• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Expert Witnessing
  • Technical Consulting
  • Experience
  • Blog
  • Contact

River Sonic Solutions

Expert Witnessing and Technical Consulting in imaging, signal processing and electronics

Behavioral biometrics expert witness: identity from motion

By Dr. Chris Daft

Introduction

A previous blog post introduced the subject of biometric security, covering how identity is established using biological inputs such as fingerprints, palm veins, and features of the face, iris or retina. Both the technologies involved in biometrics and the governing legal frameworks are changing. Here we focus on the behavioral side of biometrics and explore how these can be of interest to attorneys and why a behavioral biometrics expert witness may be able to assist in pending litigation.

What are behavioral biometrics?

cell phone establishing identity
Figure 1: How many ways can a cell phone establish identity? The possibilities are expanding with new sensors in the phone and new algorithms in the phone and in the cloud.

Start with a definition. In behavioral biometrics, identity is inferred from how the user interacts with the computing device. The user behaviors which can participate in the biometric identification are dizzyingly large and expanding. Examples include the rhythm of key strokes, how the mouse is moved, and the details of how the subject walks. Recently increased connections with the physiology of the subject make possible the use of additional behavioral biometrics, such as the electrocardiogram, electroencephalogram, and heart sounds.

The concept behind behavioral biometrics is not new: using the specifics of how Morse code is made by a person and a telegraphic key had been imagined as a means of identification since the dawn of the radio communications. Different telegraphers had unique styles in their dots and dashes, which could be used for identification.

It’s important to contrast behavioral biometrics with device fingerprinting, an approach already employed by financial institutions. Device fingerprinting characterizes a user from aspects of the devices they use. Beyond the device’s model number, it is often easy to infer the hardware configuration, operating system, applications installed and locations of regularly-used networks. Suspicion is raised if the access does not match what was recorded in the past.

Behavioral biometrics is all about human behavior. How is a fine level of discernment of the user’s movements and habits possible? Much of the capability comes from the accelerometers and gyroscopic sensors (usually MEMS based) which have become common in all phones. These reveal details of how people hold their phones when using them, how they carry them, type, scroll, and even the way they walk.

Why do behavioral biometrics matter?

The cost of unauthorized access to computer systems is vast. Here are two examples:

  1. A study by McAfee and the Center for Strategic and International Studies put the global cost of cybercrime at between $445 and $608 billion in 2017.
  2. The Wannacry ransomware forced 40 hospitals in the UK to suspend normal services when it was released. Worse, a full two years after its release, it is still active in 103 countries, especially within health-care organizations.

The promise of the new behavioral biometrics is frictionless security. A phone senses how hard a user’s finger is pressing on the screen and the way gestures like “swipes” are performed. On-board gyroscopes easily reveal the angle at which the phone is held. These data are (unsurprisingly) fed to machine learning systems in the cloud which provide sophisticated analysis and pattern recognition.

Nexuses of behavioral biometrics and the law

Unlike passwords, biometric data is not secret. Biometric systems are also prone to errors. These can be false positives, where the algorithm verifies the identity incorrectly, or false negatives, where an authorized user is denied access. Such error rates could matter in litigation and a behavioral biometrics expert witness might assist on such a case.

Biometric data is protected personally identifiable information. EU guidance dating back to 2012 recommends that it be treated as “sensitive” information, rather than merely “personal data.” The recently enacted General Data Protection Regulation (GDPR) prohibits processing of biometric data unless people provide explicit consent. Exceptions to this rule are narrow.

In the US, the Illinois Biometric Information Privacy Act (BIPA) prohibits companies from collecting biometric information from individuals without notice and written consent. This legislation passed in 2008 in response to the growing use of biometric technology in the business and security-screening sectors. Specifically, lawmakers were concerned about companies like Pay By Touch which, in the early 2000s, brought biometric authentication to payment systems. When Pay By Touch entered bankruptcy, the sale of its assets put consumers’ biometric information at risk. BIPA contains a private right of action that allows any person “aggrieved” by a violation of the act to bring a claim against the offending party for $1,000 or actual damages per negligent violation, and $5,000 or actual damages per intentional or reckless violation.

The rate of innovation in the area of behavioral biometrics is substantial. UnifyID is promising 99.999% accuracy in user identification. Their algorithm combines 100 attributes derived from a person’s motion and the pose of their phone, WiFi, GPS and Bluetooth data. Predictably, machine learning is also part of their product. Their goal is to deliver such precision without requiring conscious user interaction.

A similar approach is offered by Behaviosec. Their continuous authentication scheme has 35 million users in Europe. Banks are major clients.  In the inevitable patent disputes that are going to occur in this field a behavior biometrics patent expert witness will likely be utilized on the issues of validity and infringement.

Conclusion

Behavioral biometrics is growing rapidly to address the cybercrime menace. It strengthens online security against increasingly sophisticated attacks, while improving the user and customer experience. These technologies will likely require the services of a qualified behavioral biometrics expert witness.

Filed Under: Expert Witness

Previous Post: « Artificial Intelligence (AI) & Medical Imaging Expert Witness: Radiology’s Future
Next Post: Finite Element Analysis expert witness: making complex issues clear »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Dr. Chris Daft

Dr Chris Daft

Dr. Chris Daft is an award winning, Oxford Educated scientist who provides technical consulting and expert witnessing services.
Learn more...

Connect

  • Email
  • LinkedIn
  • RSS
  • Twitter

Quick Links

  • Technical Consulting
  • Expert Witnessing
  • SEAK Expert Witness Listing
  • Experience
  • Consultants Network of Silicon Valley

Footer

Company Information

2443 Fillmore St. #380-4039
San Francisco, CA 94115
USA

Technical Consulting

(925) 452-6803

info@riversonicsolutions.com

Expert Witnessing

(415) 800-3734

expert@riversonicsolutions.com

Connect on LinkedIn

  • LinkedIn

Follow on Twitter

RiverSonic SolutionsFollow

RiverSonic Solutions
RiverSonicSolnsRiverSonic Solutions@RiverSonicSolns·
February 24, 2021

Many congratulations to the authors of an imminent and much-needed book on #MEMS product development! I'm glad to have learned so much from Alissa M. Fitzgerald, Ph.D.
https://lnkd.in/gfRn6Q7 https://lnkd.in/gRQhXyq

Reply on Twitter 1364729646655238145Retweet on Twitter 1364729646655238145Like on Twitter 1364729646655238145Twitter 1364729646655238145
RiverSonicSolnsRiverSonic Solutions@RiverSonicSolns·
February 4, 2021

Virtual juries, remote depositions and cybersecurity - a judge's view of #litigation in the new normal world https://lnkd.in/g8jDjJj

Reply on Twitter 1357476288198365184Retweet on Twitter 13574762881983651841Like on Twitter 13574762881983651841Twitter 1357476288198365184
RiverSonicSolnsRiverSonic Solutions@RiverSonicSolns·
January 30, 2021

How long does it take to #patent your idea? Two years on average, but there are specialized techniques which sometimes accelerate the process a lot https://lnkd.in/gKK5A-t

Reply on Twitter 1355586806952075269Retweet on Twitter 1355586806952075269Like on Twitter 1355586806952075269Twitter 1355586806952075269
RiverSonicSolnsRiverSonic Solutions@RiverSonicSolns·
January 13, 2021

In 1947, startling lab results reached Israel Weinstein, NYC's health commissioner: someone who arrived from Mexico City tested positive for smallpox https://lnkd.in/gZTbaHb

Reply on Twitter 1349476260091551744Retweet on Twitter 1349476260091551744Like on Twitter 1349476260091551744Twitter 1349476260091551744
RiverSonicSolnsRiverSonic Solutions@RiverSonicSolns·
December 25, 2020

"Words are to a lawyer what mathematics is to a physicist." For holiday #law amusement, check out the long shadow of the 15th century, when each case was trilingual: https://lnkd.in/gb9xvv9

Reply on Twitter 1342606210604797953Retweet on Twitter 1342606210604797953Like on Twitter 13426062106047979531Twitter 1342606210604797953
Load More...

Copyright © 2021 River Sonic Solutions, San Francisco, California · Website design by Christine Cobb Marketing · Contact Us