“Biometrics is the ultimate way of proving you are who you are,” Morey Haber, the chief technology officer at BeyondTrust, told Lifewire over the phone. “The problem is that you can’t change biometrics once it’s been compromised.”
Putting a Price Tag on Our Handprints
“That information is now out there and is potentially insecure,” Haber said. “So you’re putting yourself at a very high risk by giving it to them regardless of cost.” If $10 seems like a drop in the bucket to you for your biometric data, that’s because it is. But Haber said it’s difficult to put a price tag on that data. “Ten dollars seems incredibly low to me, but $100 is maybe too high,” he said. “But, if they think they’re going to get a million people enrolled, and they’re spending $10 each, that’s easy math.” However, according to the law, our biometric data is worth a lot more than $10 or even $100. In January, a court ruled that Facebook had to pay out a $650 million settlement to Illinois users. Since Illinois has some of the strictest biometric laws in the country, the court said that Facebook broke state law when it collected facial recognition data on users without their consent for features like automatic tagging. The settlement means each person who claimed it would get about $350—a lot better than $10.
Making Storage a Priority of Biometric Data
“I think biometric data is going to have to be stored somewhere, someplace sometime, I think we’re getting there, whether it is government based, for whatever purposes, there are a variety of techniques to get there,” he said. Storage is an essential factor in our biometric data because, as we’ve seen in the past, there have been data breaches that compromised millions of people’s unique biometric information. Haber said one way to ensure that future breaches don’t happen is to adequately store data by combining biometrics with multi-factor authentication. “I look at having a full palm as single-factor,” he said. “But if the biometric requirement was that you need to give four fingers or three fingers in a specific order, then you now turn it into multi-factor, and the biometric doesn’t matter since you have sequencing stored in your head that could not be duplicated.” Keeping our biometric data secured is extremely important since, ultimately, we would be the ones paying the price if our fingerprints are compromised. Haber said there’s a place for using biometric data in the future, but we must tread lightly. “I do believe biometrics is the future, but it should not just be stored in a single database with bad encryption,” he said.