In this three-part series, I've tried to address the serious data privacy and security tradeoffs that biometrics require when used to replace passwords wholesale -- not least of these being the federal government's interest in "moving beyond passwords" to make searches and surveillance easier. (See parts 1 and 2.) To make this possible, the Obama Administration has been working with the private sector to introduce a federal Internet ID and increase biometric adoption through the National Strategy for Trusted Identities in Cyberspace (NSTIC).
Cozy biometric partnerships between big business and big government are naturally suspect because of the latter's penchant for surreptitiously collecting massive swaths of data on US citizens and its voracious desire for as much biometric data as possible on as many people as possible. For starters, of course, there are Edward Snowden's revelations of the NSA's massive domestic spying campaigns on US citizens and companies, including the NSA's collection of biometric data from picture files stored on the Web and sent via email, MMS, videoconference, and other high-tech technologies at a rate of millions of images daily.
Other examples include the following:
In regard to these considerations, Apple is way ahead on good customer information security than Microsoft. Although Apple's biometrics are far from breakable (you may recall this, this, and this from parts 1 and 2 of this series), the company's latest mobile encryption and data protection, when implemented properly, is very strong -- not to mention backdoor-proof.
This feature has been a bad shrimp in the federal government's net ever since Apple introduced it. So desperate are federal agencies to backdoor Apple's encryption (and, indeed, all encryption not their own) that they have gone on record equating it to pedophilia and child murder.
The NSTIC website's FAQ demonstrates just how little the federal government cares for individual liberties where Big Brother is concerned. As an answer to the question "How will implementation of NSTIC enhance privacy and support civil liberties?" the FAQ goes on for paragraphs about keeping the private sector in line privacy-wise, but has only this to say on the topic of civil liberties -- an afterthought at the very end:
"[T]he Identity ecosystem allows you to continue to use the Internet anonymously, which supports civil liberties like free speech and freedom of association."
Read that again. It is a bland statement about the the Internet, in general, "support[ing] civil liberties" -- without saying anything about NSTIC, federal Internet IDs, or the government.
Yes, the Internet supports liberty and freedom ... when government is not tracking an individual citizen's every move. If the government really supported anonymous Internet use and data privacy, its agencies probably wouldn't have it out for Tor users -- people federal law enforcement agencies have likened to terrorists.
Even the NSTIC page, however, recommends multifactor sign-on, making the case that a single multi-use password with an accompanying credential is more secure than different passwords on different sites. The position is debatable, but there is no question that multifactor authentication offers superior information security -- and that passwords remain an integral authentication component.
Attend Interop Las Vegas, the leading independent technology conference and expo series, designed to inspire, inform, and connect the world's IT community. In 2015, look for all-new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio