Data Governance

Biometric Identity Theft

Posted on Updated on

Recently I have been researching the potential of fraud and identity theft using fingerprints from photos posted on social media. Last week Amazon released its “Amazon One” Palm Scanner as a means to pay for purchases when shopping. That announcement made me wonder, what are the potential implications for fraud and identity theft using biometric data taken from images?

Man's forearm and hand, index finger extended to point to one of a series of "digital keys"
Could Photos posted on Social Media sites become the Key to Digital Identify Theft?

There are a surprising number of ways to accurately identify someone from a photo or video. Moreover, there is technology to copy fingerprints from social media photos taken up to three meters away. New technology has been proven effective at using 3D printing technology to create “fake fingerprints” that will bypass many fingerprint scanners.

Technology continues to improve at a rapid pace, which often means, “Where there is the will there’s a way.”

Since fingerprints can be copied from photos taken up to three meters away does that mean a palm print could potentially be copied from a photo taken 5-10 meters away? That question led to an interesting but unscientific experiment where I took pictures of my own hand, enlarged them, and then measured the distance between the ridges and furrows of both my fingers and my palm, and then compared the results of the two. Spoiler – probably not.

There are several areas where that distance was similar for both my fingers and palm. But, there were also areas on my palm where the average distance between “landmarks” was 3-5+ times greater. It turns out that for identification purposes a palm image is often segment into 3-4 distinct regions, likely due to this type of variation. This link was helpful to understand the process.

This research led to an idea for a chip-based embedded filter for smart devices and laptops. It would obfuscate key biometric information when extracting the data for display, without affecting the integrity of the original stored image. This functionality would automatically provide an additional layer of privacy and data protection. It would require optimized object detection capabilities (possibly R-CNN) that were highly efficient, and run on a capable but low energy processor like the Arm Cortex-M. Retraining and upgrades would be accomplished with firmware updates.

Edit 2020-10-13: This article on “Tiny ML” from Medium.com is the perfect tie-in to the idea described above.

While Amazon’s technology is much newer and presumably at least partially based on their 2019 Patent Application (which does look impressive), it makes you wonder how susceptible these devices might be to fraud given reports of the scans occurring “almost instantaneously.” Speed is one aspect of successful large-scale commercial adoption but the accuracy and integrity of the system are far more important from my perspective.

Time will tell how robust and foolproof Amazon’s new technology really is. Given their reach, this could occur sooner than later. Ultimately, multiple forms of biometric scans (such as a full handprint with shape, palm, and fingerprints, or a retina scan 2-3 minutes prior to the palm scan to maintain performance) may be required for enhanced security, especially with mobile devices.

Additional Resources:

Blockchain, Data Governance, and Smart Contracts in a Post-COVID-19 World

Posted on Updated on

The last few months have been very disruptive to nearly everyone across the globe. There are business challenges galore; such has managing large remote workforces – many of whom are new to working remotely, and managing risk while attempting to conduct “business as usual.” Unfortunately for most businesses, their systems, processes, and internal controls were not designed for this “new normal.”

While there have been many predictions around Blockchain for the past few years it is still not widely adopted. We are beginning to see an uptick in adoption with Supply Chain Management Systems for reasons that include traceability of items – especially food and drugs. But large-scale adoption has been elusive to date.

Image of globe with network of connected dots in the space above it.

My personal belief is that we will soon begin to see large shifts in mindset, investments, and effort towards modern digital technology driven by Data Governance and Risk Management. I also believe that this will lead to these technologies becoming easier to use via new platforms and integration tools, and that will lead to faster adoption by SMBs and other non-Enterprise organizations

Here are a few predictions:

  1. New wearable technology supporting Medical IoT will be developed to help provide an early warning system for disease and future pandemics. That will fuel a number of innovations in various industries including Biotech and Pharma.
    • Blockchain can provide the necessary data privacy, data ownership, and data provenance to ensure the veracity of that data.
    • New legislation will be created to protect medical providers and other users of that data from being liable for missing information or trends that could have saved lives or avoided some other negative outcome.
    • In the meantime, Hospitals, Insurance Providers, and others will do everything possible to mitigate the risk of using the Medical IoT data, which could include Smart Contracts as a way to ensure compliance (which assumes that there is a benefit being provided to the data providers).
    • Platforms may be created to offer individuals control over their own data, how it is used and by whom, ownership of that data, and payment for the use of that data. This is something that I wrote about in 2013.
  2. Data Governance will be taken more seriously by every business. Today companies talk about Data Privacy, Data Security, or Data Consistency, but few have a strategic end-to-end systematic approach to managing and protecting their data and their company.
    • Comprehensive Data Governance will become both a driving and gating force as organizations modernize and grow. Even before the pandemic there were growing needs due to new data privacy laws and concerns around areas such as the data used for Machine Learning.
    • In a business environment where more systems are distributed there is increased risk of data breaches and cybercrime. That will need to be addressed as a foundational component of any new system.
    • One or two Data Integration Companies will emerge as undisputed industry leaders due to their capabilities around MDM, Data Provenance & Traceability, and Data Access (an area typically managed by application systems).
    • New standardized APIs akin to HL7 FHIR will be created to support a variety of industries as well as interoperability between systems and industries.
  3. Anything that can be maintained and managed in a secure and flexible distributed digital environment will be implemented as a way to allow companies to quickly pivot and adapt to new challenges and opportunities on a global scale.
    1. Smart Contracts and Digital Currency Payment Processing Systems will likely be core components of those systems.
    1. This will also foster the growth of next generation Business Ecosystems and collaborations that will be more dynamic in nature.

All in all this is exciting from a business and technology perspective. It will require most companies to review and adjust their strategies and tactics to embrace these concepts and adapt to the coming New Normal.

The steps we take today will shape what we see and do in the coming decade so it is important to quickly get this right, knowing that whatever is implemented today will evolve and improve over time.