News emerged this week that the U.S. Army, which has been collecting biometric data of locals in places like Iraq and Afghanistan, is going to start storing that data in the cloud. Put simply, biometrics is the collection of personal, physical data using devices like retina scanners, and no matter what way you spin the situation, it’s a potentially pretty creepy practice.
(Do you want the government to take pictures of the inside of your eyeball?) But in a warzone, it seems downright dangerous. Doubly so in the cloud.
The US Central Command has been collecting this kind of data for years, they say, to identify everyone from insurgents to police officers. The methods can be as simple as fingerprinting, and as high-tech as DNA sampling. And, up until now, the data’s been stored locally in order to keep the it from being acquired and exploited by troops and insurgents alike. Accordingly, the US has maintained possession of the biometric data of millions of Iraqis and Afghanis. Wired‘s Spencer Ackerman hypothesises about the danger of the information falling into local hands, specifically in Iraq:
[Army Maj. T.G.] Taylor doesn’t say why the U.S. didn’t hand over its biometrics toy to the Iraqis. But there’s an obvious reason: Iraq’s sectarian divides have not healed. And a database filled with uber-specific information about approximately 10 per cent of Iraq’s population could represent a wish list for a death squad, militia or insurgent group — some of which are aligned with Iraqi political parties.
If the information is stored on servers inside locked compounds, that’s one thing. But things gets dodgy when the military lets it float up into the cloud, where bloodthirsty hackers could gain access. Especially when you consider that the Pentagon’s cybersecurity is famously weak.
The expansion of the military’s biometrics plan also raises questions about domestic use of the practice. David Buckley, a former Naval Officer and CEO of a biometrics technology company, recently wrote an opinion column for the military-centric newspaper Stars and Stripes about the need to use biometrics for immigration and homeland security. “U.S. immigration officials could easily deploy biometric enrollment kiosks at fixed locations around the country while fielding mobile enrollment kits to facilitate enrollment in a variety of settings, including the workplace,” says Buckley.
Oh great, kiosks with retina scanners sprinkled all over the country. Seen Gattaca? How about Minority Report? This is just like like those dystopian futures, where everyone is kept in a register and surveilled on a regular basis. It’s not so bad if you can be assured that the data will be secure. The cloud is not secure. And as we saw with the hunt for the Boston Marathon bombers, people are quick to misunderstand all kinds of data, especially when it come to hunting terrorists.
There are, of course, positive applications of this data. Fingerprinting has long helped cops catch crooks. Palm scanning is popping up in airport security lines to cut down on wait times and to spot people on watch lists who may have fake documents. Retina scans would also be a really sweet way to unlock your front door. These implementations all assume that the data stays secure.
Also, Big Brother.
But beyond the shortcomings with security in the cloud and data falling into the wrong hands, biometrics also suffers from one fatal flaw: it can be faked. Fingerprints can be forged, and even retina scans can be manipulated to make one person appear to be another.
Sure, biometrics technology is getting more and more sophisticated. Let’s not fool ourselves into thinking that it’s actually a flawless system though. Especially when it’s only as secure as the cloud it’s being stored in. [Danger Room]