RALEIGH, N.C. (WNCN) — Apple’s anticipated changeover from passwords to biometric passkeys this coming fall brings up questions about security and who owns your biometric data like your fingerprint, face and voiceprint.
Biometrics for ID aren’t new, but the way in which they’ll be used and stored for passkeys will have to be new.
It will require wholesale changes in the way they’re stored as well as how changes in the concept of much of our physical data we elect to give up.
We already use some forms of biometrics for identification, from facial recognition to fingerprint authentication.
However, as we move closer to using biometric data to replace passwords, some people are concerned.
“I don’t love the idea they have all this information,” said Raleigh resident Liz Adams.
Luis Dominguez is also worried about the collection of biometric data.
“You have no idea what they are doing with that data,” Dominguez said.
Consumer Investigator Steve Sbraccia put that question to James Lee, an expert from the Identity Theft Resource Center, asking what happens if biometric data is stolen and can it be make it 100 percent secure.
“We have to have different forms of technology than we are using for storage today,” said Lee.
Here’s what he means:
Currently, password information is stored in the server where you have the account—making it vulnerable to a data breach. To keep your biometric passkey data secure, it would be stored on your phone where only you could access it.
“If it’s on the device and never leaves the device that’s the most secure it can be unless its stolen,” said Lee. “If you do wind up with a stolen device there’s no way to get the biometrics off it.”
However, there’s another issue—who owns the data that makes up the essence of you?
“I’d rather have a say in owning that information,” said Adams.
“I should own my own data—not Apple,” said Wise. “It’s my privacy.”
“In most of the rest of the world, your data is your data.,’ said Lee. “But, In the United States, your data is not your data. It belongs to the company that collects it.”
Lee says it’s time to change that now, before the technology gets ahead of us.
“We have to get everyone in the room and get an answer to the question and then move forward,” he said.
Lee suggests letting various stakeholders work with the government’s National Institute of Standards and Technology (NIST) in a public/private partnership.
“The government through NIST sets the framework and foundation and the private sector takes that and says here’s how we make that work,” said Lee.
Lee says this is time to set national standards before the technology becomes more widespread.
Currently only Illionois has any kind of biometric standards law.