Biometrics Privacy in the Cloud Era

By 2022, 81% of smartphones were equipped with biometric scanning, highlighting the convenience such technology offers users. Native biometric systems provide a high level of security by leveraging algorithms and hardware to authenticate users, ensuring that sensitive data stays secure from hacks and leaks within the device. Beyond simply unlocking a phone, biometric authentication also enables quick and seamless access to mobile applications, and this enhanced user experience continues to drive the growing adoption of biometric technology.

However, the next generation of biometric applications is expanding beyond smartphones into the cloud, raising new concerns about biometrics privacy and security. Cloud-based data, no matter how reputable the company or government organization that is handling it might be, is vulnerable, because unencrypted data must be accessed from storage to process and match biometric information.

Next-Gen Biometric Apps in Action

Amazon’s One app takes a photo of a person’s palms, converts them into a digital signature, and stores them in its cloud. The app user can then pay for groceries at Whole Foods without a credit card or phone, simply by hovering his or her hand over a sensor at the checkout. A similar option using face scanning is being implemented by JPMorgan Chase for payments at the Whataburger restaurant chain.

Biometrics are not only being used for retail. The TSA has started scanning people’s faces instead of their passports. Travelers who have registered for the Touchless Identity Solution and added their ID photo to the TSA’s cloud-based Travel Verification Service will benefit from a streamlined security process that results in shorter lines and less friction. In another instance of biometric identification, MasterCard has begun offering facial recognition as an option for accessing its user accounts in place of passwords.

The Threat to Privacy

These applications expand biometric adoptions to hundreds of million users, keeping all that sensitive information in the cloud. While considerate precautions are made to secure it, the data still must be decrypted before it can be processed, making it vulnerable. There have already been examples of biometrics privacy breaches, which are especially threatening because they include vital information that cannot be replaced or changed, such as full name, date of birth, or height and weight.

The Answer is FHE

There is, however, a viable solution to the biometrics privacy issue on the horizon. Fully Homographic Encryption (FHE) is a technology that will change the paradigm and enable processing directly on encrypted data, thereby ensuring that biometric information is kept private, even in the cloud.

Chain Reaction is at the forefront of the race to design and produce a processor that will enable real-time processing of FHE at cloud scale. This cutting-edge technology will usher Amazon, the TSA, JP Morgan, and many others into a new era of privacy-preserving applications, data collaboration, and security, while enabling all the benefits of biometric scanning.