Tags:

Decentralized Biometrics
Privacy
GDPR
Identity Management

Category

Biometrics

Last Updated

18 January, 2022

Why Anonybit, Why Now

I’ve been getting asked this question a lot over the last several months, as the word has gotten around about my latest venture. The answer is at once complicated, and yet, quite simple.

The simple side of the equation is that over the course of my career, I’ve helped other founders grow and transform their companies into global powerhouses, position them for mergers and acquisition, introduce them into new markets, translate their businesses across geographies and channels and create a wealth of possibilities for nascent ideas that needed to blossom and shine. Now, the time has come for me to step into the founder role and bring my passion and know-how into a space that I know intimately well, working with people that have a proven track record, and to address a long-standing problem that has enormous societal implications – that is, how our personal data is stored and managed.

The more complicated part of the answer has to do with where we are as a society in terms of consumer privacy and data protection.

In the months preceding 9/11, I spent a significant amount of time dealing with privacy issues pertaining to facial recognition. While very few people even knew what the technology was, privacy advocates and others were sounding the alarm about the use of facial recognition in public places. The Super Bowl that year became the Snooper Bowl, when the Tampa Police Department was the first to deploy facial recognition to try to identify wanted criminals coming to the game. The event morphed into protests in the downtown part of the city and by summer, me and my colleagues were facing death threats for developing and promoting the technology. 

It was during that period of time that I became sensitized to how precious our identity is and what an awesome responsibility the industry at large has to put safeguards in place to protect the data that was being collected and analyzed by our customers. A few years prior, the industry trade association, IBIA, had drafted a Code of Conduct for its members. I, along with the CEO of the company I was with at the time, made it our mission to promote those as best practices for the use of facial recognition in public spaces, crafting regulations and driving legislation to this effect. The primary principles of these guidelines centered around no match/no memory, signage informing the technology is in use and use only for the purpose it was originally collected unless there was consumer consent. Personally, I have been dismayed at how slowly they have been adopted. 

Since then, biometrics have become part of our daily lives and the collection and dependency of this type of data along with personal data (PII) in general, have become critical to our digital interactions. It is almost impossible to do anything these days without forking over some personal information and the question of who has our PII and what they do with it, is becoming more and more urgent every day. Partly due to emerging data protection regulations and partly due to consumer demands for answers, data is becoming a hot potato that no one wants to own, yet is central to doing business. In the meantime, data breaches continue unabated. In fact, with ransomware attacks hitting critical infrastructure at an alarming rate, and data breaches, leaks at all time high, Wired Magazine described 2021 as open season for attackers and warns that there is no sign of a reprieve coming in 2022. 

Fraudsters of course will go where the money is, but the real reason this is happening goes to the heart of how personal data is managed and secured.  The classic approach to securing sensitive data involves strengthening the security around it - either controlling access to a database and/or encrypting the information in it, but clearly the continued hacks and data breaches demonstrate that these approaches leave a lot to be desired.

For years, the biometrics industry and major stakeholders have looked for ways to decentralize sensitive data and avoid honeypots of information that can be stolen. Solutions such as blockchain are being stood up to address specific use cases. However, when it comes to biometrics, the most critical and sensitive PII, all attempts at true decentralization have failed. 

As a way to circumvent the problem, practitioners have turned to biometrics that are already stored on user devices (i.e., FaceID or TouchID), accepting a yes/no signal from the device itself on whether a person is who they claim to be. This approach definitely minimizes the risk of the biometric being stolen from a central database and keeps the ownership and usability of the biometric in the hands of the owner. There is a big BUT, however, which has become the elephant in the room. First, the device is not bound to a specific identity, so it is impossible to know who is really conducting the transaction, and the fallback when there is a failure is…a passcode! These are two major loopholes that fraudsters have successfully exploited as demonstrated by continued losses attributed to identity theft.

With a game-changing infrastructure, Anonybit addresses this challenge by decentralizing biometrics in a way that eliminates the trade-offs between the two approaches (centralized database vs. device) and enables strong digital security, consumer privacy and data protection. Instead of extracting features and relationships to form a template which must be in whole form to be matched, Anonybit allows both the storage and the matching of the biometric to occur in a decentralized manner. This patent-pending breakthrough resolves once and for all, a long-standing concern within the world of biometrics and finally provides the privacy and security that is necessary to engender trust in today’s digital world.

I know this will be a humbling assignment. Starting up and scaling up a new venture always is. But I also know that the clock is ticking to address this issue. The massive U.S. Government Office of Personnel Management breach several years ago was a warning of what is to come if we don’t address how biometrics are secured and managed. More recently, we have seen the governments of Argentina and Albania attacked and suspicions have been swirling around Pakistan and India’s national registries for quite some time. No one is immune – crypto platforms, data storage providers, banks, government agencies, healthcare institutions, merchants, education institutions – everyone is online and everyone must ensure the integrity of their personal interactions. And with biometrics becoming more and more widely deployed, and passwordless authentication becoming mainstream, the time is right for Anonybit to step in. I hope my industry colleagues in biometrics and identity management will join us on this journey and that together, we can build a new identity ecosystem that is centered around privacy and trust. 

I look forward to being in touch.