Global Security, Privacy, & Risk Management

“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012

Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence.  It is not simply speed but includes cadence, time between particular keystrokes and other aspects.  This week DARPA announced that they are working to make the solution a reality.   Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person.  I mark this up as “good in theory and terrifying in practice”.  In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”  This is precisely where the issue comes to life.

Any form of authentication should be an active action by the person.  If I want to check my Gmail, I actively enter my username and password.  My particular laptop has a biometric scanner.  If I wanted to use it to authenticate to my system I would actively swipe my finger.  From a privacy perspective, this is an important feature.  If I want to work with (relative) anonymity, I can head to Starbucks, sit down and work…anonymously.

Now imagine a world in which I head to the same Starbucks to work and the government is able to uniquely track my presence at the Starbucks with a high degree of accuracy?  I then move on to an Internet lounge to anonymously write some emails to my politically active friends (all fantasy, but I am making a point).  Again, I am uniquely identified by my keystrokes and my identity is compromised.

In their seminal work from 1890, “The Right to Privacy” Warren and Brandeis took a big step in defining privacy.  Their definition was used in cases as diverse as Roe V. Wade and others.  In short, they defined privacy as “the right to be left alone”.  This means that IF you have crazy political or other views and you CHOOSE to keep it private…you have a right to do so.  This type of technology allows others to infringe on a person’s right to anonymity.