“When you give up your privacy, you give up your power”, wrote the Canadian author Thor Benson. This seems indeed relevant as we enter the zettabyte era of ever-increasing data flows. Still, the overall trend is that we as users do give up the control of our data – due to convenience and ignorance. This article aims to put the spotlight on the growing use of biometric data for identification, it describes the privacy shortcomings of this technology and explores the use of NFC chip implants as a potentially superior alternative.
The progress of identification using biometric data
In recent years, we have seen a rapid development of a range of technologies to facilitate personal identification. At the core of this development is the widespread adoption of biometric identifiers replacing items such as keys, cards, badges, passwords and pin codes. Biometrics – predominantly fingerprints, palmprints, voice recognition, iris or vein patterns or the shape of the face – is touted as a quick, safe and convenient method for identification.
The use of biometric data for personal identification used to be a feature of science fiction. Many of us are familiar with the use of eye scanners in Minority Report, fingerprint IDs to unlock doors in Back to the Future 2 and voice ID for file access in I, Robot just to mention a few examples. Today, these then-futuristic applications have become part of our daily lives. Everyday activities such as unlocking your phone or computer, approving payments or entering the gym can be done with the use of biometric data.
Biometrics is highly convenient
In comparison with older solutions including either physical tokens or the need to memorise words and numbers, the use of biometric data constitutes a superior solution in terms of convenience. This applies to both individual users and system administrators.
For individual users, it amounts to reducing friction when interacting and performing transactions in both the physical and the digital domains. The unique identifier necessary for the identification is always available and can never be misplaced since it is part of your physical self. As a user, you no longer have to keep track of key fobs, swipe cards and passwords.
The reduction in friction has several dimensions, the primary one being getting rid of for example the hassle of digging for keys and access cards when in front of a door. The second dimension is when an identification token is forgotten or lost and has to be recovered in a cumbersome way.
For system administrators, the hassle of managing lost or compromised devices and passwords is reduced. The frequent resetting of passwords is in itself a security risk, as users tend to re-use the same passwords across their personal access universe. Even if one system has good security it may not apply to others outside of the administrator’s control.
Despite the good news, I will argue that the use of biometric data for identification should not be embraced without scrutiny. From a privacy perspective, there are substantial potential risks and negative effects. These need to be addressed before biometric identification technologies reach such a dominant position that they cannot be substituted by more privacy-respecting technologies.
Critical weaknesses of biometrics
There are some clear disadvantages with using biometric data both from a privacy and from a security perspective.
First, the identifier cannot be hidden. We constantly broadcast our biometric data – and thereby we also broadcast our unique identification keys. A person with malicious intentions and a most basic technical competence can easily capture your fingerprints, record your voice or collect a multitude of images of your face. This need not even be done in person – it can be achieved by recording a phone call or by downloading images from social media platforms. Biometric data are simply too easy to steal.
Second, biometric data can’t be encrypted – it is always in plain text. The fingerprints on your hands cannot be encrypted where they sit. Even a cautious user with adequate awareness of the risks involved when using biometric data for identification wouldn’t be able to properly protect their own data. Doing so would ultimately require covering the body when in public.
Third, biology is imprecise. Voices and fingerprints vary depending on physical factors, such as body temperature, skin humidity and state of health. The use of biometric data as unique identifier requires expensive and sensitive readers, as well as specialised algorithms that allow for the element of variation inherent in biology. The technology needs to be fine-tuned in order to allow for variations in a thumbprint or facial structure of the right user, while at the same time not allowing for false-positive identifications of non-authorised persons.
Fourth, the privacy exposure is inherent when systematically handing your body data to a system. Apart from identification, a system might be able to learn many other things about you when you for example use your face to unlock your phone. There are smartphone apps that allow for the measuring of pulse, blood flow, body temperature and other health factors from just filming your face with the camera. If you allow your phone or office door to take 20+ picture of your face every day, what data about your health can be gained from this massive data stream, completely unbeknownst to the user?
Fifth and most importantly, biometric data cannot be altered. Our fingerprints, irises and face are what they are and cannot be changed. This means that our unique identifier cannot be destroyed or altered. If one’s biometric data are compromised, they are compromised forever. We have in recent years seen breaches of databases through which hackers have gained access to the biometric identifiers, along with the identities of their owners. This means millions of individuals can never safely use their biometric identifiers again.
Chip implants as an alternative for convenient, touch-based identification
Another identification technology which has a closely similar application space and user case as biometric identifications is chip implants. This form of identification technology is well established for its use in pets and livestock, where it has been applied on an industrial scale in billions of animals since more than three decades.
The human user scenario of implant identification includes the insertion of a glass-encapsulated ID tag under the skin of the hand of the person. The chip implant is the size of a grain of rice and can comfortably remain within the body for decades. When professionally inserted, these implants are not known to have any negative health effects. The battery-free implant is externally powered; an antenna activates the chip when introduced into a magnetic field with a specific frequency, such as a standard door reader.
The chip essentially acts as a digital key badge, using near-field communication (NFC). NFC is a worldwide standard protocol for the low-power exchange of data over short distances, which you most likely already use many times per day without thinking twice about it. In the case of chip implants, they have to be within 1 to 2 centimetres from a reader in order to be activated and transmit their data. The chip contains a unique ID number which makes it possible to use it for identification across many different systems independently. Some later generation implants also include microprocessors that are able to generate encryption keys.
There is a small, but growing community of chip implant enthusiast around the world. In Sweden, an active community of early adopters – or ‘biohackers’ – have been using NFC chip implants since 2015. At the innovation tech hub Epicenter in Stockholm, members can use their chip implants to access the building and buy from vending machines, and they frequently host ‘implant parties’ where participants have the opportunity to ‘chip’ themselves. A growing ecosystem of commercial operators across Sweden allow chip implantees to use their implants instead of badges or magnetic cards in order to access buildings, enter gyms, get bonus points in different shopping clubs or even travel on the national railways.
The upside with chip implants
Why choose an invasive hardware solution above biometrics? I will argue that implant tech, besides having the convenience benefits of biometric identification that it is always available and cannot be forgotten at home, also presents a superior solution in terms of safety, privacy and reliability.
The first advantage is the possibility to encrypt the unique identifier. Unlike biometric data where the unique identifier is part of the body and impossible to hide, the unique identifier when using chip implants can be protected from outside exposure by encryption. This makes the chip implant a privacy-friendly alternative to the use of biometric identification.
The second advantage is that the implant allows for being changed and reprogrammed if there is the suspicion of the ID being compromised in any way. A chip implant can be updated, reset and reprogrammed without having to be taken out of the body. If required, the implant can also be extracted in a quick procedure not more dramatic than removing a wooden splinter from the hand.
A third advantage is precision. Since implants use the NFC protocol for communication, there is no need for complicated algorithms in order to allow for the messy biological variation of human bodies. The implants speak the language of the machines, instead of us having to train the machines to understand the complex shifts of biology. The risk for both false-negative and false-positive identification is eliminated.
Fourth, there is already a widespread infrastructure of millions of NFC-enabled payment terminals, smartphones and door readers installed across the world. Using an already prevalent system, there is no need to install a new infrastructure of expensive, sensitive biometric readers.
Fifth, the privacy dimension of not having to share more than you want to share, especially of something so private as your own body. When an implant is swiped over a reader, no side stream of data about the body or health of the user is transferred to the system.
Chip implant critique
The uptake in human implant use has not gone unnoticed and the use of NFC chip implants has generated strong and varied opinions. Implants are generally still seen as a subculture thing used among techies and biohackers.
The main obvious challenge with ID implants is that they must be inserted into the body. Unlike fingerprints, we are not born with them. While the procedure is generally quick and relatively painless (ask your cat), this is still a relevant hurdle for many users. Currently, the standard way to get an implant is to visit a tattoo or piercing studio which in most major cities in the world can provide a sterile, professional insertion for about USD 100.
Then there is the security aspect. Just like key badges and swipe cards, implants can be hacked, copied and cloned. NFC chip implants are typically used to enter locked areas such as office buildings, or to access equipment that contains information of various importance, such as computers and smartphones. Storing information on a single chip implant makes it a possible attractive target for hackers and other malicious actors.
However, these security risks are not different from what applies to key fobs and smart cards. The technology inside is fundamentally the same, it is merely the location of the chip that differs. We already have industry standards for the secure management of such tokens, for example by using multifactor verification for increased security. When entering the office after hours, the key badge has to be complemented by a pin code. The same procedure can of course be applied to an implant.
Another privacy-related topic which is often raised is whether using chip implants enables the involuntary tracking of individuals. Here the answer is a comforting no – since the implants do not contain a battery, they cannot transmit a signal independently. They only activate when in close proximity to a specific reader.
Will chip implants replace current technologies?
In light of the above, it is not unlikely that implants will grow in popularity as a more secure and privacy-friendly substitute to biometric data identification. Although the public awareness of the opportunities of implant technology is low, as more people become familiar with the practical use of implants, they will attract a broader audience.
In my opinion, this innovative alternative technology for identification can solve some of the core privacy and security-related issues still unresolved by biometric data identification and should be given serious attention by both system administrators and privacy-concerned users around the world.