Technology and the future of work

An interesting, if speculative, look into the future of work for government employees:

How the government will operate in 2030 (The Hill)

“Imagine it is 2030 and you are a U.S. government employee working from home. With the assistance of the latest technology, you participate in video calls with clients and colleagues, augment your job activities through artificial intelligence and a personal digital assistant, work through collaboration software, and regularly get rated on a one-to-five scale by clients regarding your helpfulness, follow-through, and task completion.”

But it’s not just the government sector. The convergence of cloud, AI, and biometric identity assurance among other emerging technologies like the blockchain will change the way individuals interact with large organizations throughout the economy.

The proof is in the fingerprint: how biometrics are proving security doubters wrong (memeburn)

Biometrics is not the uncharted Wild West or the strange cousin who lives next door, it is one of the fastest growing markets in the world because it works. It is also predicted to be worth around US$23.3 billion by 2019 with a CAGR of 20.8%. This is one market which is on a steady trajectory thanks to its potential and its ability to reduce fraud and data theft by significant amounts. The proof as they say, is not so much in the pudding as it is in the fingerprint…

A balanced view on authentication

Here’s why the password isn’t going anywhere (IT Pro Portal)

There’s no point in arguing about which security solution is the “best”. It’s pretty clear that the future lies with individuals using a combination of security options, each making up for the weaknesses of the others…

So rather than try to prove that a new technology is the Holy Grail and should replace passwords, it’s time to educate the public to use more than one factor of authentication. Using multiple factors will certainly increase a user’s security more than using one factor alone, no matter how secure we believe that one factor may be.

Security vs Privacy discussion matures…

Roundtable: Identity and access management (SC Magazine)

It’s a line that’s hard to walk, the one between usability, security and privacy – one that might get harder and harder to walk if things keep going the way they are. Increasingly, businesses depend on personal information offered by customers, Chandler reminds us: “We’re going on to a shared business environment, where we share information in order to make the community better.” With the growth of wearables, sensors and the Internet of Things – voice-activated TVs for instance – this trend might be hard to mitigate.

Mature talk on authentication…

Security vs. usability—that’s the choice we make with passwords (Phys.org)

We all need some kind of authentication process if we are to access information systems at work or at home. We know why we need to do it: to make sure we have access to our data and unauthorised people don’t.

So why do we routinely ignore such advice[…]?

Not all passwords protect equally valuable access. It turns out that many people are choosing weak passwords on low-priority systems like retail and media sites, and stronger authentication measures on high-priority systems like finance and work-related systems.

This sheds light on why even rigorous security measures like biometrics are being applied to instances where people are willing to jump through more password-related hoops but find the password regime horribly inconvenient.

Kudos to Morpho

MorphoTrak Leads With Face Comparison Training (Financial Content)

MorphoTrak, a U.S. subsidiary of Morpho (Safran), announced today that it will offer vendor-independent training* in face comparison, filling an acknowledged gap in the field of computer-aided face recognition and facial identification. Automated face recognition systems are common in both law enforcement and civil applications, yet facial matching software can only present the reviewer with potential matches. It is up to the human reviewer to decide whether two facial images belong to the same individual.

*“Vendor-independent training” means that the techniques the course will teach work for all face examiners, no matter what face recognition software they are using.

Kudos to Morpho. Facial recognition is a powerful tool for well-trained users. This challenge is well known among those who have worked to place facial recognition capabilities into the hands of law enforcement and security professionals.

Computers don’t look at the world the way we do. Whether that’s a good thing or not depends on what you’re trying to accomplish. For facial recognition in a law enforcement context, it’s a good thing to have a radically different point of view applied to a challenge.

First, faces are probably the most meaningful objects in human existence. It’s not too much of an exaggeration to say that for millennia human survival has depended upon our abilities at one type of facial recognition: recognizing people you know. Sorting through hundreds of thousands of pictures of people we don’t know in order to match the two that are of the same person, however is not something we’re inherently good at.

Computers can do that in less than a second, then give the two pictures to a human which is very good at making the single comparison &#8212 if that person understands their role in the machine-human partnership well.

Training is the key.

A Millennial’s vision for biometric banking

A Millennial’s Mindset: Money and Biometrics (Finextra)

The best thing for me would be a fast, easy and secure process, designed around me. Why can’t I use my biometric data to have a joined up experience? Without removing body parts, it is hard to steal from you. Biometrics would enable me to identify myself immediately.

We agree; and we’re working on it.

If it seems like things are moving slowly, it’s only because there’s a lot that had to be done on the infrastructure side first. A whole lot.

ID management in the cloud

Biometric Cloud-Based Offers Attractive Deployment (Engadget)

Cloud-based biometric technology offers attractive deployment possibilities, such as smart spaces, ambient intelligence environments, access control applications, mobile application, and alike. While traditional (locally deployed) technology has been around for some time now, cloud-based biometric recognition technology is relatively new. There are, however, a number of existing solutions already on the market…

Younger consumers lead biometrics demand

How mobile identity can unlock the DNA of trust for the financial sector (Information Age)

More than two-thirds of UK consumers think that using biometrics – such as voice, fingerprint, iris and facial recognition – would be more secure and help reduce the risks of fraud. These findings were consistent with consumers across Australia, Singapore, Indonesia, Malaysia, the United Kingdom and United States.

You can use biometrics, too

Biometric Technologies Are Competent To Use In Homes Or Any Establishments (World TVPC)

So as you can see using biometric scanners as a means to secure your home or office building is absolutely necessary. It is one of those things that you would be thankful for that human ingenuity worked towards your favor instead of against it.

Much of the discussion of biometrics tends to represent the technology as something foisted upon ordinary people by governments or corporations. That is changing.

Useful perspective on face recognition technology

Is facial recognition tech really a threat to privacy? (BBC)

Facebook has decided not to offer its photo-sharing app Moments in Europe because of regulator concerns over its facial recognition technology.

And earlier this week, talks between US tech firms and privacy campaigners broke down over fears about how the industry is planning to use the tech.

So why is there so much concern over facial recognition tech, and is it justified? We unpick some of the issues.

Forecast: Key biometrics industries and applications – 2024

Biometrics Market Forecasts (Tractica)

Tractica’s forecasts indicate that key industries in the biometrics market over the next decade are likely to be finance, consumer devices, healthcare, and government, followed by enterprise applications, defense, education, law enforcement, and non-government organizations. Key use cases that are likely to drive biometrics revenue over the next decade include consumer device authentication, mobile banking, automated teller machines (cashpoints), government IT systems, point-of-sale transactions, pharmacy dispensing, and wearable device authentication.

Older Andriod versions had more vulnerabilities

Is Samsung’s Galaxy S5 ‘leaking’ YOUR fingerprints? Flaw means hackers can intercept and steal biometric data (Daily Mail); Forbes piece, here.

The pair told Thomas Fox-Brewster from Forbes that the flaw lies in older versions of the Android operating system, up to and including Android 4.4.

Subsequently, anyone running Android 5.0 or above are not at risk and the security experts are advising people on older models to update as soon as possible.

The semi-technical press seizes upon biometrics as a proxy for personal data. This is old news, but here’s a great example.

A close reading of the article reveals that earlier releases of Google’s version of the Android mobile OS weren’t as secure as they are now. This will come as news to few. The article points out that, “Once inside they can monitor all data sent to and from the phone, as well as data recorded by the handset’s built-in sensors, including the fingerprint scanner.”

Get it? Exploiting the security flaw means that the whole device is compromised: Email apps, microphone, location information, and possibly even the contents of phone calls themselves, but according to the author and editor(s), the news value is in the possibility of capturing a fingerprint image. Of course, it’s their outfit; it’s their call.

For readers here, instead of “OMG fingerprinst[!],” I’d emphasize that:

Not all mobile operating systems are created equal.
Different mobile applications offer a different mix of privacy costs and benefits.
Installing OS updates and patches is very important.
If the OS is compromised, the applications it runs are vulnerable.

Left out of the information readily available online about this hack is how the people at FireEye got their malware onto the hardware in the first place. Past “hacks” of biometric systems have been executed on a playing field that is far more favorable than the real world to the the hackers, where all the other layers of the security regime are stripped away from the one security link they want to test. Here’s a particularly striking example. If FireEye rooted the phone, side-loaded their malware onto the device, and went from there, this isn’t a hack in any real sense — it’s a malware test.

That hypothetical scenario would mimic a real world example where a user lost their phone and bad guys got it, loaded software on it and then returned the mobile device to the user who continued as if nothing had happened. In the security world, if you lose control of the hardware, all bets are off for anything that isn’t encrypted (with a strong key).

So, without more information, it’s hard to say how big a deal this is, or in many (most?) cases, was. In the bigger picture, this is a Google Android OS story. The subtext is that users who care about mobile device security should be thoughtful about what device/OS/app combinations they adopt, keep their device’s software up to date, and be careful about malware.

As automated and convenient security including biometrics becomes better and more common, the highway robbers of the 21st Century are increasingly forced to turn to social engineering techniques rather than frontal assaults on security technology.

See: The Con is Mightier than the Hack

Looking for cyborg customers, or, I forgot to take my Paypill

Kill all passwords by eating them says PayPal (Techworld)

He says external body methods like fingerprints are “antiquated”, and that internal body functions like heartbeat and vein recognition using embedded and ingestible devices are the future, to allow “natural body identification”. LeBlanc says internal devices could include brain implants, and that ingestible devices could be powered by stomach acid that runs batteries.

Time will tell, I guess, but user acceptance has been has been a big issue for identity management solutions using biometrics. A bank asking customers to put something in their body in order to access their money would seem to be of another character entirely.

Perhaps the analysis is meant to provide a perspective on what far-distant ID management technologies will look like. Even then, with the exponential growth of the computing power in “externally carried computers” i.e. smartphones, it’s hard to see how gaining a foot or so of proximity distance by moving the token inside the body lowers error rates enough to justify the mess.

The subtext is this, though:

“We know how to identify machines. People are a pain. If we can just turn the people into enough of a machine, all our problems are solved.” In other words, engineering! There’s a problem here, though. If you turn the machines into people, the machines will probably get harder to identify.

At SecurLinx, we’ll keep at it just in case.