Biometrics, fingerprinting, and 2FA (Two-Factor Authentication) have become an integral part of our lives. We use these technologies every day. However, we need to be aware that they are harming our privacy rights in more ways than one.
Every time we use them we are volunteering up critical personal information; from the contours of our face, and the complexity of our iris, to the loops of our fingerprints.
These are the unique identifiers that make us who we are, and in many cases, the precise information government agencies need and use to identify our bodies!
The point is, when we give Big Tech companies this critical information, we are sacrificing many of the inalienable privacy protections that should be held sacred.
In this article, we explain why biometrics and fingerprinting can be used against us even if we’re not criminals, how they can be used to extract data from us without our knowledge, and what you can do about it.
The Ethics of Privacy
It should be obvious that your right to privacy is a human right. While many countries, including Australia and the US, have debated how far our natural privacy should be extended, there need to be more conversations about online privacy.
Many careers, families, and lives are ruined by simple mistakes that happened decades ago suddenly coming up on Twitter, Facebook, or Google, and forcing negative public opinion.
People are not being given the benefit of the doubt, which has much to do with privacy rights.
Privacy is a fundamental human right necessary for the exercise of other rights. Without a private sphere, individuals cannot exercise other rights, such as freedom of expression or association. It shouldn’t matter to anyone else if we prefer groups who dress up as birds on Sunday afternoons or political parties that may seem extreme.
What we do in the PRIVACY of our own lives should be just that – private. If we are not harming someone else, then it really isn’t anyone else’s business what we do.
Privacy allows us to have dignity in our interactions with others. It helps ensure that we are treated fairly and equally by our government officials, employers, healthcare providers, and friends.
We cannot feel like equals if we don’t know what information about us has been collected and shared by these institutions. This will lead to less trust between them and their citizens as well as further mistrust within society overall.
What are Current Account Security Measures?
The current account security measures of fingerprinting, biometrics and 2FA are harming our privacy rights.
Biometric data is collected from individuals and stored in huge databases, which may be vulnerable to cyberattacks by hackers who sometimes even sell the information online on the dark web for profit. This trend will only continue unless something drastic happens soon enough.
While we may think having a code sent to our phones or using facial recognition to log into social media may improve our security, it only opens us up to more significant threats of attack and identity theft. Meanwhile, Big Tech is happily devouring all this information to increase their own pocketbooks.
What are Digital Biometrics?
Biometrics is a form of two-factor authentication that uses unique physical characteristics such as your fingerprint, face, or iris to verify your identity. Biometric data can be collected with the help of devices like a fingerprint scanner or facial recognition software, which are used to confirm a person’s identity. These devices are used in smartphones and laptops as well as at border control points around the world.
But what exactly is biometrics? It’s a type of authentication that uses unique physical characteristics to identify someone.
Biometrics can’t be easily duplicated by someone else because no two people have precisely the same biological traits – except identical twins!
The use of digital technology makes it easier for us to implement biometric systems, but our privacy rights are still endangered when it comes to how these systems function and how our data is stored and shared online.
What is Two-Factor Authentication?
Two-factor authentication (2FA) is a security measure that requires you to use two different pieces of information to log in to an account. For example, when you log in with your username and password, you’re prompted to enter a code sent to your phone or scan your fingerprint on the screen.
The idea with 2FA is that it makes it harder for an attacker who gets hold of just one piece of information – your username, say – to break into an account without having access to another piece: either the password itself or some sort of physical token like a phone or smartcard containing the second factor.
Why Were these Measures Created?
Biometric data is not always collected to identify an individual. However, some companies collect this information to improve their services.
For example, if a company wants to start a new subscription-based service, they may use your fingerprint as your way of proving that you’re actually whom you say you are, and have agreed to pay for the service on that device.
Companies also use biometric technology as a way of protecting personal information. This means that if someone were to steal or discover your password or username, they would still need your physical appearance in order to access what they wanted from the account (your credit card number).
The idea was solid in the beginning. Create a resource that protects the private information of users. However, using further privacy latent resources to cover other private details seems a bit foolish.
Even a basic search of “how to crack fingerprint lock android” on Google spits out all kinds of software, tricks, and hacks available to even the most basic user. For as little as $7.99, you can pick up incredibly easy-to-use software to crack a fingerprint-enabled Android device.
Or, if you are more an engineering buff, you can use a picture of a target’s fingerprint, create a negative in Photoshop, print the image, and put some wood glue on top of the print to imitate a real finger. With nothing more than $5 worth of materials, you can easily crack a laptop that requires fingerprint access.
Is My Private Biometric Information Secure?
Biometric information is not encrypted. The government has no obligation to protect it, and it can be stolen.
The security of biometrics is not guaranteed. Biometric data can be compromised at any time, either by a malicious actor or simply by accident.
Tencent, one of the largest Chinese payment providers, will soon be requiring customers to pay via palm prints. To give you an idea of how dangerous this is, in the US, when you are convicted of a felony offence, your palm print is captured for future comparisons of any potential other crimes.
This means a Chinese company is using the same stored information the US uses for criminals to confirm payment. That comparison alone should make us all think twice. How hard would it be for a government, especially one with not such a great privacy record like China, to take the newly captured palm print data and use it to capture criminals or set people up for crimes they never committed?
Biometric information is not protected. Under the Privacy Act of 1988, your biometric information is sensitive information. That means Big Tech has to ask for your consent before they use it in their systems operations.
However, if you volunteer this data, there is nothing stopping that company from reselling, utilising, or analysing that data for their own needs later on.
Can These Security Systems Be Cracked?
Biometrics are not a fail-safe method for protecting your privacy. In fact, they can be cracked by anyone with enough hacking knowledge and/or patience. For example:
- Fingerprint data is stored on your smartphone and can be extracted with simple methods (i.e., using a photo of your fingerprint to unlock it).
- Facial recognition data can be captured from photos and videos you post online or take with your phone camera—and this technology is getting better every day!
The bottom line here? Biometrics may not be so secure after all. If someone wants access to your device, there’s no reason why they won’t get into it eventually; even if you’ve got great security measures in place, they’ll find a way through because it’s just not worth their time not trying (especially since most people don’t have the skillset necessary to crack biometric systems).
There are “Red Teams” that get hired by Big Tech to try and crack their system security measures. These teams repeatedly report on two primary risks to any business: social engineering and biometrics.
Expert hackers are actively pursuing biometric validations because it gives them access to the digital version of someone else’s identity. If they have this data, they can get into pretty much any account they wish.
Is Big Tech Reselling My Biometric Information?
The question of whether big data companies are reselling or otherwise profiting off your biometric information is a good one. The short answer is yes, they are – and it’s happening in ways that you might not expect.
The most common way this happens is through third-party apps. For example, let’s say you use a fitness tracker that syncs with your phone to save and track your weight, steps taken, and calories burned throughout the day.
It also uses biometrics for security reasons: if someone tries to log into your app without the proper biometric (say, by entering their username and password), then the app won’t let them get past step one; only after successfully matching up their face or fingerprint will it allow them access to their account information (if they’re even able).
It isn’t just apps. Nearly 25% of British retail chains are now using facial recognition software to log whenever customers visit, what they purchase, and how they move throughout the store.
Every time your child downloads a fun face-changing app to look like a puppy or age themselves, they are opening the door to potential hackers.
Even the popular FaceApp from the late 2010s was sending information to its Russian parent company that had written into their privacy and terms of service they could use those images for whatever they wanted. You read that right. Uploading a picture of your face to that app may have resulted in your data being sold to something like a Japanese marketing department to promote their latest haemorrhoid cream.
Does this Lead to More Digital Identity Theft?
The more your digital identity is used, the more it can be abused. The more it’s available online, the greater the chance that someone will steal it or use it for fraud. And if your digital identity is used to access a system that holds sensitive data about you—like medical records or financial information—then this too becomes vulnerable to abuse and/or theft.
Fingerprinting and biometric identification are different from traditional passwords in many ways. But one thing they have in common with regular passwords: each time you register an account using them, you’re making yourself vulnerable to attacks on your privacy rights as well as leaving behind yet another piece of information that can be used against you.
These online profiles are incredibly powerful, and hackers are practically foaming at the mouth to get their grubby little hands on the information.
What About Facial Recognition?
Facial recognition is a form of biometrics, but it’s different from fingerprints and iris scans. Instead of using your body parts to identify you, facial recognition uses the unique features in your face to do so. Facial recognition can be used for security purposes or surveillance.
There are two major types of facial recognition systems: those that scan images that are taken by cameras and those that scan images taken directly from devices like smartphones or tablets (known as “on-device”).
The first type is more common and therefore has more potential vulnerabilities than the second type because they can be hacked into remotely through public WiFi hotspots or even a simple smartphone camera lens attachment.
Don’t think for a second we in Australia are protected against facial recognition. Besides the arguments for having it as part of our biometric systems,
More than 75% of our population is unaware their biometric and financial data is being captured and mined by all kinds of Big Tech companies and government agencies. This is either happening under the pretence of national defence or by tech companies pretending to use it for “targeted advertising” that is supposed to help shoppers find the information they want.
With biometric data, the government can then track your every move. By using your face or fingerprint as a means of identification, they can see where you are at any given time and what you’re doing. The government has been collecting this information for years without our knowledge or consent. In fact, it’s happening right now in the United States and other countries!
How Do I Stay Safe without Biometric and 2FA Measures?
If you’re using any of the biometric and 2FA methods or have been considering them, it’s time to reconsider. Here are some methods that you can use in order to stay safe without compromising your privacy rights:
- Use a password manager. Password managers will help prevent your passwords from being stored on an external server that doesn’t belong to you. When using a password manager, even if someone finds out what your password is, they won’t be able to access anything because all of your login information will be stored in an encrypted file on your computer or phone.
- Use strong passwords for all accounts and change them regularly (every 3-6 months). Strong passwords are difficult for hackers and human beings alike—they should not contain words from the dictionary; contain random characters; include numbers; include symbols like ‘$&!#’; don’t use personal information like birthdays or names; should not be easy-to-guess (e.g., “password”).
- Use deGoogled phones. Sticking with open-source solutions that live far outside the mainstream Big Tech companies helps you circumvent the security concerns being sold to everyone else. That makes you more unique and harder to crack.
- Consider Faraday Bags. You can avoid many of the associated databases capturing your data by keeping your devices safely stored away from WiFi, Bluetooth, Cellular, and other wavelengths that would try to steal that data. Using a well-designed Faraday bag, backpack, or pouch is a significant step in that direction.
Wrapping it Up
Biometrics are a form of digital identity theft. They are not secure and can be stolen by hackers and governments alike. We as a society need to stop using biometrics as a method to protect our online identities and instead begin looking at ways to secure privacy rights that do not compromise our sense of self in the real world.
It’s important to remember that not all biometric security systems are created equal. Some companies have been accused of using less secure methods for their biometric data, such as storing it in unencrypted files on their servers.
Source – https://freedomtech.com.au/privacy-rights-risk-dangers-fingerprinting-biometrics-2fa/