//////////////////////////////////////////////////////////////////// t cht lk
questionable, consider VTech’s My Friend
Cayla doll and the ramification for sales,
collection of voice fingerprints and the
mischievous potential for a threat actor
against you or your children.
The storage of biometric data is quickly
increasing, but the implications are just
beginning to be understood and well-
grasped. We need to begin discussing
what we will allow to be stored about our
identity and what is just too risky. And, most
importantly, by whom. Just consider all the
new technology that may now possess your
biometric data:
if you give permission, your data can be
used by law enforcement to help solve
outstanding criminal cases. Your most
private and sensitive data, your DNA, is
now in the hands of a third party. You
should be aware of everything they can
do with it and what the ramifications are
if those services are ever breached.
• Mobile devices and IoT: Cellular
phones, tablets and even door cameras
capture some form of biometric data
and store it on the device or in the cloud
– even if it is not used for authentication
or authorisation. The risk here is obvious.
Some door cameras, based on location,
Morey Haber, CTO at BeyondTrust
the device in hand. You cannot trust these
security models based on biometrics
alone and AI may actually make the
matter worse by performing the PII
linkage for a threat actor.
Opening up a dialogue about
biometric data
Now is the time to begin sensitive
discussions on biometric data. When you
purchase a device, use a new technology,
or consider how you are interacting with a
new service, ask yourself and potentially the
vendor (especially if the technology is used
for work), the following:
• How are you storing biometric data?
• Where is it being stored? Especially what
countries, since this may have other legal
and compliance ramifications.
• How is it secured? Who has access?
• Is my biometric data being purged
over time?
• Do you sell my biometric data?
• Does law enforcement have access
to my biometric data or logs? Even with
a warrant?
• Personal assistants: Amazon, Google and
Apple devices all process voice recognition
commands and can be programmed to
understand individual voices. Your unique
vocal patterns are stored and processed in
the cloud. While threat vectors for human
voice patterns are still very theoretical, be
mindful that this data is being stored.
• DNA kits: If you purchased or used one
of these, your DNA is now on file. And,
www.intelligentcio.com
capture photos or video based on
movement and may capture your picture
just by your walking or driving past it.
Your likeness, unknown to you, is now
potentially on another end user’s device,
or in the cloud. And your mobile phone
or tablet now has fingerprints and facial
metrics stored within it too. There are
plenty of tools and documents on how to
bypass these security models if you have
Biometric data is perhaps the most sensitive
information you possess. It is a part of your
identity and can never be changed. It is a
worthy conversation we need to have in this
sensitive world. It affects everyone, does
not discriminate and as new technology
emerges, stands to cause potential trouble
for everyone unless we understand how our
likeness is being captured, stored, processed
and ultimately utilised. n
INTELLIGENTCIO
79