Placeholder Content Image

Europe is creating one of Earth’s largest biometric databases

<p><span style="font-weight: 400;">The European Parliament voted in favour of a system that would streamline its systems for managing a variety of programs, including travel and border security via a singular database.</span></p> <p><span style="font-weight: 400;">The system, called the Common Identity Repository (CIR), would streamline a number of functions, including the ability for officials to search a single database instead of multiple databases, with shared biometric data like fingerprints and images of faces. </span></p> <p><span style="font-weight: 400;">The system would also have a repository of personally identifying information, such as date of birth, passport numbers and more.</span></p> <p><span style="font-weight: 400;">According to </span><a href="https://www.zdnet.com/article/eu-votes-to-create-gigantic-biometrics-database/"><span style="font-weight: 400;">ZDNet</span></a><span style="font-weight: 400;">, CIR is one of the largest tracking databases on the planet and will amass the records of more than 250 million people into a single database. It will contain identifying information on both citizens and non-citizens of the EU.</span></p> <p><a href="https://www.politico.eu/article/eu-pushes-to-link-tracking-databases/"><span style="font-weight: 400;">Politico Europe</span></a><span style="font-weight: 400;"> has said that the new system “will grant officials access to a person’s verified identity with a single fingerprint scan.”</span></p> <p><span style="font-weight: 400;">The </span><a href="http://www.europarl.europa.eu/news/en/press-room/20190204IPR24914/meps-and-eu-ministers-agree-on-closing-information-gaps-to-enhance-security"><span style="font-weight: 400;">European Parliament</span></a><span style="font-weight: 400;"> has released a statement on the new system, saying that it “will make EU information systems used in security, border and migration management interoperable enabling data exchange between the systems.”</span></p> <p><span style="font-weight: 400;">“Without changing access rights or endangering the data protection rules that govern them, interoperability will ensure faster, more systematic and more complete access to EU information systems for professionals on the ground: police officers, border guards, migration officers and consulate staff members, in order for them to do their job better,” Rapporteur Jeroen Lenaers (EPP, NL) said in a statement at the time. </span></p> <p><span style="font-weight: 400;">“Better decisions can be made on the basis of better information.”</span></p> <p><span style="font-weight: 400;">However, the new system has raised large privacy concerns. A European Commission official told Politico Europe that they didn’t “think anyone understands what they’re voting for”.</span></p>

Technology

Placeholder Content Image

Fingerprint and face scanners aren't as secure as we think they are

<p>Despite what every spy movie in the past 30 years would have you think, fingerprint and face scanners used to unlock your smartphone or other devices aren’t nearly as secure as they’re made out to be.</p> <p>While it’s not great if your password is made public in a data breach, at least you can easily change it. If the scan of your fingerprint or face – known as “biometric template data” – is revealed in the same way, you could be in real trouble. After all, you can’t get a new fingerprint or face.</p> <p>Your biometric template data are<span> </span><a href="https://www.gemalto.com/govt/inspired/biometrics">permanently and uniquely linked to you</a>. The exposure of that data to hackers could<span> </span><a href="https://dl.acm.org/citation.cfm?id=1387883">seriously compromise user privacy and the security of a biometric system</a>.</p> <p>Current techniques provide effective security from breaches, but advances in artificial intelligence (AI) are rendering these protections obsolete.</p> <p><strong>How biometric data could be breached</strong></p> <p>If a hacker wanted to access a system that was protected by a fingerprint or face scanner, there are a number of ways they could do it:</p> <ol> <li> <p>your fingerprint or face scan (template data) stored in the database could be replaced by a hacker to gain unauthorised access to a system</p> </li> <li> <p>a physical copy or spoof of your fingerprint or face could be created from the stored template data (with<span> </span><a href="http://vkansee.com/this-guy-unlocked-my-iphone-with-play-doh/">play doh</a>, for example) to gain unauthorised access to a system</p> </li> <li> <p>stolen template data could be reused to gain unauthorised access to a system</p> </li> <li> <p>stolen template data could be used by a hacker to unlawfully track an individual from one system to another.</p> </li> </ol> <p><strong>Biometric data needs urgent protection</strong></p> <p>Nowadays, biometric systems are increasingly used in our civil, commercial and national defence applications.</p> <p>Consumer devices equipped with biometric systems are found in everyday electronic devices like<span> </span><a href="http://www.m2sys.com/blog/biometric-resources/biometrics-on-smartphones/">smartphones</a>. MasterCard and Visa both offer<span> </span><a href="https://techcrunch.com/2017/04/20/mastercard-trials-biometric-bankcard-with-embedded-fingerprint-reader/">credit cards with embedded fingerprint scanners</a>. And wearable<span> </span><a href="https://singularityhub.com/2018/01/30/smart-homes-wont-just-automate-your-life-theyll-track-your-health-too/#sm.00001gaw7sovv9frwrel7ol9kfq1j">fitness devices</a><span> </span>are increasingly using biometrics to unlock smart cars and smart homes.</p> <p>So how can we protect raw template data? A range of encryption techniques have been proposed. These fall into<span> </span><a href="https://www.mdpi.com/2073-8994/11/2/141">two categories</a>: cancellable biometrics and biometric cryptosystems.</p> <p>In cancellable biometrics, complex mathematical functions are used to transform the original template data when your fingerprint or face is being scanned. This transformation is non-reversible, meaning there’s no risk of the transformed template data being turned back into your original fingerprint or face scan.</p> <p>In a case where the database holding the transformed template data is breached, the stored records can be deleted. Additionally, when you scan your fingerprint or face again, the scan will result in a new unique template even if you use the same finger or face.</p> <p>In biometric cryptosystems, the original template data are combined with a cryptographic key<span> </span><a href="https://dl.acm.org/citation.cfm?id=2905118">to generate a “black box”</a>. The cryptographic key is the “secret” and query data are the “key” to unlock the “black box” so that the secret can be retrieved. The cryptographic key is released upon successful authentication.</p> <p><strong>AI is making security harder</strong></p> <p>In recent years, new biometric systems that incorporate<span> </span><a href="https://www.sas.com/en_au/insights/analytics/what-is-artificial-intelligence.html">AI</a><span> </span>have really come to the forefront of consumer electronics. Think: smart cameras with built-in AI capability to recognise and track specific faces.</p> <p>But AI is a double-edged sword. While new developments, such as<span> </span><a href="https://www.nature.com/articles/nature14539">deep artificial neural networks</a>, have enhanced the performance of biometric systems, potential threats could arise from the integration of AI.</p> <p>For example, researchers at New York University created a tool called<span> </span><a href="https://www.wired.com/story/deepmasterprints-fake-fingerprints-machine-learning/">DeepMasterPrints</a>. It uses deep learning techniques to generate fake fingerprints that can unlock a large number of mobile devices. It’s similar to the way that a master key can unlock every door.</p> <p>Researchers have also demonstrated how deep artificial neural networks can be trained so that the original biometric inputs (such as the image of a person’s face)<span> </span><a href="https://arxiv.org/abs/1703.00832">can be obtained from the stored template data</a>.</p> <p><strong>New data protection techniques are needed</strong></p> <p>Thwarting these types of threats is one of the most pressing issues facing designers of secure AI-based biometric recognition systems.</p> <p>Existing encryption techniques designed for non AI-based biometric systems are incompatible with AI-based biometric systems. So new protection techniques are needed.</p> <p>Academic researchers and biometric scanner manufacturers should work together to secure users’ sensitive biometric template data, thus minimising the risk to users’ privacy and identity.</p> <p>In academic research, special focus should be put on two most important aspects: recognition accuracy and security. As this research falls within<span> </span><a href="https://www.industry.gov.au/data-and-publications/science-and-research-priorities">Australia’s science and research priority of cybersecurity</a>, both government and private sectors should provide more resources to the development of this emerging technology.</p> <p><em>Written by Wencheng Yang and Song Wang. Republished with permission of <a href="https://theconversation.com/fingerprint-and-face-scanners-arent-as-secure-as-we-think-they-are-112414">The Conversation</a>.</em></p>

Technology

Placeholder Content Image

PINs will soon become obsolete

<p>We’re unlocking our mobile phones with our thumbprints and getting through border control with eye scans, and it seems our credit cards might be the next big thing swapping traditional security methods for biometric technology.</p> <p>Credit card giant Visa has announced it is currently working on the introduction of thumbprint, voice, retina and even heartbeat data as the newest way to authorise transactions.</p> <p>“Australians are not only tech-hungry but they’re very savvy in terms of how to use that technology,” Rob Walls, head of product at Visa Australia, told <a href="http://www.news.com.au/finance/business/banking/visa-paves-way-for-biometric-payments/news-story/852e3a603334f2735d90f421da78cd34" target="_blank"><strong><span style="text-decoration: underline;">news.com.au</span></strong></a>.</p> <p>“We see the penetration of smartphones, internet banking and paywave — Australia leads the way in paywave adoption. You’re starting to see new devices and payments experiences coming into the market. Australians are increasingly using Siri as part of their engagement, ordering a pizza for example.”</p> <p>The proposed changes come after a YouGov poll commissioned by Visa found that 56 per cent of respondents would be happy to use biometric data to make a payment. 45 per cent said the technology appealed to them as being more secure, and 40 per cent liked the idea of no longer having to remember a PIN or password.</p> <p>“Industry research suggests eight out of 10 people are using the same PIN across the majority of their payment cards,” Walls revealed. “In 2020, the average consumer will have more than 200 passwords they have to remember.”</p> <p>Unfortunately, Walls believes this will only heighten the risk of card details being stolen. “To remove that risk, we can push that authentication to something that’s more natural and unique to the consumer, such as a retina scan, a thumbprint or heartbeat. There will be no more fumbling for your wallet, pushing in a 16-digit card number.”</p> <p>Are you for or against the new idea? Share your thoughts with us in the comments below.</p>

Retirement Income