I’m sure that responsible commentators on the world of digital finance are not supposed to have a favourite data breach, but I cannot help it. I have a new favourite data breach pretty much every week. My current favourite comes from El Salvador, where more than five million personal records, including high-definition facial photos labelled with the individual’s El Salvador national ID document number (DUI), have been made available for free. The number and nature of the records prompted speculation on social media that the breach is from the Chivo Bitcoin
Bitcoin
Honey In Pots
Now you may be wondering, as I did, why a digital wallet operator would create a centralised honey pot of valuable personal information, especially when that information may be of considerable assistance to criminals of many varieties. And, in particular, you may be wondering why the digital wallet operator would store the facial photos at all. If the selfies were required for onboarding (to match an individual face against a photo on a driving licence or some other ID card) then they should have been deleted immediately after the match was made. If they are retained for future “step up” authentication, then the operator should have stored encrypted biometric templates, not unencrypted biometrics.
Biometric templates are typically much smaller in size compared to raw biometric data, such as a facial picture, which makes storage and transmission efficient, and they are much more secure because they do not store the biometric itself but an abstraction of it. The abstraction is a mathematical representation of the distinct biological traits that are extracted from their raw biometric data through a process known as “feature extraction”.
This is how FaceID works, for example. When you unlock your iPhone, the sensors scan your face and extract the features, then match these features against the template that was stored when you set up your phone. if someone was to break into the secure element in your iPhone they wouldn’t find a picture of your face but a data representation of the key features of your facial biometric.
This reduces the risk of misuse but, it is important to note, it does not eliminate it. If an attacker steals your face template, for example, they may not be able to use it to reconstruct your face, but they may well be able to use it to construct a face that the identification algorithm will match to your template, if you see what I mean. In the face of such “inversion attacks”, where the bad guys can use knowledge of the feature extractor to generate synthetic biometric samples that matches the stored biometric template, the biometric templates themselves must in practice be protected with the same degree of security as the biometrics themselves.
What all of this means is that if you are not going to store the biometric (or the biometric template) in the phone but in a central server then it would be a good idea not to store it in a form it which it can be stolen! Surely there must be other ways to implement biometric matching!
Indeed there are and Sam Altman’s Worldcoin
Worldcoin
The cryptographic implementation (open source and available in a Github repository) allows iris codes to be individually encrypted into multiple different secret shares held by multiple parties. These parties can then work together to compute results over the secret information without learning anything about the secret itself. This means a new level of privacy to in the verification of uniqueness of biometric templates. I spoke to Worldcoin’s head of blockchain Remco Bloeman about the need for the new technology, and he told me that me that it brings a step change to the handling of population-scale biometrics and demonstrates their continued commitment to both privacy and security.
(Following migration of their stored iris codes to the new SMPC system, the old iris codes were securely deleted.)
A Big Step
This is an important step, because SMPC protocols have historically been very resource intensive which is why, despite their privacy protective qualities, they have not seen extensive use for safeguarding these kinds of biometric templates. However, recent work on powerful optimisations in SMPC protocols that make them efficient for machine learning problems has advanced the state of the art.
In the joint work between the Worldcoin Foundation and TACEO, these optimisations have been adapted to create an SMPC protocol for comparing iris codes, an optimisation makes it possible to apply SMPC to the problem of establishing uniqueness that achieves a speedup of more than 10,000 times, greatly extending the use cases.
Magic Matching
Now, like zero-knowledge proofs and homomorphic encryption, this kind of cryptography may seem like magic — comparing a biometric template of your iris to a stored biometric template of your iris without ever bringing together the broken-up stored pieces of the biometric and decrypting them — but it is a tried, tested and well-understood cryptographic method, one of a class of techniques that have long fascinated me because they give us the potential to “square the circle” by giving providing both privacy and security.
New York-based Anonybit, as one example, has deployed similar technology to provide privacy and security to organisations across a variety of sectors. Their CEO Frances Zelazny told me that these cryptographic techniques “represent the future of how biometrics will be stored and managed”. I have say that I wholly agree with her.
There is really no reason to store biometric templates in a form that renders them vulnerable to theft or ransomware. The era of biometric honeypots is over.