The security of biometrics technology is in the spotlight and stakeholders must take a balanced view on its strengths and vulnerabilities, says Isabelle Moeller, Chief Executive, Biometrics Institute. As deployments proliferate, the technology’s credibility rests on the industry’s will to collaborate globally.
The Oxford English Dictionary offers two definitions for the verb ‘spoof’: ‘To make (something) appear foolish by means of parody; to send up’ and ‘To render a system useless by providing it with false information.’
Sadly, where the spoofing of biometric security technologies is concerned only the latter applies and there is little to laugh about. The recent rise of biometrics deployments in consumer services has confirmed spoofing as a vulnerability that needs careful management. A wide variety of specialist interest groups, friendly and otherwise, make it their mission to expose the limitations of each solution brought to market. Indeed, detractors routinely use high profile failures to suggest that biometrics as a mode of security is just too risky a business to be worthwhile. They are wrong.
It’s the system, man
As with all flavours of security technologies, the weak points in biometrics have spawned a race between those creating and applying the solutions and those seeking to undermine them. As new solutions are launched weaknesses are identified, and countermeasures developed.
In May, a BBC reporter, with the aid of his twin brother, ‘cracked’ a high street bank’s voice recognition system, proving the insecurity of the system. The weak point here, however, stemmed more from how the solution was implemented than from a failing of the recognition technology itself. All biometric systems have some vulnerabilities (it’s worth noting that the iPhone’s fingerprint sensor was successfully hacked just a week after launch). What matters is how these vulnerabilities are mitigated.
In general, there are two factors that determine how effective a biometric solution is, and both require some trade-offs to before a useable solution can be reached.
Firstly, the solution is only as good as the biometric data it enrols and then recaptures each time the user authenticates. The recaptured ‘image’ can be impacted by myriad factors depending on the mode being used. Ambient noise can interfere with voice recognition, for example, eyelashes can obscure an iris image, varying skin conditions can impact fingerprints and so on.
Secondly, the matching process also depends on how tightly the solution’s parameters are set. Insisting on too high a degree of similarity between the stored and presented image creates too many ‘false negatives’, where the genuine user is denied access, and the system rendered unusable.
It’s also worth remembering that a hacker never needs to replicate an individual’s biometric image absolutely, they need only replicate enough of it to fool the system. So, if the matching process isn’t rigorous enough then ‘false positives’ result, where fraudulent users are granted access and the point of the system is defeated.
There is always a balance to be struck. How should the system conclude that it has sufficient verifiable data to confirm the user’s identity?
Horses for courses
The choice of biometric modality has a big impact here. The variations between different biometrics mean that some are better suited to particular use-cases than others. Fingerprints, for example, leave a latent image on the data capture surface, which make them excellent for criminal identification. That said, the latent image itself can be copied, replicated and used in a spoof attack. Irises, on the other hand, leave no replicable trace making them far less useful in criminal applications. Thanks to the social sharing revolution, digital pictures of people’s faces are in very easy supply, particularly in developed countries, meaning that facial biometric solutions have to work harder than ever to verify their subject, using 3D mapping and liveness detection techniques.
The technologies are responding. In the near future, the use of new, cheaper multispectral sensors (which simultaneously capture multiple biometric images within a narrow spectrum) will greatly improve the industry’s ability to detect false biometrics. In automated border control systems that use face recognition, for example, infrared sensors can now determine if a mask is being used.
High stakes, getting higher
The growing popularity of iris and voice recognition systems present fresh challenges. Siri, Cortana and Alexa are all gaining serious traction, and when banking and payment apps start to use iris recognition to grant access to the user’s account, the stakes rise significantly, and the motivations of the thieves will surely step up accordingly.
Although improving spoof detection is important, trying to chase a perfect anti-spoofing technique for any biometric is a fool’s errand. Try as the industry might, it cannot prove a negative; it can never say that a capture device is completely fool proof, simply because it can’t be tested against the unlimited universe of current and future spoofing techniques.
With facility comes responsibility
In terms of the end-user experience, biometrics are terrific; they are fast, convenient, reliable and, arguably, are untouchable by any other consumer-facing security technology today. Indeed, the facility enabled by biometrics is driving mass deployments across a host of devices and services; something that is bound to continue, despite its vulnerabilities.
This all adds up to an important point. A single biometric solution is not a ‘silver bullet’ and, in many cases, should be deployed as a factor in a multifactor authentication solution – one that is carefully designed and parameterised to mitigate the risks of failure associated with the use-case to which it is applied.
To this end, biometrics’ credibility, together with the security of those that use its technologies, will be determined by the industry’s ability to identify – and adhere to – best practice.
While the legal framework and policy creation for biometric data privacy remains a matter for lawmakers, commercially independent guiding principles for the design, deployment and operation of biometric technologies already exist. They are the product of international collaboration between academics, governments, vendors and other key stakeholders at the Biometrics Institute.
Only by sharing live deployment experiences, establishing guiding principles, creating best practice guidelines and promoting the responsible use of biometrics globally, can the industry truly claim to be representing the interests of end-users. Biometrics may be perfect, but our use of them is not. As the adoption of biometric technologies continues to accelerate, it is our collective responsibility to ensure we strike the right balance between delivering a great user-experience and mitigating security risks along the way.
Oil prices hit 11-month highs on tighter supplies, Fed assurance on low rates
By Florence Tan
SINGAPORE (Reuters) – Oil prices rose for a fourth straight session on Thursday to the highest levels in more than 11 months, underpinned by monetary easing policies and lower crude production in the United States.
Brent crude futures for April gained 19 cents, 0.3%, to $67.23 a barrel by 0400 GMT, while U.S. West Texas Intermediate crude for April was at $63.30 a barrel, up 8 cents, 0.1%.
Both contracts touched their highest since January earlier in the session with Brent at $67.44 and WTI at $63.67.
An assurance from the U.S. Federal Reserve that interest rates would stay low for a while boosted investors’ risk appetite and global financial markets.
“Comments from Fed Chairman, Jerome Powell, earlier in the week relating to the need for monetary policy to remain accommodative have probably helped, but sentiment in the oil market has also become more bullish, with expectations for a tightening oil balance,” ING analysts said in a note.
A rare winter storm in Texas has caused U.S. crude production to drop by more than 10%, or 1 million barrels per day (bpd) last week, the Energy Information Administration said. [EIA/S]
Fuel supplies in the world’s largest oil consumer could also tighten as its refinery crude inputs had dropped to the lowest since September 2008.
The Organization of the Petroleum Exporting Countries and their allies including Russia, a group known as OPEC+, is due to meet on March 4.
The group will discuss a modest easing of oil supply curbs from April given a recovery in prices, OPEC+ sources said, although some suggest holding steady for now given the risk of new setbacks in the battle against the pandemic.
Extra voluntary cuts by Saudi Arabia in February and March have tightened global supplies and supported prices.
(Reporting by Florence Tan)
Australian media reforms pass parliament after last-ditch changes
By Colin Packham and Swati Pandey
CANBERRA (Reuters) – The Australian parliament on Thursday passed a new law designed to force Alphabet Inc’s Google and Facebook Inc to pay media companies for content used on their platforms in reforms that could be replicated in other countries.
Australia will be the first country where a government arbitrator will decide the price to be paid by the tech giants if commercial negotiations with local news outlets fail.
The legislation was watered down, however, at the last minute after a standoff between the government and Facebook culminated in the social media company blocking all news for Australian users.
Subsequent amendments to the bill included giving the government the discretion to release Facebook or Google from the arbitration process if they prove they have made a “significant contribution” to the Australian news industry.
Some lawmakers and publishers have warned that could unfairly leave smaller media companies out in the cold, but both the government and Facebook have claimed the revised legislation as a win.
“The code will ensure that news media businesses are fairly remunerated for the content they generate, helping to sustain public-interest journalism in Australia,” Treasurer Josh Frydenberg and Communications Minister Paul Fletcher said in a joint statement on Thursday.
The progress of the legislation has been closely watched around the world as countries including Canada and Britain consider similar steps to rein in the dominant tech platforms.
The revised code, which also includes a longer period for the tech companies to strike deals with media companies before the state intervenes, will be reviewed within one year of its commencement, the statement said. It did not provide a start date.
The legislation does not specifically name Facebook or Google. Frydenberg said earlier this week he will wait for the tech giants to strike commercial deals with media companies before deciding whether to compel both to do so under the new law.
Google has struck a series of deals with publishers, including a global content arrangement with News Corp, after earlier threatening to withdraw its search engine from Australia over the laws.
Several media companies, including Seven West Media, Nine Entertainment and the Australian Broadcasting Corp have said they are in talks with Facebook.
Representatives for both Google and Facebook did not immediately respond to requests from Reuters for comment on Thursday.
(Reporting by Colin Packham in Canberra and Swati Pandey in Sydney; Writing by Jonathan Barrett; Editing by Leslie Adler, Stephen Coates and Jane Wardell)
OPEC+ to weigh modest oil output boost at meeting – sources
By Ahmad Ghaddar, Alex Lawler and Olesya Astakhova
LONDON/MOSCOW (Reuters) – OPEC+ oil producers will discuss a modest easing of oil supply curbs from April given a recovery in prices, OPEC+ sources said, although some suggest holding steady for now given the risk of new setbacks in the battle against the pandemic.
The Organization of the Petroleum Exporting Countries and allies, known as OPEC+, cut output by a record 9.7 million bpd last year as demand collapsed due to the pandemic. As of February, it is still withholding 7.125 million bpd, about 7% of world demand.
In January OPEC+ slowed the pace of a planned output increase to match weaker-than-expected demand due to continued coronavirus lockdowns. Saudi Arabia made extra voluntary cuts for February and March.
Three OPEC+ sources said an output increase of 500,000 barrels per day from April looked possible without building up inventories, although updated supply and demand balances that ministers will consider at their March 4 meeting will determine their decision.
“The oil price is definitely high and the market needs more oil to cool the prices down,” one of the OPEC+ sources said. “A 500,000 bpd increase from April is an option – looks like a good one.”
A rally in prices towards $67 a barrel, the highest since January 2020, the rollout of vaccines and economic recovery hopes have boosted confidence the market could take more oil. India, the world’s third biggest oil importer, has urged OPEC+ to ease production cuts.
Saudi Arabia’s voluntary cut of 1 million barrels per day (bpd) ends next month. While Riyadh hasn’t shared its plans beyond March, expectations in the group are growing that Saudi Arabia will bring back the supply from April, perhaps gradually.
Some OPEC+ members also anticipate that the Saudis will be willing to ease cuts further, but it was not clear if they had had direct communication with Riyadh.
Saudi Arabia has warned producers to be “extremely cautious” and some OPEC members are wary of renewed demand setbacks. One OPEC country source said a full return of the Saudi barrels in April would mean the rest of OPEC+ should not pump more yet.
“The Saudi voluntary cut will be back to the market,” the source said. “I’m personally with no more relaxation, not until June.”
Russia, one of the OPEC+ countries which was allowed to boost output in February, is keen to raise supply and a source last week said Moscow would propose adding more oil if nothing changed before the March 4 virtual meeting.
(Additional reporting by Rania El Gamal and Nidhi Verma; Editing by Elaine Hardcastle)
World stocks’ dance to continue, but inflation could mute the music – Reuters poll
By Vivek Mishra and Rahul Karunakar BENGALURU (Reuters) – The bull-run in global stocks fuelled by cheap cash and reflation...
StanChart profit falls 57% as COVID-19 inflates bad loans
By Alun John and Lawrence White HONG KONG/LONDON (Reuters) – Standard Chartered PLC (StanChart) on Thursday posted a 57% fall...
Oil prices hit 11-month highs on tighter supplies, Fed assurance on low rates
By Florence Tan SINGAPORE (Reuters) – Oil prices rose for a fourth straight session on Thursday to the highest levels...
United 777 plane flew fewer than half the flights allowed between checks – sources
By David Shepardson WASHINGTON (Reuters) – A United Airlines plane with a Pratt & Whitney engine that failed on Saturday...
Asian shares jump after Powell nixes rate hike fears
By Hideyuki Sano and Echo Wang TOKYO/MIAMI (Reuters) – Asian stocks jumped on Thursday after U.S. Federal Reserve Chair Jerome...
Australian media reforms pass parliament after last-ditch changes
By Colin Packham and Swati Pandey CANBERRA (Reuters) – The Australian parliament on Thursday passed a new law designed to...
Dollar languishes near three-year lows as Fed’s Powell stokes reflation bets
By Kevin Buckland TOKYO (Reuters) – The safe-haven U.S. dollar languished near three-year lows versus riskier currencies on Thursday as...
GameStop stock doubles in afternoon; even Reddit is surprised
By David Randall and SinÃ©ad Carew NEW YORK (Reuters) – GameStop Corp shares more than doubled in afternoon trading on...
Nvidia forecasts sales above estimates as gaming chip sales surge
By Chavi Mehta and Stephen Nellis (Reuters) – Nvidia Corp forecast better-than-expected fiscal first-quarter revenue on Wednesday, expecting strong demand...
Analysis: Central banks say no tapering. Markets aren’t buying it
By Sujata Rao and Dhara Ranasinghe LONDON (Reuters) – Central bankers worldwide have been unequivocal: There are no plans to...