Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Seriously: biometrics replacing passwords?!

I know it's the season to be jolly but, oh lord, I am so sick of the endless re-publishing of IBM's breathless prediction that biometrics will replace passwords in five years time. As reported by the Daily Mail http://www.dailymail.co.uk/sciencetech/article-2077019/IBM-predicts-making-mind-controlled-PCs-years.html, what they said is: "The complex, hard-to-remember strings of numbers and letters will be replaced by biometric readers that 'work out' who you are by reading unique things such as the shape of your face". Nonsense!

Firstly, no biometric ever 'works out' who you are; they have to be first told who you are. I won't apologise for being pedantic about this, for the loose language that besets most biometric reporting leaves readers quite clueless about the real issues.

The cost of registering for biometrics far exceeds the cost of registering passwords. And the unit cost of decent readers (ones with liveness detection that arent so easily spoofed) is hundreds of dollars. Where's the ROI to replace all passwords?

Speaking of loose language, again we have the casual claim that biometrics detectors read "unique things" about their subjects. It's just not the case. If any biometric security system really did use a unique trait, we would expect a False Accept Rate of precisely zero, and not the pretty shoddy one or two percent that is common in practice. The only biometric traits I know of with good theoretical bases for being near-unique are the iris and DNA. Iris is one of the best biometrics, but it's expensive (to get the impressive specificity performance, you need special purpose cameracs and controlled lighting conditions, unachievable with webcams or smart phone cameras). As for DNA, well despite the odd hype, there just isn't any sign of a commercial DNA access control system. Sure, there's forensic DNA analysis, but it requires tissue samples and takes hours of time on masses of equipment, and even then it actually does not deliver "unique" results! DNA testing only examines a few dozen selected genetic markers and has a False Match Rate of around 1 in a billion. Ok, that sounds great but before getting too excited, note that the inventor of DNA testing, Dr Alec Jeffreys, has pointed out that [due to the Birthday Paradox] the chance of random false matches amongst pairs in population-wide DNA databases could climb to be very high.

No responsible analysis of widespread use of biometrics (at a scale that would allow us to 'replace passwords') should skip over the serious inherent flaws in all biometrics. These include the impossibility of cancelling and re-issuing compromised biometrics, the absence of any standardised testing methods and performance specifications, and the fact that (as stressed by no less an authority than the FBI) biometric testing in the lab is a poor predictor of how they perform in the field.

And finally, let's be careful what we ask for, in case we get it. The high cost of biometric registration is such that as soon as anyone embarks on widespread deployment, it's inevitable that service providers will seek to "federate", so that a biometric identity established in one setting can be re-used others. But until we properly solve the problems outlined above, biometric federation, with shared template databases up in the "cloud" somewhere, would quite simply be a nightmare in waiting.

Posted in Biometrics

Science is more than the books it produces

These days it’s common to hear the modest disclaimer that there are some questions science can’t answer. I most recently came across such a show of humility by Dr John Kirk speaking on ABC Radio National’s Ockham’s Razor [1]. Kirk says that “science cannot adjudicate between theism and atheism” and insists that science cannot bridge the divide between physics and metaphysics. Yet surely the long history of science shows that divide is not hard and fast.

Science is not merely about the particular answers; it’s about the steady campaign on all that is knowable.

Science demystifies. Way before having all the detailed answers, each fresh scientific wave works to banish the mysterious, that which previously lay beyond human comprehension.

Textbook examples are legion where new sciences have rendered previously fearsome phenomena as firstly explicable and then often manageable: astronomy, physiology, meteorology, sedimentology, seismology, microbiology, psychology and neurology, to name a few.

It's sometimes said that in science, the questions matter more than the answers. Good scientists ask good questions, but great ones show where there is no question anymore.

Once something profound is no longer beyond understanding, that awareness permeates society. Each wave of scientific advance is usually signaled by new technologies, but more vital to the human condition is that science gives us confidence. In an enlightened society, those with no scientific training at all still appreciate that science gets how the world works. Over time this tacit rational confidence has energised modernity, supplanting astrologers, shamans, witch doctors, and even the churches. Laypeople may not know how televisions work, nor nuclear medicine, semiconductors, anaesthetics, antibiotics or fibre optics, but they sure know it’s not by magic.

The arc of science parts mystery’s curtain. Contrary to John Kirk's partitions, science frequently renders the metaphysical as natural and empirically knowable. My favorite example: To the pre-Copernican mind, the Sun was perfect and ethereal, but when Galileo trained his new telescope upon it, he saw spots. These imperfections were shocking enough, but the real paradigm shift came when Galileo observed the sunspots to move across the face, disappear and then return hours later on the other limb. Thus the Sun was shown―in what must have truly been a heart-stopping epiphany―to be a sphere turning on its axis: geometric, humble, altogether of this world, and very reasonably the centre of a solar system as Copernicus had reasoned a few decades earlier. This was science exercising its most profound power, titrating the metaphysical.

An even more dramatic turn was Darwin's discovery that all the world’s living complexity was explicable without god. He thus dispelled teleology (the search for ultimate reason). He not only neutralised the Argument from Design for the existence of god, but also the very need for god. The deepest lesson of Darwinism is that there is simply no need to ask "What am I doing here?" because the wondrous complexity of all of biology, including humanity's own existence are seen to have arisen through natural selection, without a designer, and moreover, without a reason. Darwin himself felt keenly the gravity of this outcome and what it would mean to his deeply religious wife, and for that reason he kept his work secret for so long. It seems philosophers appreciate the deep lessons of Darwinism more than our modest scientists: Karl Marx saw that evolution “deals the death-blow to teleology” and Frederich Nietzsche claimed “God is dead ... we have killed him”.

So why shouldn’t we expect science to continue? Why should we doubt ― or perhaps fear ― its power to remove all mystery? Of course many remaining riddles are very hard indeed, and I know there’s no guarantee science will be able to solve them. But I don't see the logic of rejecting the possibility that it will. Some physicists feel they’re homing in why the physical constants should have their special values. And many cognitive scientists and philosophers of the mind suspect a theory of consciousness is within reach. I’m not saying anyone yet really gets consciousness yet, but surely most would agree that it just doesn’t feel a total enigma anymore.

Science is more than the books it produces. It’s the power to keep writing new ones.

References

[1]. “Why is science such a worry?” Ockham's Razor 18 December 2011 http://www.abc.net.au/radionational/programs/ockhamsrazor/ockham27s-razor-18-december-2011/3725968

Posted in Science, Culture

Trade PII not privacy

There is an orthodoxy that privacy is willingly 'exchanged' by people in return for some sort of reward. Try Googling "trade privacy for" (with the quote marks). I got 181,000 hits! Among other things, people are said to trade their "privacy" for convenience, security, safety, cheaper loans and free phones.

Yet there's a category error here, one we really need to be aware of, in the interests of clear thinking and good policy.

Increasingly what consumers are doing is trading their Personal Information for a gain of some sort. And that's fine; there is a popular view that most people these days know what they're doing when they sign up for loyalty programs or provide their details when they enter a competition. That view may or may not be right, but it is a sensible position. The important thing is people can and should retain their privacy in the process -- because privacy and Personal Information (or PII) are not the same. Data privacy is a state where parties that hold information about you respect that information, and are restrained in what they do with it. Privacy requires that they undertake to not know more about you than is necessary, and to not re-use PII arbitrarily.

There is no inherent problem in bargaining your PII with others who happen to value it, but to preserve privacy in these transactions, we need greater visibility from retailers et al of what they intend to do with the PII they collect, and more sophisticated tools so consumers can fully comprehend what's going on. And we need greater precision in the way we talk about privacy. Let's be clear: there can and should be a fair trade in Personal Information, but not in privacy.

By analogy, remember that we trade money for goods without necessarily losing value -- unless the trade in question is unfair.

Which brings me naturally to the systemic breach of privacy committed by Facebook and the like in the way they harvest vast amounts of PII, without committing themselves to any Use Limitation at all, and without even telling their users what they're up to. For example, Facebook's privacy policy is silent on what they do with facial recognition in the background and with biometric templates; Apple's policy says nothing about how they use all the text messages and dictations harvested via Siri. These infomopolies make inordinate amounts of money on the back of PII collected without acknowledging its true value. That's the unfair bargain at the heart of most social media.

Posted in Social Networking, Privacy, Language

Strippers are better off than Facebook users

Journalist Farhad Manjoo at Slate recently lampooned the privacy interests of Facebook users, quipping sarcastically that "the very idea of making Facebook a more private place borders on the oxymoronic, a bit like expecting modesty at a strip club". Funny.

A stripper might seem the archetype of promiscuity but she has a great deal of control over what's going on. There are strict limits to what she does and moreover, what others including the club are allowed to do to her. Strip club customers are banned from taking photos and exploiting the actors' exuberance, and only the most unscrupulous club would itself take advantage of the show for secondary purposes.

Facebook offers no such protection to their own members.

While people do need to be prudent on the Internet, the real privacy problem with Facebook is not the promiscuity of some of its members, but the blatant and boundless way that it pirates personal information. Regardless of the privacy settings, Facebook reserves all rights to do anything it likes with PI, behind the backs of even its most reserved users. That is the fundamental and persistent privacy breach. It's obscene.

Update 5 Dec 2011

Farhad Manjoo took me to task on Twitter and the Slate site [though his comments at Slate have since disappeared] saying I misunderstood the strip club analogy. He said what he really meant was propriety, not modesty: visitors to strip clubs shouldn't expect propriety and Facebook users shouldn't expect privacy. But I don't see how refining the metaphor makes his point any clearer or, to be frank, any less odious. I haven't been to a lot of strip clubs, but I think that their patrons know pretty much what to expect. Facebook on the other hand is deceptive (and has been officially determined to be so by the FTC). Strip clubs are overt; Facebook is tricky.

Manjoo blames the victims, saying that if people want privacy they shouldn't use Facebook at all. The headline on his article says users are as much to blame for Facebook's privacy woes as Mark Zuckerberg. This is just tacit acceptance of a Wild West, everyone-for-themselves morality that runs through so much of the Internet. We should debate the difference between what is and and what ought to be happening on the Internet, rather than accepting rampant piracy of PI and leaving hapless users to their own devices. The sorts of privacy intrusions that Facebook foists on its users are not intrinsic. Facebook doesn't have to construct biometric templates without the subjects' permission as soon as someone else tags them in photos, neither does it have to continuously run those biometric templates over third party photo data (probably uploaded for other reasons). Facebook could if it desired delete the biometric templates when users ask for tags to be removed, or at the very least alert users to what's going on in the backiground with photo tags. If photo tagging was just for the fun of the users, rather than commercial exploitation, Facebook would promise in its Privacy Policy not to put biometric templates to secondary purposes. But no, Facebook doesn't even mention these things in its Policy.

Some of us -- including both Manjoo and me -- have realised that everything Facebook does is calculated to extract commercial value from the Personal Information it collects and creates. But I don't belittle Facebook's users for falling for the trickery.

Posted in Social Networking, Social Media, Privacy, Internet, Culture