Today biometrics has become an essential element in integrating security and trust in the global digital economy, as it can reinforce solutions such as digital identity management, border control, fraud management and real-time event management.
On 6th June 2019, I took part in a discussion around the importance of the responsible and ethical use of biometrics as part of the Biometric Institute’s “Great Debate” event, hosted by Microsoft in Brussels. So, I wanted to share my views on what we consider as key trends in driving sustainable usage of biometrics.
Biometrics data is personal, sensitive and intimate. The volume of biometric data is increasing, therefore the number of attacks on this sensitive data is also growing. The good news is that there’s been an increased focus on security, including ciphering data stored, securing communication related to biometry exchange and executing biometric matching in a safe environment. There are also alternatives to manipulate less data and make it non-sensitive. Let’s explore them below:
- Reducing data usability
Biometrics involves four key steps in order to work successfully and securely: enrollment/ capture of data, storage of data either in the cloud or on a device locally, matching of the biometrics (this is when another capture of the face/ finger is compared with the initial picture) and identity verification (on the device and on the cloud).
Most of these steps are usually done in the cloud, but we advocate for more operations being performed on the device itself. This is what we call pre-treatment on the edge. This means that only a mathematical representation that is not as sensitive as the raw biometric data is transferred to the cloud. This, of course, mandates that devices and cloud still implement some security measures.
- Machine learning and frugality
Machine learning is a fantastic enabler of biometric verification because it provides great accuracy. However, in order for it to work precisely it requires massive data collection. This is because before having a well-performing machine learning model, you need to have millions of pairs. This is why we advocate for adopting new techniques of machine learning, named frugal learning, that require 7000 times less data to train the model.
- New modalities for ethical use
We are all familiar with biometrics such a fingerprint, face, voice, iris, etc. However, there are alternatives that use a smaller amount of sensitive data and are equally secure. These include:
- Digital behavioral biometrics. This includes the way you type on your keyboard or move your PC mouse. Behavioral biometrics can vary over time and context
- Ephemeral biometrics. These include the clothes and accessories you wear or the color of your hair. However, this data may be less intrusive.
- Monitoring events on people. This means looking for instances instead of people to support crowd management.
- Ensuring that algorithms used are fair and efficient
It is important that machine learning algorithms used to manage biometrics matching and verification do not embed bias. This means that they should provide the same level of performance and accuracy from an ethnic and gender point of view, no matter the people using it.
There are three complementary qualities to look for to ensure performance and accuracy of biometrics:
- Data representability: Using training data, including your target representative data, to make sure that algorithms are trained for the right context and people
- Data quality: Ensuring data is correctly balanced and labelled
- Solution audit and test: Ensuring that the data has the ability to understand the solution, rationale, processes and decisions.
Since biometrics have been increasingly used for security and authentication, we need to make sure that we use them responsibly. I hope these four tips give you an idea on the steps we can take to ensure this.
Do you have anything else to add? Let me know in the comments below or by tweeting us @Gemalto.