Without you necessarily realizing it, your unique attributes — or "biometrics" — are being used to verify your identity.
Every time you unlock your smartphone, use a fingerprint scanner at the airport, or upload a photo with facial recognition to Facebook, your physical attributes are scanned and scrutinized against a template.
The use of biometrics has exploded in recent years, with companies ranging from 24-Hour Fitness to NYU Langone Medical Center using this convenient technology to identify their customers.
By 2019, biometrics are expected to be a 25-billion-dollar industry with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI. Newest to the scene, Wells Fargo this fall will begin offering a smartphone app with biometric authentication for corporate customers — making all their financial information just an eye scan away.
With biometrics, there’s no need to memorize an unwieldy sequence of numbers and letters as with passwords — and consumers value that convenience. In a OnePoll/Gigya survey, 80 percent of consumers who expressed a preference said they think biometric authentication is more secure than traditional passwords, and 52 percent of consumers said they would choose anything but a traditional password when given the choice.
But, unlike a password, if a person’s biometrics are hacked, they can’t be changed.
“You can always get a new credit card. You can always create a new password. [It’s] really hard to get new fingers. You only have ten of them and once that information leaks, it’s out and there’s nothing you can do,” Goodman said in an interview with NBC News.
Most companies rolling out biometrics say they will safeguard consumer biometric data carefully to prevent against hacks. Wells Fargo, for example, will not store the original images of their customers' eyes used in authentication, and the data will be encrypted.
But there have already been cases of biometric hacking on a large scale. An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, including RAND privacy expert and mother of two Rebecca Balebako. She received a letter from OPM last year informing her that her personal information, including her ten fingerprints, were stolen in the breach.
Balebako worries that her information was stolen by a foreign state, like China, and that it could be used against her or her family.
“That information is going to remain stolen, and I’m not going to change my fingerprints. I also don’t know what they’re going to do with information about my children or about my husband or about his family,” Balebako said.
Balebako had submitted years of personal information, including her Social Security number and previous addresses, for a government background check required for her job.
“I don’t know what to do. I work in this field. I’m a security researcher. I’m a privacy researcher. And I don’t know what to do. I can’t see there’s much I can do to protect myself,” Balebako said.
As biometric technology grows more personal and more widespread, so too do the risks to personal privacy.
“The best thing that we can do is to demand more from our government and from the companies to whom we provide this information, to hold them accountable,” Goodman said. “As our society moves more and more online and citizens spend more and more of their time in digital space, law enforcement has failed to keep up. And this major gap is growing larger and larger.”