Technology enthusiasts are eager to see biometric technologies become the norm in identity verification, as are public and private sector leaders who are focused on protecting societies and maximizing financial bottom-lines. But while biometrics have proven their ability to enhance safety, security, efficiency, and revenue, a major hurdle continues to stand in the way; the availability of trusted reference data.
In the world of identity management, everything is predicated on trust. The risk and liability from getting an identity ‘wrong’ is too high for many organizations. Unfortunately, trusted biometric reference data is all too often not available.
As such, proponents of biometric solutions are aggressively pursuing solutions . Thus far, the potential of blockchain has received mainstream acclaim. Is blockchain the answer?
How Blockchain Entered the Biometrics Discussion
Blockchain has existed since the introduction of Bitcoin currency in 2008, but early interest was limited to the tech world. \nOnce early Bitcoin investors started realizing big returns, however, mainstream interest in blockchain skyrocketed. And so too did the prescription of blockchain for many of the world’s problems, including how to source trusted biometric reference data.
In the case of biometrics’ data challenge, the belief (or at least hope) in blockchain is understandable. People and organizations are seeking biometric reference data that they can trust, and blockchain is generally associated with solutions that enable trust.
Biometrics are also part of the personal data that societies are increasingly trying to regain control of. Similarly, blockchain is generally associated with solutions that involve decentralized control.
A major hurdle continues to stand in the way of mass biometric adoption.
What Is Blockchain, Really?
While there is no shortage of explanations on what blockchain is (or may be), most trigger more questions than answers. Understanding why blockchain was created can, however, provide some clarity. Societies have come to increasingly rely on financial institutions for processing digital currency transactions between two parties. This reliance stems from the need for assurance that digital currency being exchanged has not already been spent (i.e. double spent) elsewhere or in a similar regard, counterfeited.
While this intermediary reliant model has served an important purpose, it is not without its weaknesses. For one, financial institutions produce and subsequently charge significant costs in providing this ‘trust’ service. Such intermediaries also slow the process down despite the speed that is inherent with digitalized processes. Lastly, financial institutions have themselves taken actions that lessened society’s trust in them. The causes of 2008’s financial crisis is one notable example.
In the world of identity management, everything is predicated on trust.
Given a rise in advanced data encryption possibilities and one powerful idea, however, an alternative to the intermediary reliant model arose. Bitcoin was created based on the concept that costly intermediaries would no longer be required if digital currency transactions could be securely logged across decentralized, public ledgers (i.e. ablockchain).
Bitcoin’s concept was important, as users would no longer have to rely on a financial institution for trusting the legitimacy, and for that matter the value, of currency. Blockchain-enabled digital currencies could provide relative certainty that forgery of currency, specifically those of no intrinsic value, had not happened.
Is Blockchain Right for Storing and Availing Biometric Reference Data?
While blockchain and biometrics are both associated with themes of current day importance (trust and control), blockchain came as a solution to a set of problems much different than those inherent to biometrics. As with other past inventions like the internet or penicillin, however, inventions can sometimes be applied beyond their original use case. Hence the question: is blockchain the right choice for storing and availing biometric data to identify and authenticate customers and employees?
The short answer is no.
‘Double Spending’ is Not a Problem
Organizations do place importance on understanding when a biometric may first have been enrolled (i.e. created) and later updated. However, they do not have a ‘double spend’ problem to worry about in the case of biometrics; identity is not of the same transactional nature as currency. Consequently, blockchain’s incorporation of synchronized and historically / time consistent data stores is not of use in the case of biometrics.
Blockchain has been prescribed for many of the world’s problems.
Need to be able to Modify Biometric Data
Biometric data entries need to be updated due to human aging. Evolving privacy regulations may further rule that data previously logged to a blockchain is in violation. Considering that blockchains do not allow for the modification of historical data, or at least are not intended to, blockchain is incompatible with current biometric needs.
Coming Cyber Risks
Biometrics need to be linked with biographical data so to be of use in verifying the identity of a customer or employee. Considering that both biometric and biographical data are sensitive, personally identifiable information (PII), blockchain is not a viable solution long-term. While not under immediate threat today, the encryptions which blockchains rely on for immutable data security are expected to come under threat upon the arrival of quantum computing.
Key Participants Missing
There has been and remains limited debate over society’s trust in the traditional sources for identity verification (State and Federal Governments). State and Federal Governments will also likely never relinquish control of the data that they use for their own identification and authentication purposes (now including biometrics). Considering that blockchain caters to those environments where trust is lacking and contention exists over who should control the data, blockchain is not a solution.
Blockchain is not right for storing and availing biometric data used to identify and authenticate individuals.
What is the Answer?
Blockchain has received acclaim for being the answer to many of the world’s problems. But when it comes to storing and availing biometric data to identify and authenticate customers and employees, blockchain is not a match. For one, blockchain includes certain inherent features which drive costs but are not of value in addressing biometrics’ data challenge. Blockchain based biometrics is also not future proof, neither from a regulatory nor data security standpoint. And finally, key participants such as governments are unlikely to ever buy in to blockchain’s governance scheme.
Fortunately, alternative solutions exist and are rapidly maturing.
Biometric identification services like that of U.S. Customs and Border Protection’s Traveler Verification Service (TVS) do have potential. TVS is currently offering select organizations and use cases, biometric reference data that they can trust. TVS also presents an alternative to customers having to avail one’s data to the private sector, the same private sector that societies are trying to regain control of personal data from.
Decentralized personal data stores, also known as identity wallets, administered by governments also carry significant promise for similar reasons as offered with TVS.