Biometric privacy and security with no tradeoff: a modest proposal from Anonybit’s Frances Zelazny
There are two traditional problems in biometrics privacy, one of which has a traditional answer, and the other of which has had essentially no answer up to this point, Anonybit Founder and CEO and respected industry expert Frances Zelazny explains to Biometric Update in an interview.
Now, with a new approach to digital architecture, Zelazny believes that Anonybit provides the answer the biometrics industry, and many other areas of digital technology besides, has long been looking for.
The problem is that personal data stored in centralized databases is highly trustworthy, but vulnerable to data breaches, while device-side storage enhances privacy at the expense of security.
The side of the conundrum in biometric privacy which the answer is known for relates to consent and data sharing, Zelazny explains. She has been involved in promoting codes of conduct and responsible use guidelines since they first began to proliferate in the biometrics and digital identity industries around 2000, and says many newer regulations, such as biometrics laws in New York and Virginia and Europe’s GDPR, codify important protections in this area.
“The answer is not to just ban this technology, the answer is how do you put guardrails around the institutions that are using it,” Zelazny explains, “because if it’s not face it’s something else. It all goes into this category of responsible use of any type of personal data.”
Part of the reason for the sustained calls for banning the technology may be the lack of an answer to the second part of the problem, which is what happens if an unauthorized party gets access to someone else’s biometric data. The traditional answer in biometrics is that the images are converted into templates which cannot be reverse-engineered, and in data storage in general is that encryption and access controls provide sufficient security.
“That answer may have been satisfactory twenty years ago, but I think today we’re seeing the dangers of personal information sitting in different honeypots,” Zelazny says, noting the ongoing rash of data breaches. “And we’re seeing the industry stuck in a paradigm of, do you have the biometric in a central database, or do you rely in the biometric that’s stored on the device.”
Breaking up biometric data into pieces for distributed storage to protect the whole has been attempted in the past, but Zelazny says that it has always been necessary to reconstruct the template to perform a match. Doing so has posed another problem, as reconstituted templates have traditionally not retained the relationships between features faithfully enough to make a biometric match.
Biometric matching without holistic templates
Authentication on the device side, such as based on the FIDO protocol, as it is commonly deployed, mitigates the privacy risk by taking on a security one. The individual performing FIDO authentication demonstrates that they are the person enrolled to the credential, but if a criminal is able to steal and register someone else’s credit card on their device, they can use FIDO authentication to perform transactions that preserve their biometric data privacy.
Anonybit’s innovation is allowing data to be processed while it remains stored in distributed nodes.
“Instead of the features and measurements, we’re taking the biometric information and splitting it into what we call anonymized bits,” Zelazny explains, “that’s why the name of the company is Anonybit, and these anonymized bits sit throughout a network of nodes. It’s a multiparty computing system, and there are different types of nodes; there are mapping nodes, there are storage nodes, and there are computation nodes.”
They nodes work together to carry out the authentication, of whatever kind of data the customer wants, with the algorithm of their choice.
“In this way, both the matching and the storage is done in a distributed manner, and you do not need a template to be in a holistic form.”
The same approach can be introduced for onboarding, resetting passwords, vaccine passes, or anything else involving sensitive data. It can be used by business to generate OTPs, do identity lookups, bind a KYC record to an authentication.
This addresses one of the major limitations with FIDO today, which is how to bind the KYC to the device, Zelazny says, as today it is not.
“When you talk about digital ID, you need to be able to close the loop in that privacy by design framework, and that doesn’t exist today,” Zelazny states. “That’s essentially what we’re doing, we’re going to the entire industry and we’re saying ‘leverage our infrastructure for the decentralization, whether it’s for the private keys, whether it’s for the storage of the biometrics, whether it’s for identity lookup. They can put their algorithm on our infrastructure, it’s algorithm-agnostic, and its data type agnostic too.”
Completing not competing
Anonybit’s technology borrows concepts from both multi-party computing and zero-knowledge proofs. Zelazny emphasizes that the company does not compete with identity verification, authentication or biometrics providers, but wants to be an infrastructure partner for them, protecting the privacy of their existing solutions.
She says this approach to distributed architecture enables “what people would want from biometrics on the blockchain.”
Anonybit’s initial implementations are for storing a master password, retrieved with the user’s face biometric, and for KYC. Even master password companies concerned about central honeypots, though, according to Zelazny.
When it comes to digital health passes and vaccine credentials, the initial documentation process is such a mess that it is difficult to know how they can be trusted at all.
“When you have a government-issued identification like a driver’s license or a passport, that’s a trusted document, you know it’s been through a trusted process,” Zelazny says. “And there is interoperability and the recognition of that process.” For vaccination proof, however, she asks: “Who is actually issuing these things?”
A better system might be if a picture is taken on vaccination, which is bound to record and then broken up by Anonybit, Zelazny speculates when pressed. As it is, transferable credentials defeat the purpose of having them at all.
Zelazny says biometric algorithmic players can use Anonybit to implement their matcher in a decentralized form, which makes them suddenly complaint with Privacy by Design principles. KYC providers can use its infrastructure to break down the troves of data they must collect into unusable pieces to eliminate the risk of data breaches.
Even blockchain providers have a similar problem with where to store data that can preserve both security and privacy, according to Zelazny, “which is the last thing with the key.”
“There are companies that have definitely made some progress there, but that final mile still has to be addressed. All of the decentralized credentials, behind it, there’s still a central database. At the end of the day, there’s still a central authority that has to vouch for that credential that they handed out. If you can’t decentralize that original database, then you’re still creating a risk.”
The day of our interview Zelazny spoke to a company about securing critical infrastructure facilities. The potential client is comfortable with holding databases of its own employee’s identity information, but what about contractors and visitors?
The system it winds up with could involve a turnstile, an ABIS provider managing a watchlist, an authentication orchestrator like Ping or Okta, Anonybit as the secure infrastructure provider, and a solutions provider putting it all together.
Ultimately, she says, all entities that hold personal data are potential Anonybit customers. The tradeoff between security and privacy forced by traditional technology can be avoided, elevating the entire industry.
“If you really are able to do decentralized biometrics, both the storage and the matching, you’ve essentially solved the problem.”