The vast biometric privacy landslide is starting to break…

Back in 2013, the media frenzy around the fingerprint scanner on the iPhone 5S cast a giant spotlight on the biometrics industry. It quickly died down, everyone forgot about it, and biometrics became a preferred alternative to the four-digit pin.

The use of biometrics for security is undeniably a growing area. It covers all the usual methods like iris scans and facial recognition and is gradually beginning to stretch into other less charted territory like gait analysis and body odour detection. Yet whichever type it is applied, it is all totally unique to you and is increasingly being used to secure your phone, your wallet… your life.

This means between the stupidly high profile Apple encryption case – and all the other stories starting to hit the headlines – individuals’ rights around their unique biometric data-print are probably something everyone should start thinking about, one way or another. And it’s certainly something that is getting more and more discussed in the field of law.

Yet moral and sociological issues aside – like most digital stories – much of this debate will ultimately centre round the implications of how this data is stored. And now a new paper prepared by PWC upon the request of Nok Nok Labs looks at biometrics and privacy from a legal standpoint and focuses specifically on the merits of storing data on an individual device vs. on a large server.

“This [biometrics and privacy] will be hottest topic of the next few years,” explains Nok Nok Labs CEO Phil Dunkelberger when I meet him in London. Dunkelberger is an encryption veteran, and co-founder of the PGP Corporation. He has since become a founding member of the FIDO (Fast Identity Online) Alliance – which looks to change the nature of online authentication and hopes to become as ubiquitous as SSL.

Dunkelberger describes how he started talking about this issue – and speaking to PWC – before the Apple encryption case broke and has watched the whole ballooning behemoth escalating since then. “Privacy is a way deeper subject than simply spamming someone,” he says. People do everything on their mobile phones and while they don’t care about the logistics of how it is secured they want to know that it is secure.

This new paper shows that despite specific legal differences across different geographies there are commonly accepted data quality principles through the EU, Switzerland, Canada, the USA and Asia Pacific. These ultimately cover an individual’s permission for data use, its security and confidentiality once received, and incorporate a “general prohibition” of cross-border transfers of personal data.

The report concludes that “on device” storage of biometric data is a “compelling and easier approach to satisfy global privacy requirement on cross-border personal data transfers and individuals’ choice and control” than “on server” storage. 

Like most recommendations, of course, this is easier to say than to implement. And while it is not clear exactly how much biometric data is already stored on vast servers around the world, the “freaking huge” size of the Philippines breach (which may or may not have included biometrics) provides an idea of scale.

So, what is the worst case scenario for how this could pan out?

Dunkelberger suggests there are two really negative options: “Over reaction so we take a step backwards instead of forwards,” he says. The iPhone only came out in 2007 yet it has opened up a whole way of life that would be hard to give up on.

The other route is we “spend a lot of time talking about it and it stalls,” he says.

One thing that is clear though is that the debate is now happening very seriously. And as more and more of our lives go digital the questions being raised are becoming increasingly fundamental ones.

You can’t reduce it “to heroes and villains,” concludes Dunkelberger.


The full report can be found here.


Further reading:

Viewpoint: Why we need voice biometrics


« Quotes of the week: Hunting unicorns, austerity panda, & US declares cyberwar


The making of a design-first enterprise IT company »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?