Hidden Risks of Biometric Identifiers and How to Avoid Them Dr. Thomas P. Keenan, FCIPS, I.S.P., ITCP Professor, University of Calgary Research Fellow, Canadian Global Affairs Institute [email protected] Las Vegas, NV August 3, 2015
IN THE NEXT HOUR, YOU WILL LEARN · Why biometrics are about to become very important in your job and your life · How it will have subtle consequences that people aren't talking about yet · Some creepy biometric ideas that are "just around the corner" · How you can get ready for the biometric revolution · But first, if biometric technologies are the solution -what is the problem?
HOW BAD IS THE "PASSWORD PROBLEM"? I remember when your password was physical possession of the computer! Image: Wikimedia Commons CC-BY-SA-3.0
NOW COMEDIANS MAKE JOKES ABOUT THEM, AND USERS ARE FRUSTRATED "I needed a password eight characters long so I picked Snow White and the Seven Dwarves" Comedian Nick Helm Computer: Please enter a new password User: cabbage Computer: Sorry, the password must be more than 8 characters User: boiled cabbage Computer: Sorry, the password must contain 1 numerical character User: 1 boiled cabbage Computer: Sorry, the password cannot have blank spaces /* time passes and much effort is expended / User:NowIAmGettingReallyPdOff50FingBoiledCabbagesShove dUpYourA**IfYouDontGiveMeAccessImmediately Computer: Sorry, that password is already in use!
AND OF COURSE XKCD WEIGHS IN Source: xkcd.com under CC BY-NC 2.5
YES, THERE'S STUPIDITY, BUT THERE'S MORE Source:http://abc7chicago.com/technology/i-team-protecting-usernames-passwords/245303/
BIOMETRICS IS POISED FOR HUGE GROWTH Biometrics Research Group Inc. projects that the global biometrics market will grow to $15 billion by 2015 from its 2012 estimated value of $7 billion. (www.biometricupdate.com/research) It is moving into every sector from banking to healthcare to retail, and will play a "killer app" role in enabling mobile commerce
WHY BIOMETRICS WILL RULE THE WORLD Passwords are indeed severely broken Convenience is king you never forget to bring your finger or face Technology is getting better Biometrics are more difficult to copy than, e.g. passwords or CC numbers Biometrics are difficult to share Some attention is being paid to privacy, e.g. hashes and not full biometrics are usually collected Legal/Financial forces are pushing for non-repudiatable ID Oct 1, 2015: USA Fraud liability shifts to non-chip merchants Already in Canada: consumer liable if PIN entered 8
WHY BIOMETRICS WILL CREEP PEOPLE OUT It's so "you" you can't change your fingerprint or retinal scan like you can a credit card number Snowden revelations about Government Tracking Business Tracking: "Target Knows Teen is pregnant" is a great yarn but there are more realistic predictive analytic business cases (divorce prediction; likelihood you'll switch insurers; creditworthiness via your friends) FBX and the like: I'm being pursued by a wall oven and a rental car "Smart shelves" in supermarkets that guess your age, gender, BMI 9
A VERY BRIEF HISTORY OF BIOMETRICS ·31,000 years ago: Handprint "signed" cave paintings ·500 BC Fingerprints on Babylonian clay tablets · 1892 Galton develops fingerprint classification system · 1959 LAPD catalogs "tattoos and identifying marks" ·1994 First iris recognition algorithm patented ·1994-1999 FBI develops and launches IAFIS (fingerprints) ·1998 FBI launches CODIS (DNA database) ·2001 Face recognition tested at Superbowl in Tampa ·2003 ICAO supports machine readable travel documents ·2004 US VISIT program becomes operational Sources: http://www.biometrics.gov/documents/biohistory.pdf, last updated August 2006 www.tattooarchive.com/tattoo_history/identification.html
Source: Wikimedia Commons under CC BY-SA 3.0
Nexus: Canada's Trusted Traveler Program "Original" Nexus Kiosks · Were often broken · Ambitious idea...but... a "glitch" · Want one? =======
HIDDEN RISK #1: BIOMETRIC RELIABILITY AND THE PERCEPTION OF IT ·WE know that technology is only right some of the time ·The general public sees it as "all or nothing" Source: https://blog.lookout.com/blog/2014/09/23/iphone-6-touchid-hack/
HIDDEN RISK #2: LACK OF DISCUSSION OF THE CONSEQUENCES OF ERRORS · In Biometrics, by convention: · Type I Error: False Reject Rate (doesn't allow valid access) · Type II Error: False Accept Rate (allows access when it should not) · Crossover Error Rate (point at which FRR=FAR, "neutrality") · Consequences of your iPhone not recognizing you or accepting an imposter? It depends! · Consequence of the Nexus terminal mis-identifying travelers? Probably low since they were all on the trusted traveler list to begin with · The point is that Type I and Type II errors are usually hidden in technical specs (if they are considered at all) but can have important policy implications
ID TECH IS ALREADY GETTING UNDER ON, OUR SKIN Source: vivalnk.com 15
THEY'RE EVEN CLAIMING A "COOL FACTOR" That's a microphone! Source: IC10, via telegraph.co.uk 16
AND, IT'S PATENTED TECHNOLOGY Source: uspto.gov 17
"GOOGLE'S CREEPIEST IDEA EVER"
Source: slate.com
18
HERE COME THE DIGITAL BLOODHOUNDS Source: Universidad Politécnica de Madrid © 2015 19
DOES LOGGING ON MAKE YOUR HEART SKIP A BEAT? Source: nymi.com 20
IF NOT YOUR HEART RHYTHM...YOUR EEG · Neurosky · OpenEEG · Emotiv · Muse Source: Wikipedia
MY RESEARCH INTO TECHNOCREEPINESS
-There are "wheels within wheels" -Most people don't, and perhaps can't understand exactly what's going on
-Still, they have an uneasy feeling -Laws and regulations are lagging
22
A Philosophical Example $28,595.00 Dzokhar Tsarnaev, April 19, 2013 Massachusetts State Police Photo
This quickly lead to Thermal Image PIN Hacking
THEY'D HAVE TO STEAL MY CARD... RIGHT?
Source: www.saveheat.co
WHAT IF I'M CONCERNED ABOUT MY PRIVACY?
Commercial marijuana grow op Maple Ridge, BC Source: RCMP Handout photo
THE LEGAL SIDE OF THERMAL IMAGING Disclaimer: IANAL/IANYL Kyllo v. United States, 533 U.S. 27 (2001), held that the use of a thermal imaging device from a public vantage point to monitor the radiation of heat from a person's home was a "search" within the meaning of the Fourth Amendment, and thus required a warrant. Source: Wikipedia Canada: Section 8 of the Charter
WHAT HAS THIS GOT TO DO WITH BIOMETRICS? -IT'S ABOUT HOW TECHNOLOGY CAN DRIVE CHANGE · In Technocreep, I predicted that the day will come when you go into a store, enter your PIN, and the pad is swept away like one of these things: Source: bluelinehygenics.com
THEN WHAT? Source: biowake.com
AND THEN... Whoever has access to your DNA has information on your: Ancestry Genetic predispositions to certain diseases (via single nucleotide polymorphisms and frank abnormalities like trisomy) Epigenetics (non-heritable changes such as DNA Methylation) AND INFORMATION ON YOUR SIBLINGS AND OTHER GENETICALLY RELATED FAMILY MEMBERS! Source: appellatesquawk.wordpress.com
SHOULD YOU CARE? WELL, SOMEBODY DOES
Source: www.health-street.net Jan, 6, 2015: Genentech Announces Partnership with 23andMe
Source: www.motluk.com
HIDDEN RISK #3: BIOMETRIC DATA'S IRREVERSIBILITY AND THE IMPLICATIONS ·For biometrics such as your DNA cheek swab, it is usually infeasible to withdraw access, once granted. · Even if taking a sample/hash of a physical feature (features on a fingerprint, selected SNPs of the DNA) there is always the danger of "data jigsawing" ·Legal protection of biometric data is highly variable by jurisdiction ·If credit card numbers are dynamite to have in your possession, DNA data is nuclear fuel!
NEWEST VULNERABILITY: YOUR FACE!
NAMETAG APP
EVEN HOW WE WALK IS BEING STUDIED "Human gaits, for example, can provide a lot of information about people's intentions. At the American Army's Aberdeen Proving Ground in Maryland, a team of gait analysts and psychologists led by Frank Morelli study video, much of it conveniently posted on the internet by insurgents in Afghanistan and Iraq." -The Economist, Oct. 2008
HIDDEN RISK #4: OUR BIOMETRICS CAN BE GRABBED WITHOUT OUR CONSENT · In a public place, and even some "private" spaces, we are exposed · Face · Gait · Speech · Behavior
HIDDEN RISK #5: OUR BEHAVIOR CAN RAT US OUT SOMETIMES INCORRECTLY ·DHS FAST system -- ridiculed at DEFCON 19 (2011) by teenagers Source: Wikipedia.org which says "Department of Homeland Security, Science and Technology Department Sharkride.com but apparently ultimately from a now down DHS website" (unable to authenticate)
Source: www.photon-x.com © 2010 Photon-X
GOOD MEMORIES, BAD MEMORIES, FALSE MEMORIES COURTESY OF
RISK #6: GIVING OUR BIOMETRIC AND BEHAVIORAL DATA MAY BE (DE FACTO) MANDATORY · In India, biometric ID is legally mandated and needed to obtain government services. · You can rent a car without a credit card (but just try to!) · You can also ask for a paper ticket at a Disney theme park instead of this: Source: findingmickey.com
DRIVER TRACKING APPS ARE JUST THE START... Source: cnn.com
Source: gizmodo.com 47
WORKPLACE ISSUES Companies are giving fitness monitors and other wearable to employees as part of fitness programs "Four out of five employees would use company-provided wearable that tracks health and wellness and provide that data to their employer." (http://www.cornerstoneondemand.com/SOWP14) Perks might include discounts on fitness programs, extra vacations days, a bonus BUT... Did you get a good night's sleep? Or... 48
Source: Licensed from Colourbox 49
HIDDEN RISK #7: BIOMETRIC DATA THIEVES AND AGGEGATORS · Like any other data, biometric data is subject to breach, hacking, being held for ransom ·"Bits is bits" so why wouldn't companies Acxiom (and Google) try to grab biometric data (if they are allowed to) · Well the good news is that there is, at least, some awareness of the ethical issues: Source: acxiom.com
A FRAMEWORK FOR MAKING ALL THIS "NEWS YOU CAN USE" Even before you get back to the office, list technologies that you use or are considering using that have biometric components Apply this "creepy lens" to identify ways in which it might upset people or compromise their privacy or confidence Think about alternatives that will produce "pretty good information" A sign-in sheet at the company gym will track attendance, if not effort, as well as a fitness band. What do you really need to collect? 51
LONGER TERM APPLICATION OF WHAT YOU HAVE LEARNED TODAY Check your data retention policies (example: videotapes should usually be erased after 7 days if not requested) Consider whether some data should be de-identified (which can be difficult!) or collected anonymously or not at all View every new technology through the creepy lens and make sure the benefits outweigh the risks Don't Be Creepy! 52
THANK YOU! Tom Keenan, FCIPS, I.S.P. [email protected] @drfuture http://www.psychologytoday.com/blog /technocreep www.technocreep.com