Saturday Hashtag: #BiometricTheft - WhoWhatWhy Saturday Hashtag: #BiometricTheft - WhoWhatWhy

Women, eyes, fingers, biometrics
Photo credit: Illustration by WhoWhatWhy from Chu Chup Hinh / Pexels, Pete Linforth / Pixabay, and DreamDigitalArtist / Pixabay

Welcome to Saturday Hashtag, a weekly place for broader context.

Listen To This Story
Voiced by Amazon Polly

Biometrics are the physical or behavioral traits unique to each human, used to identify individuals under surveillance, or for authentication required for access to devices, data,  systems, or networks. This is becoming the new standard for security. 

These bio-data points have been accumulating at an exponential rate on corporate servers, including through public space collection and on personal devices. FYI, people leave biometric data, such as fingerprints and DNA (saliva on a coffee cup) everywhere.

The FTC reported in February that US fraud losses in 2023 topped $10 billion. The 2022 TransUnion data breach alone exposed the private ID information of more than 22 million people. Even with the oversight of the Office of Biometric Identity Management, organizational biometric data breaches are the norm, rather than the exception, in the US and around the world, in the UK, Australia, India, etc. 

This is even considered a US national security threat; a Department of Defense report in November 2023 revealed significant biometric data vulnerabilities in the DOD itself. 

By default, biometrics data is subject to existing privacy laws. The 2018 GDPR inspired expanded legislative protections in the US and around the world (California Consumer Privacy Act, Brazil’s General Data Protection Law, and China’s Personal Information Protection Law). But companies are still failing to adequately protect this data.

Biometric data can actually be hacked. 

This data can even be captured from older devices like skimmers installed in public retail and banking spaces. These devices can facilitate biometric spoofing and replay attacks to access unauthorized data, devices, systems, and networks. 

Mass biometric data storage is making large breaches even more perilous to individuals because this data is inextricably tied to each person in a way that no previous ID security verifications have been. 

In the past when your password was hacked, your credit card or identity stolen, you just got a new password, card, or even social security number. But you can’t just get new fingerprints or replace a DNA profile that’s been stolen and reproduced.

The only way to nominally protect yourself is to not use biometric data for ID security.  


The Basics, Usage, and Privacy Concerns of Biometric Data

The author writes, “Unlike many countries, there is no comprehensive data privacy law that includes biometric data and covers the entire United States. Instead, data privacy regulation is sector specific left to state and local governments. The latter is somewhat intentional but also a reflection of the gridlock that has gripped Congress for the past decade.”

Airports Want to Scan Your Face to Make Traveling Easier. Privacy Experts Caution It’s Not Ready for Takeoff

From CBC Radio: “Your journey through the airport might one day look quite different as some airports and airlines roll out facial recognition technology across several systems, including check-in, and security and immigration clearances. Aviation management expert John Gradek says the tech will ‘be as commonplace as the escalator or the moving sidewalks.’ While airlines and airports say facial recognition can make air travel — an often tedious experience — more efficient and seamless, privacy advocates argue the use of biometric data is fraught and open to abuse. But Gradek says society is on the ‘bleeding edge of facial recognition’ and the move to biometric-based identification is already underway at some airports.” 

Us Sees Identity Theft Fraud Problem More Clearly Than Biometrics’ Role in Addressing It

The author writes, “Americans recognize the challenge of securing their social safety net, as shown in a GovTech article touting a holistic approach to the problem. What exactly that means appears to remain a source of some confusion.”

Fact-Check: Can Hackers Steal Fingerprints From Selfies?

From The Cube: “A video circulating on social media is warning people to avoid doing the peace sign when posing for selfies, in case fraudsters take copies of their fingerprints to hack into their data. The Cube spoke to experts to find out more.”

Businesses, Be Aware: A New Wave of Biometric Crimes Invades the Digital Space

From Forbes: “Over the past few years, fraudsters have discovered an astonishing number of vulnerabilities in what was believed to be a reliable method of identity data protection: biometric authentication. Now, a new set of sneaky ways to spoof biometric authentication videos is emerging in a fraud that uses stolen data.”

FTC Warns About Misuses of Biometric Information and Harm to Consumers

From the Federal Trade Commission: “The Federal Trade Commission today issued a warning that the increasing use of consumers’ biometric information and related technologies, including those powered by machine learning, raises significant consumer privacy and data security concerns and the potential for bias and discrimination.”

Using Biometrics To Prevent Data Breaches and Identity Theft in Health Care

The author writes, “The increasing digitization of the health care industry is obviously a good thing, offering myriad benefits related to heightened operational efficiency and more advanced data processing. However, new technology unfortunately puts organizations at a higher risk of data breaches, identity theft, and fraud.”

The Battle for Biometric Privacy

The author writes, “In 2024, increased adoption of biometric surveillance systems, such as the use of AI-powered facial recognition in public places and access to government services, will spur biometric identity theft and anti-surveillance innovations. Individuals aiming to steal biometric identities to commit fraud or gain access to unauthorized data will be bolstered by generative AI tools and the abundance of face and voice data posted online. Already, voice clones are being used for scams.”

Is Biometric Information Protected by Privacy Laws?

From Bloomberg Law: “As states and localities enact more robust laws related to consumer data privacy and security, biometric laws — such as the Illinois Biometric Information Privacy Act (BIPA) — are front of mind for both legislators and businesses. An increase in biometric privacy class action lawsuits and arbitration, an uptick in proposed legislation, and widespread criticism of both facial and voice recognition technologies suggest that biometrics will remain a hot topic for legal professionals.”

Author

Comments are closed.