Why the Biometrics Privacy Threat Is Overblown

Now that biometrics have officially gone mainstream with Apple's new fingerprint scanner on the iPhone 5S, does this mean that our privacy is even more at risk from snoopers, hackers, and identity thieves?

Not really. 

There's been a lot of confusion and misinformation about this issue, so it's important to clarify the technology behind biometrics, how it's stored and how hard it is to abuse this type of data. Biometrics, while not perfect, offers substantial security benefits to the average consumer -- including greater protection from identity theft, data theft, and possibly even financial fraud. It's substantially more secure than using a basic password or four digit PIN, both of which are susceptible to brute-force attacks.

First, it's important to realize that a serious fingerprint scanner doesn't store a photographic image of a fingerprint. Instead, it interprets a digital representation of certain characteristics of your fingerprint, called a template. To put this in layman's terms, it saves the fingerprint, not as an image, but as binary digits -- and this binary code doesn't encompass the entire fingerprint, only certain aspects of it like the curve of individual lines on your finger. Biometric scanner companies also tend to use different templates from one another, which aren't compatible across different platforms. Therefore, your binary fingerprint is unlikely to be the same on an iPhone as it would be, say, on an Android device or a Ford car. If a hacker figures out how to capture your template data -- for instance, using a popular technique called a "man-in-the-middle" cyber attack -- he or she wouldn't be able to use that data to hack into every account that uses your fingerprint to verify you. Compare that with the password, which can be, and often is, reused on multiple accounts -- so a hacked Twitter password can quickly lead to a compromised Gmail, Facebook and bank account also.

Additionally, if a hacker or government agency got access to the digital copy of your fingerprint, it shouldn't be able to use that to recreate the actual fingerprint -- or voice print, retina scan, or whatever biometric is being used. Again, because each platform interprets this data differently and codes it differently.

However, that is not to say that biometrics are without threats.

It is possible to "steal" or "spoof" a person's biometrics -- as was recently shown with the iPhone 5S fingerprint scanner hack. But that is not very easy to do -- in fact, it can be much harder than guessing or brute-forcing a password or PIN code. In order to steal a fingerprint, the attacker must have direct contact with the person, lift the print without ruining it or being seen, save it as a very high-resolution image, print it out in very high-res and then manage to trick the fingerprint scanner into thinking the artificial print is real. Obviously it can be done, but this number of steps rules out many of the usual suspects: 'target-of-opportunity' thieves aren't going to take the time; hackers typically try to avoid direct contact with the subject; a jealous partner probably isn't going to open up a CSI lab just to get into your phone; etc. However, organized crime, state-sponsored hackers or spies just might go to these lengths, so you shouldn't see biometrics as completely hacker-proof if you have ultra-high security needs.

Long-term there is another potential risk -- if Apple or another biometric scanning company allows websites to authenticate you with a biometric scanner. Apple doesn't currently offer this, but hypothetically this could change in the future. Think of a "sign-in with your iPhone fingerprint" the way many sites now offer "sign in with your Facebook account." If that fingerprint template is stolen by a hacker then they could use it to break into other accounts that also use your iPhone fingerprint for authentication. Unlike a password, you can't reset your fingerprint so you'd basically be unable to use your iPhone fingerprint on those websites ever again. However, in the worst case scenario, you'd simply revert back to passwords - which is no worse than the situation is today. 

Biometrics aren't the only alternative to passwords. Companies like Twitter are rolling out alternatives that use your phone to help improve security. The bottom line is that, for the average person, passwords are just not enough to keep you secure any more. Any step forward from simple passwords alone is a boon for security, and widespread use of biometrics - while not perfect -is a great starting point.