Biometric Privacy, Senator Franken and the Firestorm

I have recently been taken aback by my biometric security industry peers’ reaction and response to Al Franken’s letter to Tim Cook regarding the TouchID inclusion in the iPhone 5S. There has been a general theme of frustration with overtones of anger and even hostility to the letter.  Some analysts have “hailed the technology as a step forward in mobile security” and others find the technology “inherently fallible.” Now, I recognize that some of this may be brought about by which side of the political fence one stands on but, the truth of the matter is, Senator Franken does ask some very valid and pertinent questions.

There are those who are currently developing biometric applications and products today whose future business will benefit from improved security, privacy and addressing the issues raised in the letter. All of us who make our living researching and designing biometric solutions will benefit. As an industry, we need to recognize that we are held to a different standard than other security solutions. Biometrics are personal and do raise potential questions over rights to privacy. The whole industry rejoiced when Apple ushered in the era of biometrics. However, if this is done badly, then the whole industry will pay.

Any biometric solution that compromises security is a threat to the industry as a whole. I dread the day when a black hat agent steals the biometric identities of a couple hundred thousand users due to a solution that allows for biometric data to by externally accessible. If you think about the press Tesla has received over the recent car fire is bad, just wait and see what will be written about biometric security.  It won’t be pretty. Why?   Because biometrics strikes at the heart of who we are as individuals and we, as an industry, should hold ourselves to a higher standard than other security technology. Our future success and acceptance depends upon it.

Biometric technology, like most technologies, can be done well or it can be done poorly; it can be done for good or for evil. Many people fear the use of biometrics because of the privacy implications, and they should. What they are unaware of is the great power and potential biometrics can provide to protecting their privacy and security.

Currently, there are companies who are developing technology that allows dynamic data encryption schemes based on an individual biometric signature. Recently, the New York Times reported a story where the National Security Agency “had circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” When a single encryption scheme like RSA is established as a standard, the probability and possibility of compromise is much greater. Until we solve the entanglement problem and are still forced to transmit public keys in the open, it is safer to assume that all encryption algorithms can be cracked with enough computational time and resources. How do you solve this problem? You make it so everyone’s encryption is different. Anyone with the time and resources to crack your personal encryption algorithm probably has a really good reason for doing so.

Another area of biometric research with great potential to provide enhanced individual security and privacy on server, desktop, mobile and embedded devices is the concept of biometrically secure enclaves within memory and storage controllers. The technology has been developed which provides a means and mechanism to define regions of memory and storage as biometrically protected. It then becomes physically inaccessible via software without biometric authentication. This technology will be used to reinvent security solutions against malware and other black hat agents. Rogue agents will be unable to install malware without a users’ biometric signature. The enterprise space will be able to provide solutions where data within biometric secure enclaves can only be modified, physically accessible and decrypted by authorized individuals through biometric authentication who are physically present and verified at the time of access.

On the very near horizon, I see bank cards that are active only when the authorized user is holding it. I see doors that unlock by the authorized user touching the door handle. I see data that is only accessible by the authorized user. I see the elimination of “card not present” online financial fraud and hopefully, I see a biometric refrigerator that protects all the ice cream from being eaten by my kids before I get home from work. Ubiquitous biometric solutions will be present throughout our future daily lives. It has such great potential and promise as long as we, as an industry, take care to ensure that it protects the security and privacy of the individuals who use it.


Dannie Feekes is Principle Architect at biometric startup IdentaChip


« Cyber Security in the C-suite


Has Everyone Forgotten the Most Popular Collaboration Tool? »
Dannie Feekes

Dannie Feekes is Principle Architect at biometric startup IdentaChip

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?