Biometrics firm SureID and AI-startup firm Robbie.AI are teaming up to launch the first U.S. biometric database.
SureID has a nationwide network of fingerprint enrollment kiosks while Robbie.AI uses technology to authenticate using AI-based facial recognition and behavioral prediction that could be combined to create a nationwide biometric databased for consumer focused initiatives, according to a press release.
The technology could be used in retail authentication, employment verification, IDs for keyless automated vehicles and other multiple biometric authentication levels and the companies say they are using the highest security measures to protect their data.
“SureID plans to continue to lead with advanced security threat responses and military-grade security mechanisms designed to thwart bad actors and protect personal and corporate security,” SureID General Manager Ned Hayes told SC Media. “SureID R&D is currently researching technology that could allow individuals to have full control over their biometric data information without concerning themselves with the required backup strategies.”
Furthermore, Hayes said his firm is one of a handful of selected FBI fingerprint channeling partners and that its system provides end-to-end encryption, physical and electronic security measures in a secure cloud infrastructure validated and approved by the FBI and other government agencies.
Karen Marquez, CEO of Robbie.AI, told SC Media that her firm never stores frames from video or photo and only saves biometric cues through coordinates and other custom indicators from the original face in the form of numbers that are stored as a ciphered binary.
“There is no way to link this binary data to personal data or a person identity from our backend because we do not keep the original person link,” Marquez said. “Moreover, even in the event of any attempt of compromising the database, deciphering the binaries into raw descriptors provides hundreds of thousands of floating point numbers.”
Marquez added that there is no way to reverse engineer the numbers into pixels, know who the numbers belong to, or even understand them as they are separated and stored into a different provider and data center.
In addition, Hayes said SureID today only collects data that has been submitted to their system via full consumer knowledge and full consumer participation, for authorized purposes only, and that it collects data and deletes data in full compliance with all government regulations regarding data preservation and deletion.
Despite the assurance, the technology has privacy and cybersecurity experts concerned about the companies’ abilities to protect the data, how the data will be used, and the potential for misuse.
“On one hand, I appreciate the need for rapid identification of people who intend to cause harm and the ability to detect these people quickly in public places,” Chris Morales, head of security analytics at automated threat management solutions firm Vectra, told SC Media. “On the other, it sounds like a huge privacy nightmare as I am very concerned about the misuse or manipulation of a database of biometric authentication at this scale.”
Morales said a national biometric database is almost inevitable since society and governments have been heading towards some form of rapid real time person identification for decades. This started with video security monitoring cameras in most public places around the world, and the addition of machine learning has even made it possible to recognize the way a person walks as a unique identifier.
“I think as a security industry, our best course of action is to work with the national governments to ensure any biometric system is highly secure and has auditing and oversight to ensure the proper use of the biometric data,” Morales added. “This type of data would mean anyone could be found instantly at any time. It could be very scary.”
The technology also causes worry to some considering the backdrop of recent elections where many states’ voter identification procedures are woefully lacking.
“It is a little concerning that some loose affiliation of private companies will have the ability to identify me in public and track me without my consent,” Rick Moy, chief marketing officer at Acalvio, said. “And do who knows what with the data to sustain their business models.”
Other researchers emphasized that despite the protections in place, the data could still potentially be misused even by law enforcement.
“AI and ML algorithms often mirror and amplify the biases of the data collected,” Abhishek Iyer, technical marketing manager at Demisto, said. “If criminal investigations will be based on biometric recognition whose accuracy is already compromised by bias, it can lead to wrongful arrests, distress for US travelers, and lost government resources.”
Not everyone was against the technology and some even supported it, Frances Zelazny, BioCatch chief strategy officer, said there is a dire need for a better system in the U.S. to more accurately identify, and verify that people are who they say they are.
“Because there is no central ID system and personal information is widely available on the Internet thanks to the data breaches, the classic KYC process no longer works in the U.S. and in essence,” Zelazny said. “The Internet of Things will only continue to make our world more interconnected, and where we present our identity on one application may mean that several other modes are affected.”
Zelazny added that action is needed from government, private sector and consumer advocate stakeholders who must collaborate on an identity framework that can support trusted online interactions.