The route to data ownership and protection with decentralized storage
By Anthony Eaton, Chief Technology Officer, IDEX Biometrics
In today’s digital age, citizens across the world are concerned about the ownership of identity. Nowadays, almost 90% of individuals think that one of the biggest threats to society is the infringement of someone’s right to privacy. And, as the world becomes more and more digital, this is having a significant impact on how we handle data. Regardless of the organization or how they intend to utilize the personal data, anything that increases that risk is going to be seen unfavorably.
One area where we are seeing particular transformation surrounding data privacy is biometrics, a solution driven by the increasing need for safe and easy verification.
Considering how to store and safeguard such sensitive data becomes necessary as biometric authentication directly links access to an individual’s identity. Serious questions about data safety and ownership are being raised, regarding the usage of centralized storage – which consolidates an abundance of profile data such as fingerprints and facial features, into one location. This is particularly common in bigger businesses or governments that utilize biometric verification to authorize and allow users access. In these situations, a server that houses a biometric database is sometimes seen to be the most practical method of data storage because everything is housed in one, central location.
Biometric credentials are specific to each individual, and storing them centrally exposes them to fraud and data breaches. Although biometrics is an intrinsically safe technique for obtaining login credentials, data storage must also be taken into account when discussing security. However, to combat the concerns of many within society, decentralized techniques are growing to safeguard users’ privacy.
Removing encryption to increase security
In March 2023 TikTok was pressured to be banned in the US, for fear of user data being shared with the Chinese government. Growing sensitivity around big tech’s influence has been amplified by a series of high-profile breaches over the past decade. Household names including Facebook and Netflix have been subject to serious breaches in recent years. Similarly, Apple continues to patch its infrastructure eight years on from the XcodeGhost malware that compromised 128 million iPhone users.
The upshot of such breaches is twofold. To risk exposing people’s private information in an era of high data privacy sensitivity, and fears over big tech’s growing influence, is a quick way to lose customers, employees and a trustworthy reputation. These access credentials could also unlock wider data pools relevant to the organization, such as business strategy, intellectual property or other sensitive information.
The threat of breaches from all sectors of society is palpable among citizens, and organizations must learn from past breaches and their impacts on consumers. They can do so by demanding that personal biometric security credentials remain truly safe and secure.
A decentralized, off-cloud model where biometric data is encrypted and stored locally offers a highly sought after alternative.
Returning control to the consumer
Centralized storage is effective in certain organizational scenarios. However, it is crucial to implement the highest level of cybersecurity with optimal levels of privacy and data protection.
Decentralized storage involves encrypting sensitive biometric data and removing risk by not having all data deposited in the same place. One example of an off-cloud solution is a biometric smart card. A biometric smart card works by verifying the cardholder’s unique fingerprint. Should the card fall into the wrong hands, it couldn’t be used to carry out transactions. The user’s fingerprint is captured, transformed and encrypted. The encrypted biometric data is then safely stored on the card’s secure element, rather than on on-prem servers or in the cloud.
The biometric sensor market alone is set to triple its 2020 value to $3.3 billion by 2030. This is due to a drastic need for more secure authentication relating to access and payments. In fact, 84% of consumers in the US place huge importance on the privacy of their data in the digitized world, while 62% are so concerned by fraud that they feel it is an inevitable part of the transaction process when online shopping.
This makes biometrics a certainty, rather than a possibility; especially with 58% of consumers now agreeing that biometric payments make transactions more secure – up from 48% a year previous.
Today’s developing security laws, such as the CCPA in the US, GDPR in the UK and Europe, and evolving security legislation equivalents around the world, are pushing individuals and organisations to reconsider how they protect digital assets. However there is a unique opportunity to pivot quickly and reconsider protecting rapidly expanding industries such as biometrics.
