Rebecca: Can you give me a brief overview of why you see it as a problem that our personal biometrics, at this point mostly fingerprints, are being used to authenticate our actions rather than identify us?
Dustin: How many emails have you received, to date, from some online service or another saying, "We're sorry, but our site was attacked, and while we don't think your password was compromised, we think you should change it anyway, for good measure"?
Surely you've seen this once or twice, right? And if you're like me, you kind of take a deep breath, and think, "Oh man, that's inconvenient..."
Now, what if that site used some form of biometrics, instead. Let's say your fingerprint. Or your eyeball. How would that email read? You want me to change my fingerprints!?! My eyeballs!?!
That's ridiculous, of course, but it perfectly shows the problem. Biometrics are not changeable. You couldn't alter them if you tried. Being able to change, rotate, and strengthen passwords is one of the
most fundamental properties of authentication tokens -- and completely missing from all forms of biometrics!
That's just one of a number of problems with biometrics. I'll cover more in my talk ;-)
Rebecca: Is biometrics something you've worked with professionally or what has piqued your interest in the area? What made you want to do a panel on the issue?
Dustin: Sort of. I've long maintained and developed an encrypted filesystem for Linux, called eCryptfs. In 2008, I was asked to add eCryptfs support for Thinkpad's fingerprint reader. After thinking about it
for a while, I refused to do so, with the core arguments being much of what I described above. With that refusal to support fingerprint readers in 2009, I seemed to have picked a few fights and arguments with various users.
All was pretty quiet on the home front, until Apple released an iPhone with a built-in fingerprint reader in late 2013, and I blogged this piece that criticized the idea accordingly: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html
That blog post in October 2013 sort of did the viral thing on social media, I guess, seeing almost a million unique views in about a month.
Rebecca: I feel embarrassed to admit that I had simply never thought of this issue until seeing your panel synopsis. Then, it seemed incredibly obvious and I found myself looking at my phone's fingerprint scanner suspiciously. Why do you think the public has had so little response to biometrics in technology, other than seeing it as a neat feature of a particular gadget?
Dustin: On the surface, it seems like such a good idea. We've all seen Mission Impossible or 007 or countless other spy movies where Hollywood portrays biometrics as the authentication mechanism of the future. But it's just that... Bad pulp fiction.
There are plenty of ideas that probably seemed like a good idea at first, right? Examples: Clippy, The Hindenburg, New Coke, Tanning beds, The Shake Weight, Subprime Mortgages, Leaded Gasoline. Think about for just a minute, though. A passenger blimp filled with Hydrogen? An annoying cartoon character that always knows more than you? Massive scale lending to high-risk individuals packed into mortgage-backed securities? Dig a little deeper and these were actually misapplications from the beginning. We'll be in the same place with Biometrics, I have no doubt.
Rebecca: Have there been any instances that you're aware of where the technology has been compromised?
Dustin: The Chaos Computer Club have demonstrated compromised Apple TouchID: http://arstechnica.com/apple/2013/09/chaos-computer-club-hackers-trick-apples-touchid-security-feature/
TouchID is actually pretty high resolution. The Thinkpad fingerprint readers, until recently, could be fooled with a piece of scotch tape: https://pacsec.jp/psj06/psj06krissler-e.pdf
Rebecca: In the future, if we continue down the current path do you see identity theft including the hacking of our fingerprints and voice patterns in addition to our credit card info?
Dustin: I certainly hope we can curtail this doomed path of technology before we get to that point...
But if we don't, then yes, absolutely. All of your biometrics are easily collected in public places, with your knowledge.
- Your fingerprints are on your coffee mug and every beer bottle you've ever picked up with your bare hands.
- Your hair, dandruff, and dead skin contain your DNA.
- High resolution digital cameras can pick up your iris in incredible detail (less so for the retina currently)
- Facial recognition -- seriously, unless you've taken exorbitant steps, your face is all over Facebook, Google, LinkedIn, etc., and everywhere you go in public today, there are security monitors.
- The same goes for vocal recognition. Surely you've heard, "This call may be recorded for training purposes". Sure, that's fine. But do you go spilling your master password to all of your accounts to that phone support? Well, if you use voice recognition for your authentication, then that's exactly what you've done.
Rebecca: Beyond crime, what are the civil liberties issues you see being entwined with biometrics technology? Could the government theoretically access this information in much the same way they have our email and phone records in the past?
Dustin: Theoretically, yes. That that "theoretically, yes" is enough for me to be very concerned.
Is Apple colluding with the NSA/FBI/CIA/etc? I am most certainly NOT making that accusation.
Could they, or anyone else in this biometrics? Most certainly. They could even be coerced or forced to do so. And they could so unknowingly. And it might not even be "the good guys". Anyone of this magnitude is a target for attacks, by less than savory governments or crime organizations.
Moreover, I strongly recommend that everyone consider their biometrics compromised. As I said above, you leave a trail of your fingerprints, DNA, face, voice, etc. everywhere you go. Just accept that they're not secret, and don't pretend that they are :-)
Rebecca: What are some places where you see biometrics as appropriate and useful?
Dustin: Back to the title of the presentation, I think biometrics are decent as a "username", just not as a "password".
Is your name secret? No, not really. Is your email address secret? No, not really, either.
That's what biometrics are -- they're another expression of your "identity". It can be used to replace, or rather, look up your name, username, or email address from a list, as it's just another expression of that information.
Now, a password is something entirely different. A password is how you "prove" your identity. This is something entirely different. It must be long, and very hard to guess. You have to be able to change it. And you have to keep your passwords separate from different accounts, so that no one account could share that with another account and compromise you.
Rebecca: What are your thoughts on SXSW Interactive as a venue for such discussion?
Dustin: I think it's a fantastic venue! I attended SXSW Interactive in 2014, and was very impressed with the quality of speakers and discussion around security, privacy, identity, and civil liberties. I immediately regretted that I didn't submit this talk for the 2014 conference, and resolved to definitely do so for 2015. Unfortunately, this subject is still important and topical in 2015 :-( Which means we still have some work to do!
Rebecca: Finally, are there any other panels you're especially looking forward to?
Dustin: All of the Open Source ones (of which there are a lot!), as that's really my passion. If I have to pick three right now I'm definitely attending, it would be:
- http://schedule.sxsw.com/2015/events/event_IAP35935
- http://schedule.sxsw.com/2015/events/event_IAP36290
- http://schedule.sxsw.com/2015/events/event_IAP40528
Cheers,
Dustin