Tag Archive for: Biometrics

Private Eyes Are Watching You: What it Means to Live (and Be Watched) in the Surveillance Economy

What it is the Surveillance Economy

How do you feel about the fact that Facebook knows your weight, your height, your blood pressure, the dates of your menstrual cycle, when you have sex and maybe even whether you got pregnant? Even when you’re not on Facebook, the company is still tracking you as you move across the internet. It knows what shape you’re in from the exercise patterns on your fitness device, when you open your Ring doorbell app and which articles you check out on YouTube — or more salacious sites. 

Welcome to the surveillance economy — where our personal data and online activity are not only tracked but sold and used to manipulate us. As Shoshana Zuboff, who coined the term surveillance capitalism, recently wrote, “Surveillance capitalism begins by unilaterally staking a claim to private human experience as free raw material for translation into behavioral data. Our lives are rendered as data flows.” In other words, in the vast world of internet commerce, we are the producers and our digital exhaust is the product. 

It didn’t have to be this way. Back when the internet was in its infancy, the government could have regulated the tech companies but instead trusted them to regulate themselves. Over two decades later, we’re just learning about the massive amounts of personal data these tech giants have amassed, but it’s too late to put the genie back in the bottle. 

The game is rigged. We can’t live and compete and communicate without the technology, yet we forfeit all our rights to privacy if we take part. It’s a false choice. In fact, it’s no choice at all. You may delete Facebook and shop at the local mall instead of Amazon, but your TV, fridge, car and even your bed may still be sharing your private data. 

As for self-regulation, companies may pay lip service to a public that is increasingly fed up with the intrusiveness, but big tech and corporate America continue to quietly mine our data. And they have no incentive to reveal how much they’re learning about us. In fact, the more they share the knowledge, the lower their profits go. 

This is one of those distasteful situations where legislation and regulation are the only effective ways to balance the power. Because as individuals, we can’t compete with the knowledge and wallet of Google, Facebook and Amazon. David versus Goliath situations like this were the genesis of government in the first place. But in 2020, can we rely on the government to protect us? 

Unlikely. At least for now. For starters, federal government agencies and local law enforcement use the same technology (including facial recognition software) for collecting data and to track our every move. And unfortunately, those who make up the government are generally among the new knowledge class whose 401Ks directly benefit by keeping quiet while the tech giants grow. Plus, there are some real benefits to ethical uses of the technology (think tracking terrorists), making regulation a difficult beast to tackle. But it’s well worth tackling anyway, just as we’ve done with nuclear submarines and airline safety.

In a recent Pew study, 62% of Americans said it was impossible to go through daily life without companies collecting data about them, and 81% said the risks of companies collecting data outweigh the benefits. The same number said they have little or no control over the data companies collect. 

At some stage, consumers will get fed up and want to take back control from the surveillance economy, and the pendulum will swing, as it already has in Europe, where citizens have a toolbox full of privacy tools to prevent internet tracking, including the right to be forgotten by businesses. Europe’s General Data Protection Rule (GDPR) is a clear reminder that consumers do retain the power, but only if they choose to. It’s not inevitable that our every move and personal data are sold to the highest bidder. We’ve happily signed on, logged in and digitized our way to this point. 

When consumers (that means you) are outraged enough, the government will be forced to step in. Unfortunately, at that point, the regulation is likely to be overly restrictive, and both sides will wish we’d come to some compromise before we wrecked the system. 

In the meantime, you have three basic choices: 

  1. Decrease your digital exhaust by eliminating or limiting the number of social media sites, devices and apps you use. (I know, I know. Not likely.)
  2. Change your privacy and security defaults on each device, app and website that collects your personal information. (More likely. But it takes a time investment and doesn’t fully solve privacy leakage.)
  3. Give in. Some people are willing to bet that a loss of privacy will never come back to haunt them. That’s exactly the level of complacency big tech companies have instilled in us using neuroscience for the past decade.  

Loss of privacy is a slippery slope, and it’s important to take the issue seriously before things get worse. Left unchecked, the private eyes watching your every move could go from tracking your exercise habits and sex life (as if that’s not creepy enough) to meddling with your ability to get health insurance or a mortgage. And suddenly it won’t seem so harmless anymore.

About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a privacy and cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker, and expert on technology, surveillance economy, cybersecurity and tech/life balance.

 

Biometrics are Like Passwords You Leave EVERYWHERE

Biometrics are like passwords, but worse.

Biometrics are like passwords that you leave everywhere (fingerprints, facial recognition, voice patterns), except that unlike passwords, you can’t change them when they’re lost or stolen. It’s easy to change your password, a bit harder to get a new retina. Like passwords, risk goes up as they are stored globally (in the cloud) versus locally (on a physical device).

In addition to the biometrics mentioned above that most of us have come to accept as commonplace, there are many other methods in use or under exploration:

  • hand geometry
  • vascular pattern recognition (analyzing vein patterns)
  • iris scans
  • DNA
  • signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.)
  • gait analysis
  • heartbeat signatures

At the 2014 Annual International Consumer Electronics Show, inventors displayed dozens of devices using biometrics, some of which will become just as commonplace as fingerprints in the near future, some of which will not catch on and be replaced by something even more amazing.  Some of the hot biometrics items this year:

  • Tablets that measure pupil ­dilation to determine whether you’re in the mood to watch a horror movie or a comedy.
  • Headbands, socks and bras that analyze brain waves, heart rates and sweat levels to help detect early signs of disease or gauge a wearer’s level of concentration.
  • Cars that recognize their owner’s voice to start engines and direct turns and stops, all hands-free.

(Do a search for “current biometric uses” if you want to be entertained for a while!)

Some less outlandish examples that are currently in place:

  • Barclays Bank in Britain utilizes a voice recognition system when customers call in.
  • Some A.T.M.s in Japan scan the vein pattern in a person’s palm before issuing money
  • World Disney World in Orlando, Fla., uses biometric identification technology to prevent ticket fraud or illegitimate resale as well as to avoid the time-consuming process of photo ID check.
  • Biometric passports contain a microchip with all the biometric information of holders as well as a digital photograph
  • Law enforcement agencies, from local police departments, to national agencies (e.g., the FBI) and international organizations (including Europol and Interpol) use biometrics for the identification of suspects. Evidence on crime scenes, such as fingerprints or closed-circuit camera footage, are compared against the organization’s database in search of a match.
  • Child care centers are increasingly requiring parents to use biometric identification when entering the facility to pick up their child.
  • And, of course, the most popular example has to be the use of fingerprint sensors on the iPhone to unlock the devices.  It will also increasingly be linked to mobile payment services.

So, the million-dollar question is: Are Biometrics a Better Way to Protect Your Personal Identification?

The answer is yes…and no.

  • Biometrics are hard to forge: it’s hard to put a false fingerprint on your finger, or make your iris look like someone else’s.

BUT…

some biometrics are easy to steal.  Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.  If a biometric identifier is stolen, it can be very difficult to restore.  It’s not as if someone can issue you a new thumbprint as easily as resetting a new password or replacing a passport. Remember, even the most complex biometric is still stored as ones and zeros in a database (and is therefore imminently hackable). 

  • A biometric identifier creates an extra level of security above and beyond a password

BUT…

if they are used across many different systems (medical records, starting your car, getting into your child’s day care center), it actually decreases your level of security.

  • Biometrics are unique to you

BUT…

they are not fool-proof.  Imagine the frustration of being barred by a fingerprint mismatch from access to your smartphone or bank account.  Anil K. Jain, a professor and expert in biometrics at Michigan State University  says (emphasis mine), “Consumers shouldn’t expect that biometric technologies will work flawlessly… There could and will be situations where a person may be rejected or confused with someone else and there may be occasions when the device doesn’t recognize people and won’t let them in.”

The scariest part of the biometrics trend is how and where the data is stored.  If it is device specific (i.e. your fingerprint data is only on your iPhone), it’s not so bad.  But if the information is stored on a central server and unauthorized parties gain access to it, that’s where the risk increases.  A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy.

I also feel compelled to mention the inherently intrusive nature of biometrics.  While it’s true that using facial-recognition software can help law enforcement agencies spot and track dangerous criminals, we must remember that the same technology can just as easily be misused to target those who protest against the government or participate in controversial groups.  Facebook already uses facial recognition software to determine whether photos that users upload to the site contain the images of their friends.  Retailers could use such systems to snoop on their customers’ shopping behavior (much like they do when we shop online already) so that they could later target specific ads and offers to those customers.

How long before we have truly entered into Tom Cruises’s Minority Report world where we are recognized everywhere we go?   “Hello Mr. Yakamoto and welcome back to the GAP…”

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Biometric Identity Theft: Stolen Fingerprints

Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.

The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons. (To see some of the materials that influenced this article, please visit George Tillmann’s excellent article in Computerworld).

Biometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.

The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen.  It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.

Ultimately, this could be more dangerous than having your ATM PIN, credit card number, or Social Security Number stolen, and it will take longer to clear up.  In a worst-case-scenario, someone inside of the biometric database company could attach their fingerprint to your record — and suddenly they are you. The reverse is also true, where they put your fingerprint in their profile so that if they are convicted of a crime, the proof of criminality is attached to your finger.

What will stop thieves from electronically sending your stolen fingerprints to your bank to confirm that you really do want to clean out your bank account through an ATM in Islamabad? Fingerprints, when stored in a database, are nothing more than long strings of numbers. What will you do when your digitized fingerprints wind up on a government No-Fly list? If you think it takes forever to board a plane now, wait until every law enforcement agency in the free world has your fingerprints on file as a suspected thief or, worse, a terrorist.

The reality is that biometrics could be a great alternative to securing one’s identity – and they are quickly becoming a part of every day identification.  But we can’t go forward into the new world of biometrics thinking that it solves all of our problems. Like the “security codes” on the back of our credit cards, like the two forms of authentication required for most banks, like wireless encryption standards – thieves eventually find work-arounds. And so too will they work around biometrics. If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history — and our thumbprint will become just another Social Security Number.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 800.258.8076.

Follow John on: Twitter, YouTube, Facebook.