Apple’s FaceID: Get ready for ‘big data’ to get even bigger
Today, smartphones come built-in with a range of sensors with the capability to track our individual digital fingerprints. With the release of Apple’s FaceID integrated into the new iPhone X, they will successfully perform facial recognition.
FaceID will incorporate the use of 3D sensors, neural networks and specific hardware built for a set of machine learning algorithms that can detect a user’s face, to unlock iPhone X instantly and even allow authorization though facial recognition to access apps and provide a safer mobile payments experience. But from a privacy and security standpoint, how safe is this new biometric feature?
FaceID certainly has the potential to become far more secure than previous TouchID security features, as it uses AI and static biometric recognition technology. Apple appears to be addressing the common vulnerabilities in biometric authentication among current mobile devices. However, there are privacy concerns with respect to the need for the camera to always be turned on in order for these features to work. There is a question of what type of access third party apps — even Apple — have to the FaceID functionality and, ultimately, to one’s digital identity.
{mosads}It’s not just Apple utilizing the benefits of biometric and behavioral authentication. Organizations are realizing the treasure trove of contextual insights and valuable information about customers that are available through sensor-based, ground-breaking technology.
Organizations use big data analytics to monitor the behavior of a consumer, or potential consumer. Insurance agencies can benefit from such data to assess everything from driving behavior or home settings to reduce in-home risks, to health risks based on daily habits and routines to detect anomalies. Healthcare organizations can perform remote monitoring, while the automotive industry can profile drivers via connected cars and autonomous vehicles. Even apps like Maps, Camera, Weather and Uber use location services to cater to users based on their location. Big data is getting bigger, but that’s not necessarily a bad thing.
Transparency will be key going forward. As people often don’t fully read through privacy statements because of their length and complexity, government mandates, such as the EU’s pending General Data Protection Regulation (GDPR) are beginning to require organizations to present privacy statements in a “clear, transparent, intelligible and easily accessible form — using clear and plain language.”
In the absence of detailed guidance, organizations will need to come up with creative ways of distilling and presenting relevant and mandatory privacy information. One option is for organizations to use multiple, shorter privacy statements which are threaded for the user’s specific use of an app or service. For example, when a mobile app first accesses the GPS, the user would be presented with the location based privacy statements just in time so that they can make a decision at the point of usage, rather than having to read through the long privacy statements ahead of time.
Another option is for organizations to require explicit permissions from users. If consent is the basis for the organization’s processing activities, the privacy statement must inform the user of their right to withdraw consent at any time.
Also key will be securing a device filled with personally identifiable information (PII) for every user. Securing PII on mobile devices currently focuses on ways to encrypt the information on a device in case of loss or theft, while still ensuring ease of access for daily use. Both iOS and Android are constantly working to improve their security options, although cases like Android’s recent shipment of 38 phones with pre-installed malware do not do much to boost consumer confidence.
On-device behavioral biometrics provides an essential piece of the puzzle for mobile app developers and their clients, because it’s simply not realistic to expect the consumer to carry all the responsibility for secure operation. AI-powered behavioral biometrics provide multiple layers of security that continuously authenticate a user by adapting to the way they interact with their device. Using deep learning algorithms, layers of data and sensor-based intelligence, the technology can seamlessly detect hundreds of human traits to quickly and accurately identify a user and ensure that the user is authorized to use that device, or complete a transaction.
Additionally, the amount of data an app collects should be limited to only what is required to serve the purpose of providing its specific service.
The release of FaceID and other forms of biometric and behavioral authentication is a testament to how the ongoing innovation in technology constantly challenges the borders of privacy. That is why organizations such as Apple and Google among others must address the challenges of maintaining anonymity and work to foresee future unintended consequences, while enjoying the security of leading-edge biometric technologies.
Deepak Dutt (@DCDutt) is the CEO of Zighra, a tech company that strives to deliver real-time behavioral intelligence and security controls
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..