My Thoughts on Technology and Jamaica: @CarnegieMellon Remote Iris Scanner - Invasion of Privacy Legislation if Remote Iris Scanning becomes popular like Touch ID

Wednesday, June 3, 2015

@CarnegieMellon Remote Iris Scanner - Invasion of Privacy Legislation if Remote Iris Scanning becomes popular like Touch ID

As rumours of the Apple iPhone 6S have already begun to circulate, much of the speculation relates to the new hardware will be present on this latest upgrade. One such possible upgrade may be an Iris Scanner to identify the owner by scanning their Iris as demonstrated in the movie Minority Report.

I say this as researchers from Carnegie Mellon University in the US have developed an Iris scanning equiptment that can identify a driver from as far away as 40 feet as explained in the article “Iris scanners can now identify us from 40 feet away”, published May 22 2015 by Anne­Marie Oostveen and Diana Dimitrova, Phys.org.


In a study involving several participants, they achieved this feat by using the reflection of the driver's eye in the side mirror to capture a scan of their Iris.

Most likely, they used scanning algorithms similar to those used by California Institute of Technology in their Portable 3D Scanning Device as described in my blog article entitled “@CalTech's Portable 3D Scanning Device - How portable 3D Scanning using LIDAR gives a boost to 3D Printing revolution”.

Carnegie Mellon University remote Iris scanning – Participants fear invasion of Privacy

The researchers at Carnegie Mellon University envisioned long-range remote Iris scanning replacing other types of Biometric scanning, including Fingerprint readers.

This may have applications as diverse as helping the disabled control computers and even drive to becoming a replacements for travel documents as envisioned in my Geezam blog article entitled “Samsung’s EYECAN+ Open Source Mouse Upgrade with Samsung Galaxy Sauce”.

But many of the participants in the study feared that the technology could result in an invasion of Privacy, especially in the US of A. The EU (European Union) already has strong privacy laws, so they have little to fear.

Many in the study conducted by the Carnegie Mellon University preferred a physical interaction with the biometric reader such as with the Apple Touch ID as described in my blog article entitled “Apple iPhone and the Sapphire plated Touch ID Fingerprint scanner - The Death of passwords and the birth of Biometrics than a situation where it remotely” determines your identity.


Via tactile interaction, you have more control over your identity as well as you can query why it is being requested. With a remote Iris scanner, your identity can be known without your consent and possibly be used to sell you advertising, again like the Movie Minority Report.

Carnegie Mellon University study fear Acceptance – Resistance is futile if Iris Scanning is popular like Touch ID

The main fear expressed by the participants in the Carnegie Mellon University study was that like all technology, it would meet with initial resistance before it became the norm, as was the case with Touch ID.

Touch ID on the Apple iPhone 5S back in September 2013 was much vilified by detractors when it initially came out, with hackers keen to demonstrate how easily it was to hack the system as explained in the article by chief security researcher at Lookout Mobile Security Marc Rogers in the article “Apple's Touch ID still vulnerable to hack, security researcher finds”, published September 23, 2014 by Seth Rosenblatt, CNET News.

But within a few months after its introduction, it was accepted as a means of making the Apple iPhone 5S more secure.

Touch ID which can be used as your Apple ID's password is the basis for the Activation Lock that's making it harder for thieves to steal your Apple iPhone as reported in my blog article entitled “Apple iPhone thefts down 50% in London - How Activation Lock prevents Apple iPhone theft as CTIA moves towards Killswitch”.

So this form of biometric security became accepted once it proved to be a way of securing your smartphone, as Touch ID has resulted in a dramatic 50% drop in Apple iPhone thefts in major cities across the world. Many of the participants fear the same will happen with this remote Iris scanning technology, especially if it is introduced on a popular platform such as the Apple iPhone.


Only this time, due to its remote reading capabilities, it might end up being licensed for use in other devices, potentially making visions of its use for advertising and identification for the purpose of travel as per the Movie Minority Report come true.

Carnegie Mellon University Remote Iris Scanner - Legal considerations to be considered

So with these worries being expressed by the participants in the Carnegie Mellon University, are there any legal mechanisms to prevent such a future coming to pass?

In the EU, which has stronger privacy laws, companies planning to use the technology would have to demonstrate that it was a necessary and proportionate solution to a legitimate problem i.e. smartphone and Tablet theft, personal identification for travel, Low-cost Personal direct advertising applications.

Testing would have to be done to determine that this was the least intrusive solution as well as determine all the benefits and possible risks to the individual’s personal identity.

EU law also requires it relates to personal information, that persons be informed:

1.      When their personal information is being accessed
2.      Who is collecting their personal information
3.      Why is their personal information personal information
4.      Rights for redress in case of harm arising from the collection of their personal information

Security is also another issue, especially if this Iris scan Data is to be used to give access to financial systems. It would be required that the if the Data be stored on the personal device or on a Cloud Server, that the level of security use the highest possible encryption level possible as well as safeguard to prevent intercept of the Data during transmission.

This may be very difficult, as your personal Data may not always be stored on a Server in your country, making it possible for persons in that country to abuse their access to your personal Data. And like Touch ID, it is already possible to deceive the system, making it subject to further scrutiny under EU Law.

But the big question, aside from these legal considerations is this: when will this be coming to the Apple iPhone or any other Apple Product? Thoughts to ponder as Remote Iris scanning may become the next big trend in 2016.



No comments: