Biometrics identity

There’s a revolution happening right now in biometrics.

But the technology for identifying people based on biology is outpacing our ability to understand the consequences for privacy.

Passwords – which have proven time and again to be inadequate for security purposes – are steadily being replaced by fingerprints, irises, voices and faces.

The patterns of our veins, heartbeats, and even our thoughts and the way we smell, have been looked at as alternative forms of authentication.

Now, research suggests we might be uniquely identifiable by the cloud of skin, cells, microbes and bacteria we’re constantly emitting.

Every time we sneeze, cough, scratch, fart, or touch something, we leave behind traces of ourselves and the bacteria and microbes living on and inside our bodies – what scientists call our microbiome.

In a recently published paper, one group of researchers described how they collected traces of airborne and settled microbiota from 11 individuals in a controlled environment, and found that each person’s microbial cloud was genetically unique.

Their research raises the possibility that microbial clouds could one day be used to identify and profile us.

Similar research conducted by the Argonne National Laboratory (part of the US Department of Energy), looks at how our microbiomes could be used in forensic criminology – i.e., placing people at the scene of a crime using microbes they leave behind.

Jack Gilbert, the lead researcher in this field for the Argonne lab, says in the near future microbial clouds could be as useful to investigators as fingerprints are today, as he told Time:

We’re ramping up to be able to leverage signature profiles in a really robust way. It’s what people did for fingerprints years ago.

Of course, this type of profiling would require databases of microbial signatures. (There is one such microbial database being compiled by the Earth Microbiome Project, although it is in its infancy).

It may be a ways off, Gilbert said, but he would “like to work toward” the creation of a microbiome database for use in criminal investigations.

Collecting and storing DNA in databases raises privacy concerns: DNA samples can reveal a lot of personal information – from ethnic background and race to what kinds of diseases you might be carrying.

The FBI has the largest such database in the world – the National DNA Index, containing over 14 million profiles of offenders and arrestees.

Many state and local police departments in the US have for years been creating their own databases of criminal suspects’ DNA, without any kind of regulation or transparency as to how the information should be used or for how long.

So far, judicial efforts to hit the brakes on biometric data capture have failed to stop this runaway train.

The US Supreme Court in March 2015 refused to hear a case, Raynor vs. State of Maryland, that could have made it illegal for police to collect genetic material without a warrant.

The plaintiff, Glenn Raynor, had argued that his conviction should be thrown out because police collected his DNA without his knowledge or consent and, he claimed, in violation of the Fourth Amendment.

Raynor, a suspect in a criminal case, had agreed to be interviewed at a police station, but refused police requests to give a DNA sample.

Without probable cause, police couldn’t arrest Raynor and released him; but police collected his DNA by swabbing skin cells from the chair he was sitting in and used DNA analysis to connect him to the crime.

As the Electronic Frontier Foundation (EFF) told the court in an amicus brief, Raynor’s “inadvertently shed” DNA contained personal information that should be protected from unreasonable searches and seizures.

Without reasonable limits on the ability of police to collect DNA, could we end up in a society of “pervasive surveillance,” where police can collect DNA from “any person at any time,” as EFF Staff Attorney Jennifer Lynch said regarding the Raynor case?

At a minimum, we should have the same privacy rights for our DNA as we do other types of personally identifiable information.

The US Genetic Information Nondiscrimination Act does provide some protections against discrimination, but doesn’t truly protect privacy.

European laws and courts tend to be more protective of privacy than those in the United States – the European Court of Human Rights ruled in 2008 that the UK’s massive DNA database was illegal.

We need to act fast.

As the massive quantities of data about us continue to grow – and the technology for collecting and analyzing the data continues to advance – governments and industries seem to be showing little interest in placing limits on using it.

Image of faces courtesy of Shutterstock.com.

Article source: Naked Security – Sophos

Comments

comments