In 1987, Spaceballs introduced me to biometric identity verification, though it’s as innate as recognizing a face. In hi-tech practice, it assumes certain human parts are unique, that the patterns of our fingerprints and irises vouch for who we are. Later this summer, screening at McCarran Airport will include an option using those measures “to speed travelers through airport security.”
Called CLEAR, the service already operates at nine airports across the country, boasting more than 300,000 members whose information (personal and biological) has been prescreened and stored so they can “consistently get through airport checkpoints in less than five minutes” using dedicated security lanes and kiosks. For $179 a year, you can take advantage of this Qualified Anti-Terrorism Technology certified by the Department of Homeland Security.
The convenience factor is impressive. But security technologists have raised concerns about vulnerabilities in biometric identification. In 2002, widely publicized research by a Japanese mathematician showed that 11 commercially available fingerprint identifiers could be fooled 80 percent of the time with fake fingertips made of the same stuff as gummy bears. Bruce Schneier, a renowned cryptographer and security expert, has pointed out that while biometrics are hard to forge they can be easy to steal. “You leave your fingerprints everywhere you touch, your retinal scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they’ve touched and posted them on the Internet. … Biometrics are unique identifiers, but they’re not secrets.”
In that 2009 essay for The Guardian, Schneier added that biometrics can be very secure when used properly as part of a multistep authentication system, “… they’re just not a panacea.”
Even if they were foolproof in ensuring that you are you, they can’t read your mind. With so many mass shootings perpetrated by individuals with no criminal records, it’s obvious that a person who may not seem like a threat can snap. Systems like CLEAR can’t pre-check human unpredictability. And as biometric safeguards develop and proliferate (some iPhones already use fingerprint capture for authentication), Schneier sees their databases presenting a risk as unique as their users. Compromised passwords can be changed. Stolen ATM cards can be reissued. Eyeballs, not so much.