//////////////////////////////////////////////////////////////////// t TECH
cht TALK
lk
security models based on biometrics
alone and AI may actually make the
matter worse by performing the PII
linkage for a threat actor
Opening up a dialogue about
biometric data
Now is the time to begin sensitive
discussions about biometric data. When you
purchase a device, use a new technology,
or consider how you are interacting with a
new service, ask yourself and potentially the
vendor (especially if the technology is used
for work), the following:
• How are you storing biometric data?
• Where is it being stored? Especially what
countries, since this may have other legal
and compliance ramifications
• How is it secured? Who has access?
• Is my biometric data being purged
over time?
• Do you sell my biometric data?
• Does law enforcement have access to my
biometric data or logs? Even with
a warrant?
“
IF BIOMETRIC
DATA IS
COMPROMISED,
YOU CANNOT
CHANGE IT.
voices. Your unique vocal patterns are
stored and processed in the cloud. While
threat vectors for human voice patterns
are still very theoretical, be mindful that
this data is being stored
• DNA kits: If you purchased or used one
of these, your DNA is now on file. And if
you give permission, your data can be
used by law enforcement to help solve
outstanding criminal cases. Your most
www.intelligentcio.com
private and sensitive data, your DNA, is
now in the hands of a third party. You
should be aware of everything they can
do with it and what the ramifications are
if those services are ever breached
• Mobile devices and IoT: Cellular
phones, tablets and even door cameras
capture some form of biometric data
and store it on the device or in the cloud
– even if it is not used for authentication
or authorisation. The risk here is obvious.
Some door cameras, based on location,
capture photos or video based on
movement and may capture your picture
just by your walking or driving past it.
Your likeness, unknown to you, is now
potentially on another end-user’s device,
or in the cloud. And your mobile phone
or tablet now has fingerprints and facial
metrics stored within it too. There are
plenty of tools and documents on how to
bypass these security models if you have
the device in hand. You cannot trust these
Biometric data is perhaps the most sensitive
information you possess. It is a part of your
identity and cannot be changed. It is a
worthy conversation we need to have in this
sensitive world. It affects everyone, does
not discriminate and as new technology
emerges, stands to cause potential trouble
for everyone unless we understand how our
likeness is being captured, stored, processed
and ultimately, utilised. n
Morey Haber, CTO at BeyondTrust
INTELLIGENTCIO
79