Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Seriously: biometrics replacing passwords?!

I know it's the season to be jolly but, oh lord, I am so sick of the endless re-publishing of IBM's breathless prediction that biometrics will replace passwords in five years time. As reported by the Daily Mail http://www.dailymail.co.uk/sciencetech/article-2077019/IBM-predicts-making-mind-controlled-PCs-years.html, what they said is: "The complex, hard-to-remember strings of numbers and letters will be replaced by biometric readers that 'work out' who you are by reading unique things such as the shape of your face". Nonsense!

Firstly, no biometric ever 'works out' who you are; they have to be first told who you are. I won't apologise for being pedantic about this, for the loose language that besets most biometric reporting leaves readers quite clueless about the real issues.

The cost of registering for biometrics far exceeds the cost of registering passwords. And the unit cost of decent readers (ones with liveness detection that arent so easily spoofed) is hundreds of dollars. Where's the ROI to replace all passwords?

Speaking of loose language, again we have the casual claim that biometrics detectors read "unique things" about their subjects. It's just not the case. If any biometric security system really did use a unique trait, we would expect a False Accept Rate of precisely zero, and not the pretty shoddy one or two percent that is common in practice. The only biometric traits I know of with good theoretical bases for being near-unique are the iris and DNA. Iris is one of the best biometrics, but it's expensive (to get the impressive specificity performance, you need special purpose cameracs and controlled lighting conditions, unachievable with webcams or smart phone cameras). As for DNA, well despite the odd hype, there just isn't any sign of a commercial DNA access control system. Sure, there's forensic DNA analysis, but it requires tissue samples and takes hours of time on masses of equipment, and even then it actually does not deliver "unique" results! DNA testing only examines a few dozen selected genetic markers and has a False Match Rate of around 1 in a billion. Ok, that sounds great but before getting too excited, note that the inventor of DNA testing, Dr Alec Jeffreys, has pointed out that [due to the Birthday Paradox] the chance of random false matches amongst pairs in population-wide DNA databases could climb to be very high.

No responsible analysis of widespread use of biometrics (at a scale that would allow us to 'replace passwords') should skip over the serious inherent flaws in all biometrics. These include the impossibility of cancelling and re-issuing compromised biometrics, the absence of any standardised testing methods and performance specifications, and the fact that (as stressed by no less an authority than the FBI) biometric testing in the lab is a poor predictor of how they perform in the field.

And finally, let's be careful what we ask for, in case we get it. The high cost of biometric registration is such that as soon as anyone embarks on widespread deployment, it's inevitable that service providers will seek to "federate", so that a biometric identity established in one setting can be re-used others. But until we properly solve the problems outlined above, biometric federation, with shared template databases up in the "cloud" somewhere, would quite simply be a nightmare in waiting.

Posted in Biometrics

Science is more than the books it produces

These days it's common to hear the modest disclaimer that there are some questions science can’t answer. I most recently came across such a show of humility by Dr John Kirk speaking on ABC Radio National's Ockham's Razor [1]. Kirk says that "science cannot adjudicate between theism and atheism" and insists that science cannot bridge the divide between physics and metaphysics. Yet surely the long history of science shows that divide is fluid.

Science is not merely about the particular answers; it's about the steady campaign on all that is knowable. Science demystifies.

Textbook examples are legion where new sciences have rendered previously fearsome phenomena as firstly explicable and then often manageable: astronomy, physiology, meteorology, sedimentology, seismology, microbiology, psychology and neurology, to name a few.

It's sometimes said that questions matter more in science than the answers. Good scientists ask good questions, but great ones show where there is no question anymore.

Once something profound is no longer beyond understanding, that awareness permeates society. Each wave of scientific advance usually becomes manifest by new technologies, but more important to the human condition is that science gives us confidence. In an enlightened society, those with no scientific training at all still appreciate that science gets how the world works. Over time this tacit rational confidence has energised modernity, supplanting astrologers, shamans, witch doctors, and even the churches. Laypeople may not know how televisions work, nor nuclear medicine, semiconductors, anaesthetics, antibiotics or fibre optics, but they sure know it's not by magic.

The arc of science parts mystery's curtain. Contrary to John Kirk's partitions, science frequently renders the metaphysical as natural and empirically knowable. My favorite example is the work of Galileo. To the pre-Copernican mind, the Sun was perfect and ethereal, but when Galileo trained his new telescope upon it, he saw spots. The imperfections of sunspots were shocking enough, but a real paradigm shift came when Galileo observed the sunspots moving across the face, disappearing off one side, and then returning hours later on the other. Galileo's epiphany must have been heart-stopping: he saw that the Sun is a sphere turning on its axis: geometric, humble, altogether of this world, and very reasonably the centre of a solar system as Copernicus had reasoned a few decades earlier.

An even more dramatic turn was Darwin's discovery that all the world's living complexity was explicable without god. He not only neutralised the Argument from Design for the existence of god, but he also dispelled teleology, the search for ultimate reason. The deepest lesson of Darwinism is that there is simply no need to ask "What am I doing here?" because the wondrous complexity of all of biology, up to and including humanity, are seen to have arisen through natural selection, without a designer and without a reason. It seems philosophers appreciate the deep lessons of Darwinism more than our modest scientists: Karl Marx saw that evolution "deals the death-blow to teleology"; Frederich Nietzsche proclaimed "God is dead ... we have killed him".

So why shouldn't we expect science to keep penetrating metaphysics? We should we doubt ― or perhaps fear ― its power to remove all mystery? Of course many remaining riddles are very hard indeed, and I know there's no guarantee we will solve them. But I don't see any logic in flatly rejecting the possibility. Some physicists feel they're homing in why the physical constants should have their special values. And many cognitive scientists and philosophers of the mind suspect a theory of consciousness is within reach. I'm not saying anyone yet really gets consciousness yet, but surely most would agree that it just doesn't feel a total enigma anymore.

Science is more than the books it produces. It's the power to keep writing new ones.


[1]. "Why is science such a worry?" Ockham's Razor 18 December 2011 http://www.abc.net.au/radionational/programs/ockhamsrazor/ockham27s-razor-18-december-2011/3725968

Posted in Science, Culture

Trade PII not privacy

There is an orthodoxy that privacy is willingly traded by people in return for some sort of reward. Try Googling "trade privacy for" (with the quote marks). I got 181,000 hits! Among other things, people are said to trade their "privacy" for convenience, security, safety, cheaper loans and free phones.

Yet there's a category error here, one we really need to be aware of, in the interests of clear thinking and good policy.

Increasingly what consumers are doing is trading their Personal Information for a gain of some sort. And in principle, that's actually fine by me, and by most privacy advocates. Because privacy and Personal Information are not the same kind of stuff.

Amongst the digerati there is a popular view that most people these days are smart enough to know what they're doing when they sign up for loyalty programs or provide their details when they enter a competition. That view may or may not be right, but it is a sensible position. The important thing is people can and should retain their privacy in the process -- because privacy and Personal Information (or PII) are different things. Data privacy is a state where parties that hold information about you respect that information, and are restrained in what they do with it. Privacy means they refrain from knowing more about you than is necessary, and from re-using PII collected for one purpose for some other purpose.

There is no inherent problem in bargaining your PII with others who happen to value it, but to preserve privacy in these transactions, we need greater visibility from retailers et al of what they intend to do with the PII they collect. We need more sophisticated tools so consumers can fully comprehend what's going on in these data transactions. And we need more precision and rigor in the way we talk about privacy. Let's be clear: there can and should be a fair trade in Personal Information, but not in privacy.

By analogy, we trade money for goods without necessarily losing value, unless the trade in question is unfair. So this is all about transparency, negotiation and fairness -- the same things consumers care about in any transaction.

One of the deep gripes privacy advocates have about today's digital businesses is their opacity. Facebook and the like harvest vast amounts of PII, without committing themselves to any Use Limitation at all, and without even telling their users what they're up to. For example, Facebook's privacy policy is silent on what they do with facial recognition in the background and with biometric templates. Infomopolies make inordinate amounts of money on the back of personal data collected from us without ever acknowledging its true value, let alone negotiating the trade.

And that's the sneaky one-sided bargain at the heart of most social media.

Posted in Social Networking, Privacy, Language, Big Data

Strippers are better off than Facebook users

Journalist Farhad Manjoo at Slate recently lampooned the privacy interests of Facebook users, quipping sarcastically that "the very idea of making Facebook a more private place borders on the oxymoronic, a bit like expecting modesty at a strip club". Funny.

A stripper might seem the archetype of promiscuity but she has a great deal of control over what's going on. There are strict limits to what she does and moreover, what others including the club are allowed to do to her. Strip club customers are banned from taking photos and exploiting the actors' exuberance, and only the most unscrupulous club would itself take advantage of the show for secondary purposes.

Facebook offers no such protection to their own members.

While people do need to be prudent on the Internet, the real privacy problem with Facebook is not the promiscuity of some of its members, but the blatant and boundless way that it pirates personal information. Regardless of the privacy settings, Facebook reserves all rights to do anything it likes with PI, behind the backs of even its most reserved users. That is the fundamental and persistent privacy breach. It's obscene.

Update 5 Dec 2011

Farhad Manjoo took me to task on Twitter and the Slate site [though his comments at Slate have since disappeared] saying I misunderstood the strip club analogy. He said what he really meant was propriety, not modesty: visitors to strip clubs shouldn't expect propriety and Facebook users shouldn't expect privacy. But I don't see how refining the metaphor makes his point any clearer or, to be frank, any less odious. I haven't been to a lot of strip clubs, but I think that their patrons know pretty much what to expect. Facebook on the other hand is deceptive (and has been officially determined to be so by the FTC). Strip clubs are overt; Facebook is tricky.

Manjoo blames the victims, saying that if people want privacy they shouldn't use Facebook at all. The headline on his article says users are as much to blame for Facebook's privacy woes as Mark Zuckerberg. This is just tacit acceptance of a Wild West, everyone-for-themselves morality that runs through so much of the Internet. We should debate the difference between what is and and what ought to be happening on the Internet, rather than accepting rampant piracy of PI and leaving hapless users to their own devices. The sorts of privacy intrusions that Facebook foists on its users are not intrinsic. Facebook doesn't have to construct biometric templates without the subjects' permission as soon as someone else tags them in photos, neither does it have to continuously run those biometric templates over third party photo data (probably uploaded for other reasons). Facebook could if it desired delete the biometric templates when users ask for tags to be removed, or at the very least alert users to what's going on in the backiground with photo tags. If photo tagging was just for the fun of the users, rather than commercial exploitation, Facebook would promise in its Privacy Policy not to put biometric templates to secondary purposes. But no, Facebook doesn't even mention these things in its Policy.

Some of us -- including both Manjoo and me -- have realised that everything Facebook does is calculated to extract commercial value from the Personal Information it collects and creates. But I don't belittle Facebook's users for falling for the trickery.

Posted in Social Networking, Social Media, Privacy, Internet, Culture