A major part of the privacy conversation hinges on the difference between authentication and identification. To help illustrate the difference, we are going to revisit the 1991 sci-fi thriller Terminator 2: Judgement Day.
Last time James Cameron’s T2 was featured on the blog, the monthly discussion was focused on commerce. To illustrate the business of cyber-bank fraud I used the scene in which Edward Furlong’s character, John Connor (the eventual savior of the human race), uses an ATARI Portfolio to jackpot an ATM. That was an instance of a person bypassing the authentication process, but it still had one thing in common with the legitimate act of account verification: agency.
In the film’s first scene featuring Arnold Schwarzenegger, we get an example of biometric identification. Sent from the distant movie future of sometime-after-August-1997 (the film’s foretold doomsday), Arnie materializes sans-clothes in 1995 outside of a biker bar. We are given a first person perspective as he enters the seedy establishment looking for clothes and some borrow-able motorcycle keys only to find trouble.
Arnold’s Terminator-vision is outfitted with biometric full body scanning sensors, and we see him sizing up the bigger bikers for a suitable outfit. When he finds a match, identifying the proper demographic, he violently (but non-lethally) requisitions his signature leather duds.
The difference between these two interactions is agency. John Connor is submitting credentials (albeit counterfeit ones), while the stripped biker had no intention of being measured by Arnold’s native clothing size app. In fact, the biker had no idea that there was a biometric scanner in the room: it was disguised as a former Mr. Universe winner. Authentication is done with agency, identification through submission (and not always knowingly).
The T-800 Terminator (the Arnold model) is a good guy in T2: Judgement Day, but that wasn’t always the case. Later in the movie, when John Connor brings the massive man-bot to rescue his mother from a mental hospital, she is terrified. In the first Terminator movie, the T-800 was programmed to murder her.
Thankfully, this version of the Arnold-droid was reprogrammed to never kill a human. It’s a good thing too, considering that the evil machines in the Terminator franchise are both notoriously hard to dismantle and incredibly efficient killers (hence the name). The T-800 has the ability to identify anything, but the standards and practices of the post-1997 world that he’s from prevent him from acting too unethically. The potential for terminating is there, but the strong ethical stance of his creator prevents that function.
Right now, in our own reality where evil artificial intelligence didn’t try to wipe out the human race in 1997, we are faced with very similar identification technologies to those loaded into the metallic skull of the Terminator. The Microsoft Kinect peripheral for Xbox videogame consoles has full body motion scan, a number of facial recognition vendors offer biometric software that can identify the average marketing demographic in a crowd of people, and a Google Glass app exists that can capture the facial data of strangers to identify them.
The question that the world of identity management is now faced with is: how we can make sure that this technology falls more in line with the good Terminator from T2 instead of turning out to be the destructive machine from the first movie? As the clock ticks down to the week of September 15 – which will see the identity management industry converging on Tampa for Biometric UnPlugged, the IBIA Opening Reception and the Global Identity Summit – it’s time to address this issue or privacy in biometrics.
Do you have a favorite instance of biometrics in pop culture you would like to see in this blog? Contact Peter B. Counter through the FindBiometrics about page and let him know via email.
Keep this conversation going by following FindBiometrics on Twitter and tweeting with the hashtag #PCIMBiometrics.