Your face. Your iris. Your voice. Your fingerprint. We are our own best password.
Our days are full of virtual doors that we have to open. The door to our social media, the door to our email, the door to our bank account. Most of these allow entrance through a password; you just type a secret combination of numbers or letters and you’re done, you’re in.
To increase security levels in authentication processes, the technology industry has decided to look to biometrics, the science that uses the physical, physiological, behavioral, or personality traits of each individual (such as their fingerprints, iris, or voice) to identify them. The information we carry in our bodies becomes our access code.
To unlock our smartphone, it asks us for our fingerprint or reads our face to verify who we are. Some voice assistants recognize the voice of the person who set them up. And on many job sites, a fingerprint reader is used to allow entry only to its staff.
There are many advantages to this technology, the main one being that it is very difficult (but not impossible) for the data to be stolen and misused. Because our data is unique to each person and is constant over time, the National Institute for Transparency, Access to Information, and Personal Data Protection (INAI) is important.
Biometrics, which deals with these characteristics, is being used to replace or at least expand password systems for computers, phones, and spaces. The international Biometrics Institute notes that in the last year the use of this technology has increased dramatically in both the private and public sectors.
The list of new implementations is extensive: facial recognition systems at United States airports and on Dubai streets. The authentication initiative in India, which includes iris and fingerprint scans. The World Food Programme verifies the distribution of aid to refugees using biometrics. Payments are authorized through facial recognition in China. At the 2020 Tokyo Olympics, facial recognition will be used to strengthen security.
And specialists say implementation possibilities are endless in a variety of industries, from finance and marketing to medicine, security, and entertainment. The market statistics firm Statista predicts that the global market value of biometric technologies will exceed $15.142 billion in 2025, nearly seven times the $2.359 billion reported in 2016. This is just the start.
Captain John Anderton is heading down a corridor. As he walks, he watches a series of advertisements: a car brand, a perfume, a beer. The advertising doesn’t appear on billboards but seems to be floating in air. With iris reading, retailers know who Anderton is, and they provide him with personalized offers. It’s 2054, and biometric marketing is a reality, at least in the film Minority Report.
Today, some biometric systems look like they’re taken from sci-fi movies. “The interesting thing now is that they’re not only humans recognizing humans but also machines,” explains Ken Bauer, professor of computer science at Tec de Monterrey, Guadalajara.
Biometrics is divided into two broad categories. The first covers physical and physiological data, including fingerprints, the face, and body odors. “What we are,” Bauer explains. The second category consists of behavioral data. The best known of these is our signature. However, it goes further; there are already systems that even recognize the way we walk and our voice.
Some data is more stable than others. Your iris and fingerprints don’t change over time. So, it’s no surprise that it’s the main data collected by governments to identify us. But stability is not synonymous with foolproof.
Experts agree that biometrics are easy to use and certainly reduce the error rate of false rejection and false acceptance. However, complaints are mounting. Some users report that it is possible to deceive the sensors of these technological devices with fingerprints printed on modeling clay or acetate.
The 2019 demonstrations in Hong Kong had a distinctive feature: Hong Kong citizens marched wearing masks. This was a strategy to hide their identity since they feared that the government would recognize them and monitor their activities thanks to facial recognition systems. In October, masks were banned.
This resulted in laser beams being pointed directly at security cameras. This blocked the lenses and prevented the people from being recognized. Pro-democracy protesters have accused Carrie Lam’s government, closely linked to the central government in Beijing, of wanting to use this kind of identification to pursue them. This, the experts point out, is one of the negative aspects of biometrics.
“There are cameras everywhere. Today it’s very complex. We’re under surveillance all the time,” says Bauer, who says the risk is that people’s privacy and data protection rights are not respected. Without our being aware of it, our information is easily being collected without the appropriate caution.
Because of this danger, legislation (in addition to general personal data protection laws) has emerged. In cities such as San Francisco and Oakland in the United States, the government has been banned from using facial recognition technology. Illinois and Texas imposed limits on the use of biometric data. And in various other countries, similar proposals are under discussion.
The seriousness of mishandling this type of data, Bauer explains, is that it cannot be modified or made stronger, unlike a password. Therefore, the protection of this data must be very rigorous. And as the landscape changes, Kaspersky suggests using biometrics as a secondary method of protection, without completely replacing the primary one. At least for now.
The implementation of biometric technology in Mexico has been driven by the private sector, particularly in the financial world, according to the report “Your Digital Self. Discovering Narratives About Identity and Biometrics in Latin America”, published in 2019 by the Argentinian Civil Rights Association.
The study compiles information collected since 2016 through the collaboration of the National Electoral Institute (INE) and the National Banking and Securities Commission (CNBV) to curb phishing using biometric data.
“From this collaboration, Mexico’s banking institutions are collecting information from their customers to compare it with the data contained in the INE lists in order to determine the identity of their customers,” the report says.
Banks in Mexico have until March 30th of this year to create biometric records of their customers. Santander bank, for example, reported on January 16th that it will begin the collection of this information. Its goal is to register 145,000 accounts per month and reach 3.7 million users by the end of 2020.
This is how biometric systems read your information:
An infrared camera scans you and provides your details. Patterns are identified at birth and contain more than 200 unique properties.
This is based on the use of the pattern of blood vessels contained in the retina. This pattern is different, even in identical twins.
This analysis is performed by measuring different aspects, such as the distance between the eyes, the length of the nose, and the angle of the jaw.
A 3D camera extracts features such as finger curvature, the width of the back of the hands, and distances between joints.
There are two techniques for reading fingerprints. The first is by extracting minutiae, and the second is through correlation. The latter analyzes the overall pattern in the fingerprint.
Intelligence systems use algorithms to measure and estimate the similarity between samples to return a result or a list of possible people.
The way each person walks is recorded, and the result undergoes an analytical process that generates a unique biometric template.