Companies track the way you walk, talk, and swipe.
Being able to verify someone’s identity by the way they talk, act, walk, or otherwise move and communicate isn’t new. But the growth of behavioral biometrics on smart devices is taking it to the next level.
The days of PINs, passwords, tokens, device IDs, geolocation verification are receding into the past. Even thumbprints and retinal scans will seem like old news pretty soon.
The monitoring of hand-eye coordination, the angle at which you hold your device, finger pressure, hand tremors, navigation patterns, and other hand movements are being used to judge how familiar people are with the apps they’re using as well as how well they know the information they’re typing in.
Mostly used by banks at the moment, this technology is expanding in an effort to reduce fraud via stolen information and automated attacks. And since it doesn’t disrupt the user experience (meaning, you have no idea when the tracking is happening), it appears to make interacting with apps far more convenient.
But it’s precisely because these collection methods are invisible that they need more scrutiny before we passively accept them as a new part of our lives. You might not think a company knowing how hard you swipe is going to come back to bite you, but it’s all part of a larger data picture that’s being built without your input. Not everything designed to keep us safer actually benefits us in the long term.
Your data and identity have enormous value to marketers as well as cybercriminals, so, on the one hand, you want to protect it with every tactic in the book. But as we know, the more data that can be collected about you, the more you have to care about keeping it private.
Jennifer Lynch, a senior lawyer for the Electronic Frontier Foundation told the New York Times:
“What we have seen across the board with technology is that the more data that’s collected by companies, the more they will try to find uses for that data. It’s a very small leap from using this to detect fraud to using this to learn very private information about you.”
Some of the information can include medical data. Say your phone sensors come to detect a tremor in your hands. That might help it alert you to a medical issue you’re not aware of, but it can also be fodder for your insurance company.
It may all sound paranoid until you realize that this technology is already programmed into apps. Do you recall being asked for permission to use your biometric data? Probably because you weren’t. The U.S. currently has no active laws mandating the disclosure of this method of data collection and use. California has a law on the books, but it won’t go into effect until 2020.
When policy fails to keep up with technology, it can leave us vulnerable. Can police compel you to unlock your phone this way because it’s not yet recognized as a violation of your 4th Amendment rights? Will we have to wait for someone to file a lawsuit until we’re all protected?
Without being alert to the existence of this technology and its potential risks, you likely don’t know what your digital profile looks like to any of the websites or apps you’re using or how to protect yourself against the collection, storage, or misuse of your data.
Banks and Retailers Are Tracking How You Type, Swipe and Tap (New York Times, 2018)
5 Biometric Safety Measures To Keep You Safer In 2019 (PC Mag, 2018)
The Newest Password Technology Is Making Your Phone Easier for Police to Search (The Atlantic, 2018)
Hold the Phone! My Unsettling Discoveries About How Our Gestures Online Are Tracked (New York Times, 2018)
Biometrics Won’t Solve Our Data-Security Crisis (Harvard Business Review, 2017)