BIOMETRIC AUTHENTICATION With Apple’s Face ID, Infrared lighting is used to retrieve a good image of a person’s face to unlock a smartphone or tablet. While biometric authentication is increasingly being used, it has been included in the General Data Protection Regulation (GDPR). From Herschel to the mainframe The use of biometrics has grown enormously over the past years. You can unlock your smartphone by simply using your fi ngerprint and you are able to go through customs at the airport by scanning your eye. It may seem very common, but it is still highly advanced technology. However, William Herschel used biometric information in 1858 already to identify employees by their handprint and North American Aviation introduced a signature recognition system back in 1965. These are great examples of biometric authentication, but it was only in the early 80’s that the relation with technology was acknowledged. In that time this concerned the security of big, expensive mainframe computers. It was really something special for expensive devices which were vulnerable for attacks. In the meantime, we have experienced how useful biometric authentication can be. No need to remember codes or change your password repeatedly: you always carry your biometric information with you and within the blink of an eye it will provide you access. It is not something people just started to use on a small-scale before it became this popular. Governments use biometric information for passports and the CIA even used a facial recognition technology to be 95% sure it was really Osama Bin Laden that had been killed. We seem to really trust the use and results of biometric authentication. Hack, hash, encrypt? Biometric authentication is not an issue-free solution. If something happens to your eye, you will not simply ‘get’ a new one. Or if you cut your fi nger, your phone might not fi nd your input trustworthy. And, as often shown in espionage movies: fi ngerprints are everywhere. Your biometric information will probably not get stolen off your wine glass, but they might be hacked via your iPhone. In China it is even easier to steal someone’s identity: Chinese people can unlock each other’s iPhones by means of Face ID, which apparently is not able to make a good distinction in Chinese facial features. Can we do something about this? Thankfully we can, but like securing your home from burglars: no matter how many obstacles you create, if he wants to get in, he will succeed eventually. An option is to hash biometric characteristics, which means you use one-way encryption. Encryption creates a code behind every biometric characteristic. For example, a fi ngerprint is adapted by technology and can be printed just like a barcode. This makes it harder to copy the fi ngerprint. Sounds useful, but it has its cons. Hashing makes it more diffi cult for the owner of the fi ngerprint to be recognised swiftly, as hashing means you must put your fi nger on a scanner even more precisely. A tiny millimetre could confuse the system, especially because the original fingerprint has been adjusted. It is not ideal, but at this moment hashing is one of the best methods of securing and encrypting biometric information. And as the GDPR suggests: if you do not want your (biometric) information to be stored, you always have the right to have them removed. Article 9.1 of the GDPR Processing personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, processing genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning a person’s sexual behaviour or sexual orientation is prohibited.
12 Online Touch Home