Biometrics
is the science of measurement applied to biological entities such as fruit
flies, dogs, or human beings. Ever
since the discovery that fingerprints are a nearly unique lifelong way of
identifying people, we have employed biometrics in some form, but usually only
in special situations such as criminal investigations or other law-enforcement
matters. But recent advances in
the quality and reliability of digital biometric sensors that work entirely
without human intervention have made it possible to log on to your computer,
not with a password, but with your right thumb, as I saw a colleague do in my office
the other day. He has a new laptop
and at the lower left corner of the screen is a little red panel that he swiped
his thumb over to turn it on.
Although I didn’t try it, I suspect my thumb would not have done the
trick.
The San Jose Mercury News carried a roundup article the
other day describing some new and upcoming biometric techniques. Turns out fingerprints are only one of
many characteristics that inventive labs and firms are working on. Face recognition software is getting
good enough to pick out a particular face in a high-resolution photo of a
crowd. And somebody in a
government lab is working on the notion, familiar to owners of bloodhounds,
that body odor is unique enough to identify you.
I will be the first to admit that being pestered for a new,
unique, high-quality password that is also different from all the other new,
unique, high-quality passwords you’ve had to come up with in the last six weeks
to do everything from buying things online to logging into your organization’s
pay system, is quite annoying. So
why am I not jumping for joy over the prospect of simply swiping my thumb or
even just grinning into the camera to get my computer to do what I want? Several reasons come to mind.
The first one is pointed out by a researcher quoted in the
Mercury News article. There is a
basic assumption of anonymity that people have when they go into a public
place. Yes, sometimes you put on a
nametag at a party or in a social setting where you want people to know who you
are, but if you’re like me, you feel sort of foolish if you leave the event and
look down a couple of hours later and you’re still wearing your nametag at the
airport. There are places where I
don’t necessarily want all and sundry to know who I am, not because I’m doing
something nefarious, but just because the information could be abused. It’s a little far-fetched now, but this
is the kind of problem that biometrics could lead to if it gets into the wrong
hands. And believe me, if it
becomes widely used by consumer-electronics manufacturers, it will get into the
wrong hands.
A second problem concerns what I’d call the interoperability
problem. The big pain about
passwords is that every little seller of internet toothpicks and offerer of
free software wants you to come up with a password for their particular
system. Some people use the same
password for everything, and I . . . well, I don’t quite go that far, but let’s
just say there are commonalities among the different passwords I use. If we go whole hog for replacing
passwords with biometrics, what kind of biometric identifier will we use? If there’s some industry-standard
device, that means basically everyone will be using the same password for
everything (read “fingerprint” or whatever the feature du jour is for
“password”), and that means one giant database sitting somewhere with
everybody’s password on it might not be that hard to compile. The dangers that could arise from such
a concentration of sensitive information are obvious. And if we use a diverse number of systems, well, that means
a diverse number of plugins or thingamajigs or whatever, will be needed to log
in to many sites, and that could be even worse than having to remember all
those passwords.
Last but not least, I will remind you that no technology is
perfect, and this includes biometric devices as well. Say you are using face-recognition technology and one day
you decide to shave your moustache.
Ooops!—facial hair isn’t all you lost. You’ll have to retrain X number of security programs to
recognize your new, less hirsute visage.
At least when you forget a password, there’s usually some alternate
approach that works reasonably well—a security question or two, an email to
your known email address, or some such thing that consumes time but otherwise
works pretty well. Biometric
security will have to have some kind of backup like that, but who knows what
form it would take? We might end up looking at passwords rather like I looked
at the little hole in the front bumper of my 1958 Morris Minor (well, technically
it was my father’s car, but he let me drive it when I was in high school). It had an electric starter, but in a
pinch such as a moribund battery, you could take the tire jack, stick it
through the front bumper, and crank the little pint-size motor to start it by
hand. (I never got up the nerve to
try that, but it’s one of my many lost opportunities of my youth.)
Part of what we are seeing is a generational shift in
attitudes toward privacy. Things
that annoy me, such as the creepy way items I search for online at one site
start magically showing up a few days later in ads at a wholly unrelated site,
are things that just seem part of the background of life to younger people who
haven’t experienced anything different.
After all, before there were cities, most people lived in little village
clans where everybody knew who you were and what you were up to, and we
survived that. But there is a
disproportion of power and ability between one individual whose identity is
increasingly ascertainable, and the giant international corporations who can
ascertain it and act on that knowledge.
Let’s hope we don’t get so used to the degradation of privacy that by
the time we start missing it, there’s nothing left.
Sources: The San Jose Mercury News (www.mercurynews.com) carried the article
“Does Rise of Biometrics Mean a Future Without Anonymity?” on Sept. 16,
2012. I would give the article’s
URL if I could get it to work, but I can’t. You can find the article by the paper’s online search
function.