Tech Toolbox: Biometrics... and Blockchain

The launch of Apple’s iPhone X, equipped with a new facial recognition security feature, prompted me to write this column about biometrics and blockchain. These two issues are important to us not only because we are technology users, but also because of their legal implications.

Biometrics is “the measurement and analysis of unique physical or behavioral characteristics… especially as a means of verifying personal identity.” Think fingerprint and retinal scans, or voice and facial recognition.

One of the biggest problems in this digital age is identity verification. For more than 50 years, we have been using a combination of log-in IDs and passwords to accomplish this. However, stolen IDs and passwords can be used by anyone, so additional steps are necessary. The use of two-factor authentication, which I covered in the July/August 2017 issue, is a more effective user-identification process.

In theory, biometrics should provide even better security because a criminal would need to access individual fingerprints, retinas, etc. Most of us have seen thrillers where severed fingers or eyes are used in this way, but I think we would all agree that those are pretty farfetched for the workplace.

But there is another use case for biometrics that may be even more critical. In the United States, the government began issuing social security numbers (SSN) in 1936. These were originally intended only to ensure that the federal government could track whether citizens would become eligible for certain government benefits. Over time, these rapidly became the standard identifiers for things like taxes, credit scores, and bank accounts.

This wasn’t too bad prior to digitalization, but all that changed once SSNs became accessible online. It’s clear that we need some new way to verify our identities, and biometrics may be the best answer.

But are biometrics safe enough? The fingerprint scanners on the iPhones 6-8 are rated to be accurate to 1/50,000. Face ID is rated at 1/1,000,000 — in most cases, only identical twins would be similar enough to fool the system. Compare that with the odds that some malefactor could obtain your SSN, birth date, credit card, and other personal information online.

Now, let’s incorporate the very different but interestingly applicable concept of blockchain. For those of you fortunate enough to have attended the Opening Plenary Session of the 2017 ACC Annual Meeting, you heard Don Tapscott give a great talk about blockchain and how he thought it could revolutionize aspects of modern life. For centuries, we have been using trusted middlemen (e.g., banks or governments) to make transactions or verify information. This system began to break down when it became possible to hack or fool the system. However, blockchain technology allows participants to connect directly and verifiably, removing the need for any middleman.

Simply put, a blockchain is a type of securely encrypted and continuously updated digital public ledger that everyone can access but no single person controls. This ledger is stored in a network of replicated databases on millions of computers around the world. Every single computer in that network must approve of any proposed change before it can be verified and recorded. So, a hacker would have to successfully hack every single one of those encrypted computers to alter a single record. As cryptography and computers get better and multiply, blockchain only gets more secure.

Tying the concepts of biometrics and blockchain together, it is easy to imagine that in the not-too-distant future, people’s identities could be verified by a unique biometric and that all transactions would be recorded on blockchain. Why would we need credit cards or banks? We would never again need a user ID or password. Passports, notary publics, and driver licenses would become unnecessary. All contracts could be verified, stored, and accessible on the blockchain, and all contractual triggers could be recognized and implemented automatically.

There are some potential dark sides to all this too. For example, authoritarian governments would have unprecedented line of sight into the activities of its dissidents. Still, I’m optimistic that biometrics and blockchain will provide a solution to some of the most vexing problems of the modern age.