The year is 2015. You walk into your bank to make a withdrawal, hold your smartphone to the terminal with one hand, and put the fingers of your other hand on the small green-glowing window.
A buzzer sounds and the words “IDENTITY REJECTED” flash onto the screen. A security guard appears from nowhere.
You begin the first of many long, frustrating protestations. You are who you say you are, but you can’t prove it.
Your identity has been snatched.
The Not-Too-Distant Future
I am interested in the problems – and dangers – of proving your identity through your biometrics (i.e., retinal scans, fingerprints, etc.) because of a problem that I have. Namely, my fingerprints are unreadable. The ridges are badly broken and my hands lack the oils and moisture necessary for live scan fingerprinting to work.
For well over a century, fingerprinting has been the accepted verifiable method of personal identification. Fingerprints are used for all sorts of things, such as getting a driver’s license, applying for the Transportation Security Administration (TSA) pre-check program, getting a background check, and buying a gun.
Minor Annoyances For Some
Having unreadable fingerprints has had its share of annoyances. For instance, as a volunteer for my local sheriff’s office, I had to go through a law enforcement background check, as I did for the other licenses I need to do my job. In every case, I go through the same process. Submit prints, get rejected in 30 days, submit a second set of prints, get rejected in 30 days, and then perform a “no-fingerprint” search. So it takes three months after my initial submission before the background check can proceed.
And since I travel frequently, I have a Clear card which gets me to the front of the TSA lines in several airports. Clear uses both live scan fingerprints and a retinal scan. They managed to get a few prints from me, but because they couldn’t pull enough to meet the TSA’s standards, they had to apply to the TSA for a waiver and I select the retinal scan at the airport. Lucky for me, the U.S./Canada Nexus trusted traveler system uses iris scans.
Okay, so all of the above are a pain, but I don’t need to go through background checks or apply for a Clear card every day, and the retina scan works to get me through airport security.
The reason I am much more concerned about my fingertips today than I was, say, a decade ago, is that with the introduction of Apple pay, fingerprints just moved into the mainstream. Another example is Alaska Airlines using biometrics, or “e-thumb” technology, to allow passengers to access some of its airport lounges. They plan to be the first U.S. carrier to employ biometrics for boarding passes and inflight purchases. I am so screwed if this happens. But maybe so are you – although in a different way. Let me explain.
Identity Snatchers For All
With Apple biometrics technology, your fingerprints are stored in a secure area on your iPhone or iPad and are checked locally. This is called “multi-factor authentication.” Your device is something that you have, and your fingerprints are something that you are. Clear also checks local versions of your prints and retina scan on the smart card that you insert into their reader (you have the card and you are your fingerprints/retinas). That’s good.
But other companies, such as Global Entry and Nexus, use a central database to check your biometrics against the set that you initially submitted. That’s bad.
- If someone steals your phone, you can deactivate it.
- If your password is compromised, you change it.
- If someone steals your driver’s license or passport, you get a marked replacement and a note is placed in your file so that law enforcement or customs knows to be suspicious when it is presented to them.
But what happens when someone copies your fingerprint or makes a contact lens with a copy of your iris? If someone steals your biometrics, they may be able to prove that they’re you.
You’ve probably seen or heard about Hollywood sci-fi movies where eyeballs are plucked out of skulls, fingers are cut off, or even whole hands severed to access biometric systems (sorry for the disgusting imagery). Well, with today’s technology, identity snatchers don’t have to go to these physical extremes (which, thankfully, don’t work anyway). They can simply replace the data about your biometrics with data about their biometrics in the central databases of companies who do not use multi-factor authentication. Presto-change-o, they can now prove that they are you!
Encryption, Inspection, And Good Old-Fashioned Control
One way to prevent theft of biometrics would be to not supply them in raw form to anyone, but rather use an encrypted form – what is referred to as “cancellable” biometrics. Off-board hardware processors are used to hash and encrypt the biometric at the point of collection (the capture station), perhaps embedding the time and capture station ID. The keys used for hashing, encryption, and decryption would then be changed on a regular basis and if Public Key Infrastructure (PKI) is being used, the encrypting keys can be destroyed so that a hacker cannot encrypt replacement biometrics without the change being obvious.
Scheduled scans of the database could look for clues that biometrics may have been compromised and the records would be flagged for further inspection. If an offline biometric capture station log is available, the hashed place and time in the biometric can be compared to the log and a discrepancy should be apparent.
But in my opinion, the best place to store a biometric is in something that I personally control, such as a smartcard or my smart phone. While a central database would validate that the smart card or smart phone belongs to me, it wouldn’t actually have my biometric data stored anywhere. I would be able to file a report if I believed that my information had been compromised in any way; any activity could then be cancelled or suspended until it was investigated. On the other hand, if someone compromises my biometrics in a centralized database, there is little that I can do to prove that I am me and not who my biometrics “prove” that I am.
If you like being “you” – and you’d rather not share that distinction with anyone else – the new world of biometrics is definitely worth thinking about.
This article was originally published on the Forbes Sungard AS Voice blog.