EPISODE 28
Podcast: Bob Eckel on Biometrics and the Future of Secured Identities
Robert Eckel is a board member at the International Biometrics + Identity Association (IBIA) where he serves as director. He is also president and CEO of Aware, a biometrics company working on privacy and identity ownership.
As businesses become increasingly automated and more industrial internet of things (IIoT) devices come online, securing these devices becomes increasingly important.
On episode 28 of Supply Chain Next, Richard Donaldson talks with Bob Eckel about the many applications for biometrics in supply chain, controlling individual access through biometrics, and navigating the privacy issues this creates.
Listen to the podcast below or watch the video version on YouTube.
Highlights from the Conversation
I’ve got Bob Eckel with us today and this is going to be interesting. Biometrics is Bob’s speciality so let’s dig right in. Bob, who are you and how did you get to where you are today in the quickly advancing field of biometrics?
- It’s been a long journey but a good one. I didn’t begin in biometrics and identity verification.
- I graduated from the University of Connecticut and knew back then that I wanted to work for an innovation leader. I also wanted to live someplace warmer so I moved to Southern California. I received an offer from Hughes Aircraft Company (acquired by Raytheon Technologies in 1997) and thought this is where I’m going to start.
- I then attended the University of California, Los Angeles (UCLA) and got my master’s degree in electrical engineering.
- Then I moved back out east to Boston to work with Raytheon. It turned out they bought Hughes Aircraft Company so I got to work with some of my coworkers from the past.
- Raytheon asked me to put their assets together (from their newly acquired companies) to run an air traffic control business.
- I didn’t think about identity management much until September 11, 2001. Right after that terrorist attack there were no more planes in the sky.
- I asked myself how could a couple pieces of plastic, the false identifications used to steal the airplanes, take the whole country down? This got me thinking about the need for better identity security.
- I went to work for Digimarc. It was my job to run the identification part of their company. I focused on implementing biometrics into the driver’s license verification systems. I had to work to remove redundancies there to make sure we had one identity per person.
- It was a long transition but now most of the USA is using biometrics in their driver’s licensing issuing systems.
So somewhere along the way you’ve also registered 25 patents. How did these patents fit into your journey through biometrics and identity verification?
I don’t want to overlook the fact that you built the air traffic system that basically runs all of North America.
- We did air traffic control all over the world starting in North America. Every time I took a plane I was reminded of our work.
- We helped to augment the world’s global positioning systems (GPS) and radar systems and all of the software behind them.
- I keep going back to the word “systems”. Most of my patents are in systems, connecting systems that don’t seem like they belong together. For example, optics and electronics.
- The patents revolve around trying to make people’s lives better or to solve a problem.
- One of my patents involved, for example, the huge zoom lenses used on football fields. I wanted to make optics that were usable for wide shots and closeups, which wasn’t easy since they use different forms of optics.
- With the advancement of electronics and imaging devices it has become much easier to quickly change between different fields of view and resolutions.
- My company, Aware, is working on a future where you can “own your own identity”. It’s a system where you provide your identity—only the information you want to provide—and then it can be used to verify you across other systems.
- For example, when you go to buy alcohol they don’t need to know where you live, they only need to know your age, so only your age is shared with their systems.
- The end user can choose what information they want to share when their identity comes into question (as in the example of purchasing alcohol). This puts control back into the hands of the people.
Fingerprints and retinal scans contain information that is private. How do you view the concerns of privacy over people’s biometric data?
- This is why I believe that every individual should own their identity.
- Aware is in the business of creating software and technology that people use. Our systems are such that you can opt-in as an individual for a benefit, such as getting through a busy line quicker or processing a payment. We do not do surveillance, only identity verification.
- The individual can opt-in to use their biometrics to increase convenience in their lives.
- We need to look at the problems we’re trying to solve and see how biometrics can make somebody’s life better. That’s one of our slogans: “bringing biometrics to life”.
- We need to explain to people how biometrics can provide different levels of security. For example, we don’t need biometrics to transfer $200 to somebody whereas much larger amounts of money would or could require a face scan, fingerprint, retina scan, or voice recognition.
So far we’ve discussed the benefits and uses of biometrics concerning people and their personal data.
What about the world of assets? Assets have an identity that needs to be protected too.
Where do you see biometric data going in terms of protecting assets?
- Let’s take a look at the nation’s power grid. That is an incredibly important asset to protect—and it’s also a part of a supply chain. The power grid of the entire country is an identity of its own and it requires protection.
- Imagine if somebody was able to get access to the power grid to control it or change it in some way. This would be a great place to apply biometrics for identity verification so only qualified people are able to make changes to the systems, which could affect many people in a serious way.
- Nobody would have to know it was you making the changes on the power grid. With biometric data the only thing that matters is that the protection system knows who you are and that you have been cleared to interact with the grid controls.
- So the biometrics are capable of protecting the people, the supply chain, and the power grid’s systems.
How do you see biometrics and the ability to choose your level of security affecting the industry of security itself?
- Using biometrics alone we are enabling financial institutions to process millions of transactions.
- People are able to sign up for a financial service and then use it without needing to visit an actual brick-and-mortar location. This has obviously helped during COVID where physical touch must be avoided or reduced.
- Our technology allows you to enroll remotely. We can tell if an adversary is trying to fake their identity with a mask, or a video or picture of another’s face, or other fraudulent tricks.
- We can use your face and your voice for verification before performing a financial transaction.
- We can match the biometric data to the application. High value assets and transactions will require more detailed biometric data.
Any thoughts, examples or use-cases regarding the use of biometrics to protect a supply chain and its asset data?
For example, if we wanted to get specific information on a batch of COVID vaccine during its trip through the supply chain, can we know who issued the vaccine, its dosage, etc?
Certainly biometrics would be very useful in protecting information like this? Would we assign the protection to the individual accessing the data or to the vaccine itself?
- That’s a great example. Biometrics are being adopted to prescribe medication. So for something simple, like medication for a rash, the process would just be the regular way of doing it. But for something that is a controlled substance, like pain medication, biometrics would be used to grant clearance for the issuing physician since pain medication is a serious drug. This could involve facial recognition, a fingerprint, voice recognition, and a retinal scan.
- Now there is a trackable chain of data. If a forensic investigation requires information on who prescribed the medication it’s now available.
- If any abnormalities are caught by the system, for example, if there’s a physician prescribing higher-than-normal amounts of pain medication, an investigation can be launched.
- Blockchain could be useful here. The IDs that are created and assigned to a person or item can be tracked if required.
- Healthcare is now examining the use of biometrics to enhance security.
- Biometrics is being considered for many other industries and uses too.
This is getting really interesting. Think of computer generated imagery (CGI). Nowadays people can use CGI to recreate an image of a person and they’re becoming pretty convincing. Could a faked image be used to gain clearance to a biometrically-guarded system?
- It’s all about data and statistics. Can I say that biometrics are absolutely perfect? No. There will always be somebody with access to large amounts of money who can take a good shot at tricking a biometric defense system. But we’re always improving and the more attempts to crack a system the better we get.
- We’re always evolving and improving. For example, we adapted the use of capturing facial recognition so users were able to receive a facial scan with their COVID mask on without having to redo the data collection phase. This required a learning curve on our end but we did it.
Can you talk about the natural fear that people have concerning the protection of their biometric data? Who guards the data? How are they cleared to do this?
- The main vulnerability exists mainly during the actual collection phase. Once we have the data encrypted and converted and not as images there usually aren’t any more reasons to worry.
- We don’t keep your actual biometric data after we’ve collected it. It’s been transformed to the digital realm of 1s and 0s.
- The data is then no longer associated with anybody or anything. It is simply an access pass used on various systems.
Do you see blockchain as being useful in the anonymous centralization of biometric data?
- We provide biometric services all over the world and everybody constructs and uses their systems differently.
- Some prefer centralized databases, some don’t. Some prefer to keep the biometric data, others discard it after it’s been converted to the 1s and 0s of a computer system.
- Once the data is converted to a digital format it is protected. It can’t be reconstructed to form images or obtain information.
- Centralized systems/databases have advantages in certain situations.
- Distributed systems/databases have advantages in other situations.
- Centralized and distributed systems can be combined to a certain point.
- There’s always going to be somebody who wants to crack your systems.
As long as there is a bank somewhere, there’s a robber nearby.
Everything is becoming digitized. Even our cars are becoming digital.
- That’s a great example. Biometrics can be used to vet people across a network of shared cars, car rentals, etc.
- Everything in the consumer world is about convenience. In the car rental world you could get into your rental in 5 minutes versus 30 minutes. Biometrics can clear identities much faster than older methods.
- If people have to wait for a long time for a product or service they simply go elsewhere.
- Biometrics can make the world more trusting because most people aren’t trying to steal things. This speeds things up for the good people and puts up roadblocks for our adversaries. Nothing is perfect however.
Biometrics sound amazing for security but what about the flipside? For example, if I agree to let Google use biometric data to verify me, how do I know to what level they’re tracking me?
- You have a choice. It’s up to you on what kind of security features you choose to use. You can simply tell the Google app in question that you want to be verified but not tracked.
- Just like in the example we spoke about earlier: the liquor store doesn’t need your address, only your age information. After the transaction at the liquor store is complete your information is or can be removed from their system.
- The more advanced we get the deeper control people will have over their biometric data.
How do you see biometrics playing out within society within the next 10 years?
- We’d like to get to a world without passwords. Biometrics can remove the need for passwords both for individuals and businesses.
- People can protect themselves with even greater control over their biometric data.
What about the authorities? Won’t they want access to society-wide biometric data? Will there be a “Google” of biometric data in the aggregate?
- There are layers and levels of access. If the government wanted access to the community’s biometric data every individual should have a choice whether or not to grant them access and to what extent.
- An individual can be a member of different networks/systems where their biometric data can be used for verification purposes. It should be up to each individual whether or not they want to aggregate their data across multiple networks/systems (if the option is available).
- Biometrics are not used to set up some kind of surveillance network which is something that many people are understandably concerned about.
When we’re born we are assigned a social security number. Biometric data is much more efficient than a social security number, but who would be responsible for the storing of the biometric data?
- That is an interesting scenario that I haven’t thought much about.
- We are about the choice to opt-in. A society where newborns are registered without their permission wouldn’t be a free society.
- Questions that pertain to who stores the data and what can they do with it are important and need to be asked.
Let’s pull back a little bit. How do you see the next 12 to 18 months unfolding in the field of biometrics? How has COVID helped to shape this direction?
- I see touchless at the forefront. The ability to enroll into a service and then use that service, all requiring no touch.
COVID has forced us, and taught us, to work remotely and this makes touchless services even more important, from buildings to systems. - We’ve put together a service called BioSP that is capable of setting up varying levels of clearance. For example, it is able to clear entry into a building for all of the employees but certain areas of the building require higher clearance and so access is restricted to those who require it.
- It’s a preconfigured system but clients who purchase it can configure it to meet their specific needs. And it’s designed to be completely touchless (once implemented).
- Touchless systems aren’t just for security either. When was the last time you had a cold? And I believe it is here to stay.
- This will become more widespread in the near future. The connectivity is already there.
Connect with Robert Eckel
Robert is ready to connect on LinkedIn.
More Episodes
You can listen to our audio tracks and read highlights for each episode below.
We’ve also started publishing video episodes on our YouTube channel.
058 – Dr Marcell Vollmer – Tech in Supply Chain, and the Sustainability Shift
Supply Chain Next · 058 – Dr Marcell Vollmer – Tech in Supply Chain, and the Sustainability Shift Meet Dr. Marcell Vollmer Dr. Marcell Vollmer, a renowned expert in the fields of digitalization, innovation, and sustainability. Marcell is a sought-after speaker and author that has dedicated his career to helping companies and individuals navigate the rapidly…
059 – Juli Lassow – Revolutionizing Retail, Sustainable Strategies, & the Future of Partnerships
Supply Chain Next · 059 – Juli Lassow – Revolutionizing Retail, Sustainable Strategies, & the Future of Partnerships Juli Lassow ,founder of JHL Solutions Meet Juli Lassow Juli Lassow, an accomplished retail professional, speaker, writer, and sustainability advocate, is the founder of JHL Solutions, a consultancy focused on creating outstanding private-label partnerships. With a deep…
060 – Martijn Lopes Cardozo – Circular Supply Chain
Supply Chain Next · 060 – Martijn Lopes Cardozo – Circular Supply Chain Martijn Lopes Cardozo, CEO at Circle Economy Meet Martijn Lopes Cardozo Martijn, a seasoned entrepreneur, has an impressive track record of establishing prosperous ventures within the realms of software, mobile, and digital media in California. Upon returning to the Netherlands, he…