managers and advertising firms with a biometric analysis system that captures real time consumer reaction to brand messages. Gerry Henesy, Founder of Biometric Advertising sees “facial recognition and biometrics measures for consumers [as] the next leap in automated advertising and brand promotion delivery.”

Aurora Computer Services is a UK facial recognition company has been in business 15 years.  Technical Director, Patrick Usher Patrick Usher explains some of the different techniques over the phone: “There is a bit of a trade-off” depending on what you want to achieve, he says. “[You need to] look at all the different biometrics, they all have strengths and weaknesses and you have to weigh up which particular implementation is going to work [for you].” Rahmen concurs: “Every different environment needs a different type of biometrics.” He is especially concerned by unscrupulous sales people who sell pieces of kit which are not appropriate for required conditions.

How does usage vary round the world?

Biometrics techniques are used differently around the world to match the local market. Anthony Krueger, Channel Sales Manager for Synel in Latin America, describes the regional differences between LatAm and the US: “customers tend to use biometric identification for their access control projects. In the USA and Canada, by contrast, biometric devices tend to be used more commonly for time and attendance data collection. [On top of which] generally, LatAm users tend to favour more hearty and durable biometric equipment than their counterparts in the USA and Canada.” He explains that this is down to greater outdoor use and higher rates of crime and vandalism.

“We’ve been working in Nigeria for almost a decade,” Rahmen says “and one of things we’ve seen is that projects initially adopted by the government, [in turn] fuelled a huge growth in the private sector. The same thing is happening in India, because of this big ID project people are looking to biometrics more and more. Every time, we see a big government project immediately helps the growth of the private sector and other sectors where people never thought biometrics would be successful.”

[image_library_tag e23e7dac-29dc-4b27-87a3-7caed1366190 620x354 alt="map-correct-width-for-page" title="map-correct-width-for-page" width="620" height="354"class="center "]

The inclusion of the fingerprinting device on the iPhone 5S shows the pace of market expansion but Rhamen believes: “The [global] industry needs to come together. We are seeing a big wave in people developing products for the mass market. [And] people are slowly realising that biometrics is not only for law enforcement. [They] are coming up with a lot of new ways of using the products.”  However, only time will tell how these will be developed.

One thing that is certain though is that the big issue for the foreseeable future, at least, will be security. This is two-fold. Firstly there is the security of individual solutions. “Overall, biometric security in the industry [at the moment] is poor… very poor,” Feekes warns. “Don’t get me wrong, many of the biometric solutions available on the market today are more secure than username and password but there are far too many solutions being presented as secure that are anything but.” And secondly, there are the wider security implications of Big Brother authorities being able to access your details.  National initiatives tend to run in emerging markets, “[but are] more of a worry in developed countries,” Rhamen says. “In emerging and developing countries privacy is a little more relaxed than in the US and Europe.” 

Venkatesh Commuri, AVP of Precision Biometric India Pvt. Ltd believes there is a “higher degree of acceptance and potential” of biometrics in India, home to the soon-to-be largest biometrics database in the world.  Yet this just goes to show how technology and all its resulting baggage usually blends with the local culture on the ground. For example there may be higher numbers of CCTV cameras in the UK than other countries, but Usher is sure that local people are less bothered by this surveillance than other nationalities due to the high volume of past terrorist campaigns.

For most ordinary people the biggest benefit of biometrics is going to be the potential to limit passwords. Feekes is keen to stress that done properly, this will be far more secure: “unfortunately, there is a lot of fear and public ignorance. [And] the general public, as a whole, is unaware of the potential privacy advantage biometric security would provide. They don’t know [for example] that it is possible to generate an encryption scheme that is unique to you based on your biometric signature… in light of the recent NSA revelations, think how powerful that would be.”

Perhaps you see biometrics as the face of Big Brother. Maybe you view it as the antidote. Either way, it seems likely that this technology will catch on… because - as most of us have experienced first-hand - the current password situation just isn’t working.   


Kathryn Cave is Editor at IDG Connect


Over the last week IDG Connect has published a series of piece on biometrics: