Biometric Data and Privacy: Here’s What You Need to Know

Biometrics are becoming more common in today’s society. To put it in simple terms, biometrics are any metrics that can be used to identify a human being. The most common biometric recognition system is Apple’s Face ID and fingerprint recognition to unlock the iPhone. As technology is constantly evolving, biometric systems can be used to replace passwords and aid in catching criminals. 

Table of Contents:

1. What are Biometrics?
2. How do Biometrics Work?
3. Biometric Data and Privacy Concerns
4. How To Protect Biometric Data
5. Final Thoughts: Biometric Data and Privacy

What are Biometrics?

Biometrics are physical characteristics that can be used to verify a person’s identity via automated recognition devices. These characteristics can be physiological traits (i.e. fingerprints, eyes) or behavioral characteristics (i.e. solving a security-authentication puzzle). For biometrics to be useful, they have to be unique. 

Think about it. Every time you ask Siri to send a text message for you, make a call for you, or even unlock your iPhone, you are using biometrics. There are a variety of biometric data types and these are just a few of them:

Facial Recognition: looks at the unique patterns of a person’s face; this is used in law enforcement and government agencies as a way for authentication and authorization

Iris Recognition: Identifies the unique patterns of a human’s iris - the area surrounding your pupils

Fingerprint Scanner: The scanner captures the unique patterns of your finger; when you unlock your phone with your fingerprint, your device will compare the fingerprint to the one set on your device to see if it matches

Voice Recognition: It will measure the sound waves in your voice as you speak into a device 

Hand Geometry: Measures and records every detail of a person’s hand (thickness, width, and surface area)

Behavior Characteristics: Examines how a person interacts with a computer system

How do Biometrics Work?

Your biometric information (i.e. fingerprint) is recorded and stored in a database so that it can be accessed later for comparison when there is “live” data. 

A biometric system is made up of three different components:

1. Sensor: Records your information and also reads the recorded biometric information when it needs to be recognized 
2. Computer: There must be a computer that contains the recorded biometric data for comparison 
3. Software: The device that connects the computer hardware to the sensor

Biometric Data and Privacy Concerns

Although biometric authentication and identification is a secure way to login into your devices and other services, there are some privacy concerns with biometrics. Here are some of the major issues with biometrics: 

• The biometric data storage can be hacked into allowing cybercriminals to access the biometric data
• Since biometrics are unique, organizations may not consider implementing additional security measures 
• Biometric data is extremely vulnerable - once your biometric data has been compromised, you may no longer have control of it
• A criminal may be able to duplicate some parts of your physical identity like obtaining your fingerprints from a cup

The most important thing to remember is that any digital data can be hacked by cybercriminals. This may seem unbelievable, but biometrics can even be faked to look real. In 2013, a German hacking group successfully bypassed Apple’s TouchID. A “fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID” (CCC).

I want to reiterate the bullet point about biometric data being extremely vulnerable, because it is. If you are hacked there is no going back.

Biometric data is not like a password where if it gets stolen you can reset your password to something new. If a hacker has a picture of your iris or your fingerprint, they could use your biometrics to access a system or smartphone. 

Biometric authentication and identification systems are not perfect and they will never be. There is room for false positives meaning for example one may be wrongly identified as a criminal. Now, from a business point of view, if a biometric data storage is hacked, those people who are affected will be at risk of getting hacked for the rest of their lives which means they cannot rely on their biometrics as hackers have access to it. 

You Could Be Tracked With Facial Recognition 

Facial recognition can be dangerous and an invasion of privacy because hackers can track you. All that is needed is for the facial recognition software to be installed in any surveillance camera. As an example, The New York Times conducted an experiment (which was legal) where they turned a few surveillance cameras in Bryant Park into facial recognition tracking devices. From there they were able to identify people walking through the park. Hence, no privacy. 

How to Protect Your Biometric Data

Here are a few recommendations of what can be done to prevent your biometric data from being stolen:

• Implement a strong password - make sure you create a strong password making it more difficult for hackers to guess or brute force the password to the biometric data storage (this would mostly be beneficial for organizations)
• Opt out of using biometric data if you are worried about the security of it - this means not using FaceID or fingerprint authentication on your iPhone to unlock your device
• Update your software - Make sure that your device is using the latest software version to prevent hackers from finding and exploiting vulnerabilities including zero day vulnerabilities
• Use multiple layers of security - Do not rely solely on biometrics for authentication and/or authorization, make sure to pair it with a password or smart card, for example (two-factor authentication)
• Increase awareness and education on how biometric data is stored and processed

Final Thoughts: Biometric Data and Privacy

The question of whether biometric systems will ever be full-proof is still unknown and cannot be answered. Biometrics are growing in popularity, therefore, it is crucial to understand what biometrics are, how they are stored, and how they are processed. As the security risk continues to rise for biometrics, it is important to understand what can be done to prevent your biometric data from being stolen and how your state or country handles biometrics. The laws that exist may vary from state to state and country to country so you must do your research.