Public Needs Education About Biometrics

Darren Gamage welcomes biometric security and its commercial applications, but there are concerns about data integrity that must be overcome first.

How ironic: I found myself sat in a hospital ward thinking about the impending piece that I now write, contemplating how the world of biometrics has become an increasingly prominent part of our lives. To get to the bedside, I had placed my finger against the reader (having already forgotten that I had provided my fingerprint) and, that having gained entry, the facial recognition system that sat within the nursing station had further verified the fact that I was who I said I was and associated me with the patient who I’d come to see.

Biometrics — something beyond the complaints of big brother and impositions upon civil liberties that we too often hear? Nah! To me this is part of the norm, part of the “secure environment” in which we live and which protects us.

However, the world of biometrics is changing quickly as the commercial world wakes up to the power of the personal profile in driving new revenue channels or supporting existing ones. Whereas five years ago the cost of biometric systems meant that the focus and key driver was in managing access to buildings or areas within the high security and CNI arenas, today businesses like ISS (much to the RMT union’s chagrin) and MITIE are using systems to manage time, attendance, and staff verification, whilst the likes of Dell with their XPS laptops and Fast Access systems, and Apple with their iPhone 5s are very much recognizing the opportunities to be gained by integrating biometrics as key features of their offerings.

This, according to a recent edition of I-D, is creating an arms race amongst app developers who are already clambering to work with the likes of banks and online payment providers to use these platforms to enhance remote banking, and remove cash and credit cards at the point of payment. All this despite the fact that to date Apple has stated they won’t grant access to this functionality.

Nowhere has this opportunity been better realized than in the highly competitive retail and leisure environments where forward-thinking organizations are looking to harness the powers to enhance protection, reduce risk, analyze activity, and increase customer spend through improved targeting.

Facewatch

In the realms where non-employee theft is conducted by a regular group of transient individuals, the use of facial recognition systems is being combined with innovative systems such as “Facewatch”, used to identify known offenders and to support organizations in reducing their losses. A system that, with the support of the Metropolitan Police Commissioner and other senior police officers, has allowed organizations to support the crime reporting process and share data between subscribers. Taken a stage further, savvy support services businesses are looking to add value to their customers by offering a managed service enabling the benefits without impacting on the retail duties of their own staff.

Another fashion retailer is looking to take this approach a stage further and is now testing a system where members of staff are notified when key customers or “Gold Card” holders enter to ensure a proactive and personal welcome is offered for a positive in-store experience. This data can be used to build a profile with frequency of visit, duration of visit, and dwell time in the areas they peruse, all linked to their loyalty scheme to aid in the targeting of offers.

Whilst I now find myself quite comfortable with the thought that my fingerprint data is held on the hospital access control system and my mug shot is on the nursing desk to confirm my identity in my biometric passport, even I as an advent capitalist have concerns as to the risks of my data in the new commercial biometric world. How secure is this data?

Hackers

Apple has publicly stated that they are not sending any data into the cloud (yet) but this relies on trust – something that has been broken in the past. Many of the new biometric systems are reliant and integrated to cloud based storage which brings the risk of hacking, and a hacker is always one step ahead; if the NSA, one of the US governments most secure agencies, can be hit by hackers then what chance is there of data security for the retailer or banking system?

As Kate Bevan, technology writer and social media guru, stated on Inside Science on BBC Radio 4, data is connected to you and you cannot decouple it; the risk of so called “daisy chaining”, where by gaining access to one password provides access to all, is significantly more with biometrics, as once that biometric data is breached, the ability to break the connection is much more difficult.

Therefore, biometrics in the commercial environment comes with significant societal risks and I think there is a great deal of education to be done until there is wholesale acceptance of its use outside the mainstay access control environment such as that hospital where I was so accepting.

Related posts:

• Video Surveillance Key to Next Generation of Retail Intelligence
• CCTV Should Be Connected to Beat Crime
• Will Apple’s Touch ID Make Biometrics Cool?