Every new year, IBM puts forth their “5-in-5”: a set of predictions about the state of technology half a decade into the future. This year, the prediction that’s attracting the most controversy is that by 2017, you can ditch those 50+ passwords and PINs you need to remember, and biometric identification will step up to take their place. Here’s the 1-minute video:
Many of the comments on YouTube, on IBM’s blog, and other blogs around the web are highly critical of the idea that you could log into an ATM, or your social networks, using iris scans or voice ID. The plausibility of the technology itself isn’t particularly controversial, so I won’t talk about that here. Instead, I’ll address three of the most common fears I’ve seen about the implementation of such a system. These concerns are understandable, given the lack of detail in the video above, but I think they’re generally unfounded.
Myth #1. My biometric ID could be stolen. Okay, this one is technically true, but it doesn’t matter. The concern here is that if a password is stolen, you can always change it, but this is clearly not an option with, say, your iris patterns. This is irrelevant because credible biometric systems don’t just ask for the data from your iris (or fingerprints, etc), they require your eye itself (or fingers or body) to actually be present. A would-be thief could take high-res photos of your eyes, record your voice and steal your fingerprints, but unless they have cloning technology readily available, they still couldn’t hack your bank account.
Myth #2. My biometric data is private! I’m not sharing it with Google or my bank. I’m a firm believer that protecting your DNA is among the most important privacy issues of the new century. DNA can reveal many things about your mental and physical health, family history, and more. But no one has suggested using DNA as an identification method, and biometric data does not contain any such information. It is no more private than the color of your eyes.
Myth #3. My biometric data will change and I’ll be locked out. There’s a kernel of truth to this; people do go blind, gain weight, suffer from skin conditions and so on. But this is a practical rather than a theoretical problem. Perhaps ID systems could check multiple conditions, and allow you access as long as you meet 3 out of 5. Or perhaps it’d be possible to regularly calibrate your metrics so they stay accurate regardless of changes in your body. It’s not enough of a reason to give up on the idea completely.
Conclusion: One last caveat before I open it up for comments. Biometric identification can also be used for surveillance purposes, as suggested by one astute reader here. That does invoke a variety of very serious privacy concerns. I’m not advocating for that at all – I just want easy, secure access to things I use every day.
Do you agree with my reasoning? Still have concerns? Is this development worth the risks? Let us know in the comments.