What ethical concerns are factored around the increasing use of biometrics, and which sectors is it most appropriate for?
Biometrics as an authentication method has rapidly caught on not just for accessibility, ease of use and contactless attributes, but for the precise security. Biometrics are, with some notable exceptions, unique, and although false positive matches can occur in any probabilistic system at scale, a malicious actor or a false positive is highly unlikely to receive access to that person’s services, accounts, and sensitive data with their own biometrics. But as with any security measure, biometric systems can be hacked.
Biometrics represents a huge advancement from the centuries-old use of paper documentation like ID cards, passports and visas. Biometrics provide a very convenient form of identity. You may forget your password or leave your wallet at home, but you’re never without your fingertips or face.
Biometrics are also unique. Unlike your name, your fingerprints, irises and face are identifiers that belong to you and no one else. IDs or docs can be forged, and passwords can be breached. It’s much harder for a would-be identity thief to capture and use your biometric signature.
Biometrics also provide for built-in strong authentication. When multiple biometrics are provided in concert, it creates a holistic picture of a biometric identifier that has many high-fidelity unique matching modalities. The combination of these modalities makes it increasingly hard to replicate for hackers and thieves. Also, because it’s very hard for thieves to replicate biometric identifiers, it’s more likely that people gaining access to things like airline flights and secure facilities are who they say they are. Consumer security and business trust are both preserved and enhanced.
Convenience and risk
The convenience of unlocking your phone with a fingertip is undeniable. But there are many outstanding questions in the field of biometrics as identity.
One of the greatest advantages of a biometric signature is that it is unique to each person and doesn’t change over time. Ironically, unchangeability is also one of biometrics’ greatest vulnerabilities. Once biometric data has been breached, it’s compromised forever. We can’t change our physical attributes like we change a password.
Privacy and confidentiality are also issues with deep ethical implications. If privacy means having control over how and when we are represented to others, then biometrics that uniquely identifies us might easily be encroaching on our fundamental privacy. That’s especially true when you acknowledge that we, as individuals, don’t control the collection, storage, or use of these proxy bits of our identity.
After all, despite the multiple modalities, it turns out that biometrics aren’t 100% failsafe. Sensors can be spoofed, or their readings inaccurate. The capabilities of hackers and thieves evolve almost as quickly as the technology to keep them at bay. One example is the new DeepMasterPrint, by Philip Bontrager and other researchers, who demonstrated a machine-learning-based exploit that can hack many cellphone fingerprints. (Bontrager lists preventative measures against the hack here)
Most significant new technological advances offer benefits but also carry risks. Biometrics are no exception. And because of the very personal nature of biometrics, the stakes are particularly high. Biometrics is a powerful technological advancement in the identification and security space. But with that power comes a deep need for accountability and close ethical scrutiny.
To read the full article, check out our June issue here.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
