Privacy SOS

Biometrics identification, spoofing and the security paradox

Please note that by playing this clip YouTube and Google will place a long term cookie on your computer.

According to industry watchers, the Department of Defense is investing money into smartphone biometric research that will initially be classified, but will ultimately "inform the services that will at some point become available for smartphone manufacturers and other industry players."

L'Atelier, a French consulting firm interested in "disruptive innovation," writes:

Defense interest may greatly accelerate the development of mobile devices with identity verification functionality. Optics technology company AOptix will be working to develop its Smart Mobile Identity devices that will be used by the Department of Defense. AOptix has developed optics to recognize various biometrics such as iris, fingerprint, face and voice recognition and integrate them into smartphones. The Campbell, CA-based company will be working with national security information solutions and services firm CACI International as a subcontractor. The Smart Mobile Identity biometrics platform will be “tailored to specific DoD requirements,” according to the AOptix statement, for commercial-for-classified, in-field use.

Identity verification is not the same thing as biometric surveillance, but they are linked. After all, in order for your smartphone to positively identify you by the sound of your voice or your fingerprint, it must possess records of those biometric indicators in a database. Therefore every biometric identification verification system is also a biometric surveillance database just waiting for a government subpoena.

And fingerprints, iris scans, face and voice recognition are only the beginning: Chinese researchers claim to be making progress in isolating the sound of human heart beats, another measurable biometric. The researchers say that the sound of one's heart beating, which is apparently unique to each person, cannot be "faked." But who's to say it can't be recorded and reproduced?

The security paradox

Like so many other technologies of control, the people who will be most affected by the coming biometrics revolution are those of us who do not go to extreme lengths to fake our voices, palm prints, iris scans or even heart beats. As the fictional character Jason Bourne shows in the video above, if someone sets their mind to outsmarting a biometrics system, it can probably be done. Tom Cruise's character in Minority Report has his eyes removed and replaced with someone else's to evade getting caught by ubiquitous iris scanners. Both of these scenarios are totally plausible. But who besides the hunted is going to do that sort of thing? 

Oddly enough, military checkpoints provide a simple example of how this kind of control mechanism ends up having a greater impact on ordinary people, instead of the state's supposed targets.

Established military checkpoints don't often catch people with weapons, because fighters who don't want to get caught purposefully avoid them. Checkpoints therefore mostly have the effect of interfering with the daily lives of civilians who don't want to risk breaking the rules to travel around them, but are therefore subject to long lines, humiliating searches, and wasted hours.

The same can be said for technologies like biometrics. Most of us won't go out of our way to evade these systems of monitoring and control, meaning that ordinary people will be the most likely to get ensnared in the net. Mastermind criminals and terrorists, on the other hand, the very people against whom these technologies are supposedly meant to be used, will try as hard as they can to evade detection. 

After the US killed Osama bin Laden, agencies reported finding evidence of an elaborate system of couriers he had developed to evade US electronic surveillance. The leader of al Qaeda therefore wasn't subject to NSA surveillance, but what about the rest of us? I sure don't communicate through carrier pigeon. How about you?

© 2021 ACLU of Massachusetts.