washingtonpost.com  > Technology > Special Reports > Privacy

Page 2 of 2  < Back  

A Trail of DNA and Data

But be careful what you touch, because you are leaving your identity behind every time you take a drink. A Japanese cryptographer has demonstrated how, with a bit of gummi bear gelatin, some cyanoacrylic glue, a digital camera and a bit of digital fiddling, he can easily capture a print off a glass and confect an artificial finger that foils fingerprint readers with an 80 percent success rate. Frightening as this is, at least the stunt is far less grisly than the tale, perhaps aprocryphal, of some South African crooks who snipped the finger off an elderly retiree, rushed her still-warm digit down to a government ATM, stuck it on the print reader and collected the victim's pension payment. (Scanners there now gauge a finger's temperature, too.)

Today's biometric advances are the stuff of tomorrow's hackers and clever crooks, and anything that can be detected eventually will be counterfeited. Iris scanners are gaining in popularity in the corporate world, exploiting the fact that human iris patterns are apparently as unique as fingerprints. And unlike prints, iris images aren't left behind every time someone gets a latte at Starbucks. But hide something valuable enough behind a door protected by an iris scanner, and I guarantee that someone will figure out how to capture an iris image and transfer it to a contact lens good enough to fool the readers. And capturing your iris may not even require sticking a digital camera in your face -- after all, verification requires that the representation of your iris exist as a cloud of binary bits of data somewhere in cyberspace, open to being hacked, copied, stolen and downloaded. The more complex the system, the greater the likelihood that there are flaws that crooks can exploit.

DNA is the gold standard of biometrics, but even DNA starts to look like fool's gold under close inspection. With a bit of discipline, one can keep a card safe or a PIN secret, but if your DNA becomes your identity, you are sharing your secret with the world every time you sneeze or touch something. The novelist Scott Turow has already written about a hapless sap framed for a murder by an angry spouse who spreads his DNA at the scene of a killing.

The potential for DNA identity theft is enough to make us all wear a gauze mask and keep our hands in our pockets. DNA can of course be easily copied -- after all, its architecture is designed for duplication -- but that is the least of its problems. Unlike a credit card number, DNA can't be retired and swapped for a new sequence if it falls into the hands of crooks or snoops. Once your DNA identity is stolen, you live with the consequences forever.

This hasn't stopped innovators from using DNA as an indicator of authenticity. The artist Thomas Kinkade signs his most valuable paintings with an ink containing a bit of his DNA. (He calls it a "forgery-proof DNA Matrix signature.") We don't know how much of Tom is really in his paintings, but perhaps it's enough for forgers to duplicate the ink, as well as the distinctive brush strokes.

The biggest problem with DNA is that it says so much more about us than an arbitrary serial number does. Give up your Social Security number and a stranger can inspect your credit rating. But surrender your DNA and a snoop can discover your innermost genetic secrets -- your ancestry, genetic defects and predispositions to certain diseases. Of course we will have strong genetic privacy laws, but those laws will allow consumers to "voluntarily" surrender their information in the course of applying for work or pleading for health care. A genetic marketplace not unlike today's consumer information business will emerge, swarming with health insurers attempting to prune out risky individuals, drug companies seeking customers and employers managing potential worker injury liability.

Faced with this prospect, any sensible privacy maven would conclude that DNA is too dangerous to collect, much less use for a task as unimportant as turning on a laptop or working a cash machine. But society will not be able to resist its use. The pharmaceutical industry will need our DNA to concoct customized wonder drugs that will fix everything from high cholesterol to halitosis. And crime fighters will make giving DNA information part of our civic duty and national security. Once they start collecting, the temptation to use it for other purposes will be too great.

Moreover, snoops won't even need a bit of actual DNA to invade our privacy because it will be so much easier to access its digital representation on any number of databanks off in cyberspace. Our Mr. Witherspoon will get junk mail about obscure medical conditions that he's never heard of because some direct marketing firm "bot" will inspect his digital DNA and discover that he has a latent disease or condition that his doctor didn't notice at his annual checkup.

It is tempting to conclude that Americans will rise up in revolt, but experience suggests otherwise. Americans profess a concern for privacy, but they happily reveal their deepest financial and personal secrets for a free magazine subscription or cheesy electronic trinket. So they probably will eagerly surrender their biometric identities as well, trading fingerprint IDs for frequent shopper privileges at the local supermarket and genetic data to find out how to have the cholesterol count of a teenager.

Biometric identity systems are inevitable, but they are no silver bullet when it comes to identity protection. The solution to identity protection lies in the hard work of implementing system-wide and nationwide technical and policy changes. Without those changes, the deployment of biometric sensors will merely increase the opportunities for snoops and thieves -- and escalate the cost to ordinary citizens.

It's time to fix the problems in our current systems and try to anticipate the unique challenges that will accompany the expanded use of biometrics. It's the only way to keep tomorrow's crooks from stealing your fingers and face and, with them, your entire identity.

Paul Saffo is a director of the Institute for the Future, a forecasting organization based in Silicon Valley.

< Back  1 2

© 2005 The Washington Post Company