Privacy Alarms Go Off As Public Learns About Voiceprint Boom

There’s an old comic book proverb you might remember hearing from time to time, with great power comes great responsibility. It’s the mantra of Spider-man that keeps him fighting the good fight. It’s also a great thing to keep in mind with powerful identity management technologies: biometrics are meant to protect society from fraud, theft and other cybercrime, but in order to effectively do that citizens must trust that their rights, particularly concerning privacy, are not at risk.

Voice Biometrics

Privacy advocates worry that abuse of the voiceprint databases will infringe on one’s right to anonymous speech.

Generally, when people worry about deviant use of their biometrics it’s due to a misunderstanding of fingerprint technology or a growing mistrust in facial recognition. Today, however, there’s a new modality that has privacy advocates up in arms: voiceprint biometrics.

Used mostly in law enforcement and financial markets, voiceprint technology can passively authenticate users while phone banking, keep track of who’s talking to who on phones in correctional facilities and as a forensic technology to catch crooks. According to a recent survey from the Associated Press, over 65 million voiceprints have been captured worldwide over the past two to three years.

Privacy advocates worry that abuse of the voiceprint databases will infringe on one’s right to anonymous speech.

The Guardian’s Ed Pilkington wrote yesterday that the major concern here is with crime hotlines that guarantee anonymity. The success of such programs rely on the trust of callers that their privacy is not being infringed upon.

Lee Tien, senior staff attorney with the Electronic Frontier Foundation, told Pilkington, “Even where the technology wasn’t designed for eavesdropping or tracking people, it could still identify them and associate them with a location.”

Privacy concerns aside, the convenience of voiceprint biometric technology is making it a hit among customers of banks. Barclays, a major adopter of biometric security, trialed voice recognition with its corporate clients – a practice it is now copying with finger vein readers – and the results were so positive that the financial institution is rolling out its voiceprint biometric authentication to all of its 12 million customers.

Ian Hanlon, an executive from Barclays told the Associated Press that the general feeling towards voiceprints is extremely positive, positioning them as a standard authentication method in three years time.

Those looking for a high-privacy voiceprint solution should look to on-device voice biometrics matching. Apple’s new and popular privacy policy, exemplified by its extremely private Apple Pay mobile wallet, goes a long way in illustrating how a modality under attack can turn around and become a champion of strong and private authentication.

Voice biometrics company AGNITiO, for instance, has a FIDO Ready mobile solution called KIVOX that uses voiceprint technology for on-device authentication. When using it for online transactions, the voice is measured and matched within a secure part of the phone, so third parties never have access to the actual biometrics.

Of course, on device doesn’t fit for every deployment. Indeed, much of the appeal of biometric technology for relying parties lies in the ability to authenticate beyond their own firewall and their own servers with the technology they choose. It is great power. The great responsibility that balances that equation also lies in those relying parties respecting the trust put in them to keep the public’s biological identity data uncompromised.

The great power is in biometric technology, the great responsibility is on those who use it.

October 14, 2014 – by Peter B. Counter