Do We Trust Biometrics Yet? - DTNS WEEKLY TECH UPDATE MM/DD/2017
Added 2017-07-26 18:00:16 +0000 UTCThis is the weekly newsletter companion to Daily Tech News Show at http://dailytechnewsshow.com/
You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns
The weekly update is out a day early this week, since I'll be heading oout for a couple days off. Don't worry, Justin and Roger will keep the shows rolling in my absence!
This week's column was sparked by my discussion with Jason Howell yesterday. As much as I love the idea of going through the airport with no human interaction that I don't choose, I have some concerns. Read on!
CLOSER LOOK - More stories are cropping up about biometrics being used for identification.
Singapore's Changi airport plans to use facial recognition to check you in and allow you to board planes.
http://www.reuters.com/article/us-singapore-changi-airport-idUSKBN1AA185
Delta is testing a system at Reagan National Airport in DC to let you use your fingerprint as a boarding pass.
https://www.theverge.com/2017/7/21/16007676/delta-fingerprint-boarding-pass
Delta partners with CLEAR on that program and CLEAR is partnering with a few major league baseball teams to let people use their fingerprint to skip the line at stadiums.
http://fortune.com/2017/07/25/airport-security-lines-clear/
And of course there are all the examples of fingerprints and irises and facial recognition being used to let you log in to devices.
All this makes me uncomfortable. Remember that the fingerprint itself doesn't get you in to anything. It's the digital signature made from reading your fingerprint matching a signature stored in a database that authorizes you. Apple went to great lengths to detail how it secures that ID when it launched Touch ID. And that's good. Because that signature can't be changed.
I'm not a security expert but I've been told by those that are, that something called forward secrecy is very important and one component of that is not letting old tokens be used for future authorizations. That's why with two-factor authentication you get a new code every time. A fingerprint or face can't be changed. So if that digital signature gets out, that system is toast.
There are many potential mitigating factors to this of course including two-factor authentication. If your face or fingerprint are just one factor the risk goes down. And of course digital signatures can be created in a way where the signature itself is revokable but that's expensive because it means all users would have to rescan their biometrics and have another way to prove who they are.
Given the track record of weak password recovery systems and weak protection of passwords I'm concerned-- not worried mind you, just concerned -- about the prevalence of biometrics. Companies generally seem to want to take the lowest number of precautions possible. See the current state of encryption on the Internet of Things. A company like CLEAR, who's reputation and relationship with the TSA rests on security doesn't worry me, its' the next company that comes up with easy biometrics for other uses.
So don't get me wrong. I'm not raising the alarmist bell saying we should ban biometrics. But I am saying that as we begin to implement it and use it, let's use it properly from the start. Let's implement it wisely at the beginning. And let's put the pressure on companies to be honest about the limits of biometrics, and sensible about the security precautions they take with it.
NEWS RECAP
Adobe announced it will stop updating and distributing the Flash Player at the end of 2020. Microsoft, Google, Mozilla and Apple all are in various stages of reducing support for Flash and all will now end support in 2020. https://www.wired.com/story/adobe-finally-kills-flash-dead/
Microsoft CFO Amy Hood said for the first time, Microsoft got more revenue from Office 365 subscriptions than from traditional Office licensing. Revenue in cloud services overall was up 15% driven by a 97% rise in revenue from Azure. Microsoft reported revenue of $23.3 billion up 13% year-over-year. Gaming revenue was up 3%. Surface revenue dropped 2% but the new Surface Laptop and Surface Pro arrived June 15th giving the models little time to affect revenue.
Alphabet, Google’s parent company, reported $26.01 billion in revenue, up 21% and beating expectations of $25.64 billion. Earnings per share were $5.01 vs an expected $4.46. Revenue in Google’s hardware and cloud businesses beat expectations but online search advertising slowed to 16% growth from 20% a year ago. Alphabet also named Google CEO Sundar Pichai to its board of directors. On the earnings call, Pichai said Google expects there to be 11 Android phones supporting the Daydream VR platform out by the end of 2017. http://www.businessinsider.com/alphabet-q2-earnings-2017-7
YouTube has begun rolling out an effort to redirect searches for extremist content to videos that combat radicalization. This Redirect Method was developed with Alphabet’s Jigsaw think tank. It uses adwords targeting tools and curated videos. https://techcrunch.com/2017/07/20/google-jigsaw-redirect-method-launch-youtube-isis/
Microsoft announced it will add an AI chip to the next version of its Hololens AR headset. The AI coprocessor would mean faster processing times and more mobility since data wouldn’t always have to go to the Internet. Microsoft is designing the chip itself. https://techcrunch.com/2017/07/24/microsofts-second-generation-hololens-will-included-a-dedicated-ai-coprocessor/
Colin Angle, CEO of iRobot, the makers of the Roomba robotic vacuum cleaner, told Reuters it wants to sell mapping data created by Roomba’s to third parties like Amazon, Google and Apple. Starting in 2015 Roomba’s began using a camera and other sensors to make a map of its surroundings. The data could be used by other smart home devices and by companies to market those devices. iRobot said it would not sell any data without customer permission. http://www.reuters.com/article/us-irobot-strategy-idUSKBN1A91A5
Last week, several Verizon Wireless customers noticed Netflix’s speed test tool seemed capped at 10Mbps. Verizon told Ars Technica Friday, that it is testing a new video optimization system. While Verizon says this should not affect the quality of the video, some YouTube users claimed degraded video which went away when they switched to a VPN. The existing 2015 open internet guidelines consider such behavior network management as long as all sources are treated the same. The testing does seem to apply to Verizon’s own Go90 video service. https://arstechnica.com/information-technology/2017/07/verizon-wireless-apparently-throttles-streaming-video-to-10mbps/
After reports that Microsoft Paint had been listed as deprecated in the next update to Windows 10, Microsoft’s Megan Saunders posted that Paint will remain available in the Windows Store as a standalone download. https://blogs.windows.com/windowsexperience/2017/07/24/ms-paint-stay/#JXVGOUvlvZvMdiu0.97
Samsung has sent out invites for a press event at 11 AM eastern August 23rd in New York City. The art on the invite indicates a phone and stylus, with the words “Do Bigger Things.” Samsung is likely to announce a new Note phone. http://www.droid-life.com/2017/07/20/samsung-unpacked-note-8/
Motorola announced a new 5.5-inch Z2 Force Edition which comes with dual rear-cameras (12-megapixel monochrome and color sensors), Snapdragon 835 chipset, 4GB of RAM, 64 GB of storage, and a a 2,730mAh battery. It still has the shatter-resistant display. It comes to AT&T, Sprint, T-Mobile, US Cellular and Verizon starting August 10 costing between $730 and $810 depending on the carrier deal. Like all Z2 models, the Force can use Moto Mods and a new Mod was also announced. A 360-degree camera mod goes on sale August 10 for $300. It has a 150-degree-wide viewing angle and shoots in 4K. http://indiatoday.intoday.in/technology/story/moto-z2-force-specs-price-features-moto-360-camera-mod-and-everything-to-know/1/1011116.html
