ENISA Briefing: Behavioural Biometrics (by Giles Hogben, 10 pgs): "an introduction to the possibilities offered by behavioural biometrics, as well as their limitations and the main issues of disagreement between experts".
Particularly topical given the recent news about identifying people based on how they type, although behavioural biometrics, which includes gait and blinking pattern as well as keystrokes, voice or text style and, more subtly, ECG or EEG patterns, of course has benefits from a security & authentication perspective.
From the key points:
- "Some behavioural biometrics, require specialised and sometimes highly obtrusive equipment which may be off-putting to users.
- Other behavioural biometrics on the other hand offer a completely unobtrusive technique to identify or classify individuals. Such unobtrusiveness may be challenging from the point of view of collecting user consent, as required by law in many jurisdictions.
- Data collected by behavioural biometrics may be used for secondary purposes which can involve the processing of highly sensitive data which may be inferred from the data collected.
- Behavioural biometrics are vulnerable to several spoofing attacks."
The briefing also notes the overlap with behavioural marketing ("The same data which might allow the detection of anomalous behaviour for intrusion detection purposes – e.g. keystroke dynamics, haptic feedback etc..., could also be used to classify individuals for marketing purposes.") and the possibility of developing privacy-enhancing technologies to limit the exposure from collected behavioral profiles.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.