Is This Silence Due to Awareness of Complicity?

Biometrics has continuously contributed to providing a favorable environment to criminals, not to citizens, for nearly two decades and the public has been misled to believe that biometrics has provided better security for citizens.

This false sense of security might well keep causing huge damages on our societal life for many more years unless somebody speaks out articulately.

A default/fallback password isn’t the password, is it?

Let us infer what biometrics promoters and adopters would assert in order to justify their allegation that biometrics, which depends on the password, can displace the password.

It could be "We are aware that consumers have to rely on a default password as the fallback measure in case of false rejection. But, the consumers can complete the authentication without using the password/pincode when they are not rejected by the biometrics. This observation encourages us to assert that biometrics enables us to achieve a password/pincode-less authentication while providing good convenience to citizens".

What those people would not mention is "We are not interested to talk about the reality that the adoption of biometrics has enabled criminals to capitalize on the two entrances placed in a 'multi-entrance' deployment which has brought down security to the level lower than a password/pincode-only authentication. Convenience that we offer actually benefits criminals."

Nice Convenience for Citizens or Criminals?

Biometrics promoters have persuaded us into believing that nothing is more convenient than putting your finger on a device or looking into a camera. They do not tell what is behind this convenience - security was brought down to the level lower than a password/pincode only authentication as demonstrated in this 2-minute video.

Good convenience offered to citizens is often the same as the lowered security offered to criminals. We should note here that criminals' motivation to look for good convenience (=lowered security) is probably far greater than citizen's motivation to enjoy good convenience. We should also bear in mind that this kind of convenience could bring a huge inconvenience; Imagine what sort of inconvenience the victims of security breach would have to suffer.

There is no problem in a convenience-first product being declared as a convenience-first product, but it is ethically wrong if a convenient-first product is disguised as a security-first product.

The structure is so simple and plain. It is a conundrum how come reputed banks and other leading service providers have been so indifferent to such simple and plain facts.

Security professionals, who cannot be unaware of these security-ruining effects of misused biometrics, remain silent. It's most worrying.

Is This Silence Due to Awareness of Complicity?

PS

I have come across this report - U.S. senator pushes for cybersecurity review of remote biometric voting app

It is frightening to know about a remote voting system, with which security was brought down to the level lower than a password-only authentication. It is highly probable that the US senator quoted in the report is not aware of the security-lowering effect of biometrics.

< Related Publication >

“Negative Security Effect of Biometrics Adopted in Cyberspace” on PenTest Magazine.

#identity #authentication #password #security #safety #biometrics #ethic #privacy #civilrights #democracy