Biometrics Privacy in the Cloud Era, Part 2

Biometrics continue to be a hot news topic, especially as the technology penetrates ever-further into our lives and privacy concerns escalate. As we discussed in Part 1 of this two-part series of tech shorts, biometrics has moved beyond our smartphones and into the cloud, raising questions about the ability of the various applications to safeguard our personal data when it is (necessarily) unencrypted while being processed.

The growing prevalence of biometrics has led to concerns about their use in payment apps (such as Amazon One) and travel authentications (such as the TSA’s Touchless Identity Solution). Another recent story involves the questionable use of biometrics for security purposes at sports arenas. But the next generation of biometrics goes even deeper into our private makeup, demanding a technological solution to protect our personal data.

Next-Gen Biometrics Challenge Privacy

For example, the recent collapse of the popular DNA testing company 23andMe has brought to the forefront the issue of who owns our private data, in this case our genetic code. Even before its financial problems, the company faced a massive data breach, failing in its responsibility to safeguard sensitive data, and its imminent dissolution then led to accusations that it was selling off DNA data to the highest bidder in order to stay afloat. The recent news of the company’s bankruptcy has also caused speculation that the data will be used to pay off debt. . The recent news of the company’s bankruptcy has also led to speculation that the data will be used to pay off debt.

Another recent example is that of Worldcoin. The founder of OpenAI, Sam Altman, is trying to implement a groundbreaking way of replacing physical identification (eventually overcoming the scourge of AI bots and fake identities) by creating a worldwide database of retinal scans.  To incentivize people to participate, each volunteer is rewarded with 25 Worldcoins. Worldcoin is an Ethereum-based cryptocurrency that currently has a market value of about $2 US.

While this project is revolutionary, the question of ownership of the scanned data, the ramifications of a breach of security, and the legality of potentially profiting from the collection of biometric data all must be addressed.

FHE Can Overcome the Concerns

One way to ensure that private data remains private is through Fully Homomorphic Encryption (FHE). FHE allows data to be processed while it remains encrypted, such that ownership is no longer as much of an issue. Whether the data remains with the original collector, is sold elsewhere, or even is hacked, it remains always encrypted and, while the data can be processed and used, it cannot be accessed to violate the privacy of the individual who supplied it.

Certainly, there are still issues with biometrics that must be addressed through legislation and regulation, and in many cases, courts will determine whether these companies are acting within the bounds of fair play. But at least with FHE we can rest assured that our personal biometric data will be kept out of the hands of nefarious individuals and our privacy will be secured.