Lines

How Biometric Data Collection Can Be Dangerous — Even When Built With Blockchain

Industry InsightsAugust 13, 2024
New image

Governments have been collecting our data biometric data for decades now, and although some people seem to be bothered by it, most acknowledge it’s a necessary evil — some countries won’t approve your entry without it. However, one thing is to provide our personal data when it’s mandatory; another is to — although willingly — provide it to a private entity in exchange for money. Let’s delve into the latest news on biometric data collection and the dangers behind it.

ID Data vs Biometric Data Collection

The European Commission defines biometric data as “personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data”. These include scanning and storing your irises and/or fingerprints, and photographing your face, among other physical features.

When we talk about ID and personal information, it’s more about date of birth, full name, and in some cases, numbers associated with an individual’s citizenship documents, like an ID card, a driver’s license, or a passport. Some websites require you to verify your identity by providing such information. 10 years ago, your email address or phone number would be enough to open an account on social media. Nowadays, the companies behind these platforms might ask you for more: maybe your address, or ID.

A privacy-centric approach
Companies like Consensys and KILT are currently developing data-collecting tools for KYC and compliance purposes — people are now able to verify their identity online, be it to validate crypto wallets, or to keep an ID in a verified mobile app. This is done with the users’ consent, and they should be aware of the potential risks. Still, the companies developing these verification and storage applications assure a high level of security when it comes to privacy and personal data. The information is usually only stored on the user’s device or account and never released to a public space or the company. This is a very different kind of data-collecting method: it’s supposed to be safe for both users and companies, operating solely as a tool to ease the verification process. To know more about how Web3 thinkers are paving the way towards a safer, more private KYC and compliance world, read our article.

It’s a given
Websites have also been collecting people’s IDs and other personal information — like shopping or eating habits, financial background, etc — for many years now. There’s usually a consent form where each person can choose what information allows to be collected. They use this data mainly to determine market trends, customer preferences, and so on. The real issue arises when the box people tick also includes sharing this data with other entities — it’s hard to know how and for what it will be used.

Governments also collect information, sometimes even more than just our ID. It’s very common to pass through a country’s immigration security and have your retina and face photographed, and fingerprints collected. No one really explains for how long these will be stored, or for what they will (or can) be used. Nowadays, it just comes naturally, usually “for the sake of security”.

The Worldcoin Case

A quick online search for “worldcoin foundation biometric data” unveils countless news about how the Worldcoin Foundation’s efforts to collect people’s data are hitting a wall from governments and official institutions a bit all over the world, from Portugal to Hong Kong. In March, the Portuguese National Data Protection Commission (CNPD) ordered Worldcoin to cease all biometric data collection operations in the country, arguing the need to “safeguard the fundamental right to the protection of personal data, in particular of minors. (…) the CNPD considered that the risk to citizens’ fundamental rights is high, justifying an urgent intervention to prevent serious or irreparable harm.” How did Worldcoin work? They’d set up stalls in major locations like shopping malls and urged people to register and provide their biometric data in exchange for crypto tokens. Until the ceasing of operations, 300,000 people, including minors and migrant workers, had already submitted their information through the Orb device. Most of them didn’t even know what they were signing for, just that they were receiving money.

In Hong Kong, the Office of the Privacy Commissioner for Personal Data (PCPD) also ceased Worldcoin’s operations for the same reasons: due to privacy and personal data concerns.

According to Worldcoin’s website, the company has already stored the identity of more than 6 million people, with the purpose of becoming “the world’s largest privacy-preserving human identity and financial network, giving ownership to everyone.” The idea is that every individual can have a globally-inclusive identity, thus becoming part of the world’s economic system. At the same time, they ensure the privacy of the users’ data. However, the whole system seems a bit ambiguous. Although they assure personal data is “encrypted in transit and at rest”, there are still concerns from governments about the destination of such information. The media mentioned cases where Worldcoin was retrieving data — via the Orb — from minors, and migrant workers, people whose incentive was the money they were getting from providing such important information. Would these individuals be as willing to give their biometric data if tokens weren’t involved?

The blockchain-based project is interesting and poses a great deal of potential, especially with the rapid evolution of AI and related technologies, but the question remains: where does one draw the line?

Virtually any company can be hacked, which means these details that they so vehemently say are safeguarded and protected, can be compromised — although the storage might be done on a decentralized system, the collecting itself usually occurs on a centralized one. Biometric data poses identity theft risks that can last an individual’s lifetime since your iris and fingerprints remain the same forever. A more hypothetical logic can even suggest a higher risk for surveillance and tracking, thus leading to discrimination and other issues.

Blockchain-Based Biometric Systems

When biometric data collecting started, there was no blockchain involved, which meant less security. Most biometric systems are now being built with this technology, which ensures a higher (and stronger) level of security. Worldcoin is being developed with blockchain. According to the company, people only need to sign in once: at the moment the Orb scans the iris. This information isn’t kept; what’s stored is the IrisHash, a set of generated numbers that are unique to each person. The IrisHash is then used to access a digital wallet to create their WorldID or passport.

Last May, the company announced a new multi-party security system to prevent cybersecurity issues: The data from one iris is “broken down” into different pieces that are then stored in different places, which means it’s distributed. To decrypt and read the iris information of one individual, one will have to grab the scattered pieces from all over.

Decentralized systems are, indeed, the safest ones — at least from a technological standpoint. Imagine the following scenario: there’s a hidden treasure inside a box that requires 4 keys. A centralized system would keep all the keys in the same place; they could be hard to find, but when someone did, they’d be able to discover the treasure. A decentralized storage system would have you hide each key in a different place, making it almost impossible to uncover the treasure.

Blockchain provides other advantages, including user control (blockchain can enable individuals to have greater control over their biometric data by allowing them to grant and revoke access permissions through smart contracts), anonymization, and pseudonymization (biometric data can be stored in an anonymized or pseudonymized form on the blockchain, reducing the risk of personal identification and enhancing privacy protection), auditability, and trustlessness. If needed, biometric data stored on blockchain can also be useful for easier and quicker cross-border data sharing.

The integration of blockchain with biometric data collection and storage offers numerous benefits, including enhanced security, privacy, and efficiency. However, it is essential to address the challenges and risks associated with this integration through robust technical, legal, and ethical frameworks. By doing so, organizations can leverage the full potential of blockchain technology to create secure and trustworthy biometric data systems.

• • •

About Integritee

Integritee is the most scalable, privacy-enabling network with a Parachain on Kusama and Polkadot. Our SDK solution combines the security and trust of Polkadot, the scalability of second-layer Sidechains, and the confidentiality of Trusted Execution Environments (TEE), special-purpose hardware based on Intel Software Guard Extensions (SGX) technology inside which computations run securely, confidentially, and verifiably.

Community & Social Media:
Join Integritee on Discord | Telegram | Twitter Medium | Youtube LinkedIn | Website

Products:
L2 Sidechains | Trusted Off-chain Workers | Teeracle | Attesteer | Securitee | Incognitee

Integritee Network:
Governance | Explorer | Mainnet | Github

TEER on Exchanges:
Kraken | Gate | Basilisk

You Might Also Like

New image
Industry InsightsSeptember 01, 2024

Common European Data Spaces: Fostering Data Innovation & Collaboration in the EU

New image
Industry InsightsJuly 30, 2024

Hyperautomation: The Power of Blending AI, Blockchain, and RPA

New image
Industry InsightsJuly 18, 2024

Cybercrime on the Rise: Why Is Securing OT Systems Paramount?

New image
Industry InsightsJune 12, 2024

For the Greater Good: Using Blockchain for Social Change

New image
Industry InsightsJune 10, 2024

Bug Bounty Programs: How Outsourcing Can Help Your Project

New image
Industry InsightsMay 24, 2024

DePINs: Harnessing the Power of Connectivity to Build Real-World Applications

New image
Industry InsightsMay 02, 2024

MiCA & Other Crypto-Related Regulations: Striking the Right Balance

New image
Industry InsightsApril 23, 2024

DEXs on Polkadot: Leveraging the Power of Substrate & Shared Security

New image
Industry InsightsApril 16, 2024

Slot Auctions vs Coretime: What’s Changing for Polkadot Projects

New image
Industry InsightsMarch 19, 2024

DEXs: The What, The Why & The How of Decentralized Exchanges

New image
Industry InsightsMarch 02, 2024

The Potential of Tokenizing Assets: From Houses to Private Equity & Whisky

New image
Industry InsightsFebruary 16, 2024

Embracing Unpredictability: The Role of Randomness in Blockchain

New image
Industry InsightsFebruary 01, 2024

Uncovering Blockchain Consensus Mechanisms: Proof-of-Stake, Proof-of-Work & Beyond

New image
Industry InsightsJanuary 17, 2024

Decoding CBDCs: Advantages & Challenges in the Digital Monetary Landscape

New image
Industry InsightsDecember 19, 2023

Unleashing Scalability and Speed: The Importance of Layer 2 Blockchain Solutions

New image
Industry InsightsNovember 24, 2023

Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines

New image
Industry InsightsNovember 14, 2023

The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software

New image
Industry InsightsOctober 25, 2023

How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control

New image
Industry InsightsOctober 17, 2023

KYC in Web3: How DiD is Saving the Day for Projects & Companies

New image
Industry InsightsSeptember 13, 2023

Blockchain in Aerospace: Reducing Costs & Enhancing Efficiency

New image
Industry InsightsAugust 15, 2023

DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?

New image
Industry InsightsMay 11, 2023

Web3 Bounties: Rewarding Developers with Tokens

New image
Industry InsightsApril 27, 2023

Digital Twins: Increasing Efficiency Without Compromising Privacy

New image
Industry InsightsJanuary 31, 2023

AI and Blockchain: The Combo of the Future

New image
Industry InsightsDecember 15, 2022

L2 in Blockchain: TEE Sidechains vs ZK Rollups

Lines