Is it safe to share biometric data? Tech expert weighs in
Apple has been using your face data for security for seven years. You likely use your fingerprint to unlock at least a few of your devices.
But have you paid with your palm at Whole Foods yet? Did the Transportation Security Administration scan your face the last time you were at the airport? Using biometric info like your fingerprint and face can save a little time, but a whole lot of potential security risks come along for the ride.
Should you give companies and agencies access to your most personal data? I’ve got the scoop so you can decide for yourself.
Catching a flight any time soon?
You’ve probably used the old TSA tech, similar to Apple’s Face ID. They snap a pic and compare it to your ID to confirm it’s really you trying to get through security. Nice to know: They say they delete images of you once you’re through the process.
The TSA’s new Touchless Identity Solution works a little differently. All you do is look at a camera and wait for an agent to give you the green light. Fast and easy! What’s the catch?
For this process to work, you’ll need a U.S. passport and TSA PreCheck. You’ll also need to be a member of a participating airline’s loyalty program. When you check in through your airline’s app, you’ll be prompted to opt into a biometrics scan.
If you opt in, you’ll allow the TSA to add your photo to a cloud-based verification service. Step up to the camera, and it matches your live image with the stored one. The TSA says both images are deleted within 24 hours of your flight’s departure.
It’s not just the airport. 5 places you’re being recorded in public.
Talk to the hand
Whole Foods uses a process similar to the TSA’s with its palm scan tech. Through the Amazon One app, you can link a credit card to your “palm signature.” Scan your hand in-store, and the data is compared to palm signatures stored in the Amazon cloud. When a match is found, you’re paid up and good to go.
Now, Amazon says they only save the mathematical data behind your palm signature, not actual photos of your hand. This means a hacker couldn’t use a high-quality pic of your palm to pass as you.
The safety dance
So are these more advanced biometric screenings hacker-proof? It’s unlikely a crook could fool a biometric reading in the airport. Agents would figure it out pretty quickly.
Even at Whole Foods, it’d be tough for someone to use an image of your palm to pay. Their systems also employ something called “liveness detection,” capturing motion, depth and texture, too.
But remember, as technology advances, so, too, do criminals. Artificial intelligence deepfakes are already much better than they were just a year ago. There could come a day when a deepfake mask could fool facial recognition software, especially when there’s no real person standing there to double-check.
WATCH: Companies are paying for AI avatars in their ads. You have to see this one.
The biggest issue I see
Let’s say we trust government agencies and big companies to store this biometric data. That doesn’t mean they’re immune to data breaches. When you hand over any kind of data, it’s 100% a hacker’s target.
Thinking about opting into one of these services or another like it? Here’s how to protect your biometric data:
◾ Before you let a company or agency access your biometric data, consider its reputation. The TSA is more reputable than a random shopping app. At the very least, search for the org or company with the term “data breach.”
◾ Whenever possible, use your biometric data in tandem with a strong password, two-factor authentication, or an authenticator app.
◾ If you have to upload biometric data online, use a virtual private network to secure your internet connection first – especially if you’re using a public network. This is an extra barrier between you and anyone else lurking there waiting to steal files.
This article originally appeared on USA TODAY: Can biometric data be hacked? An expert weighs in
link