FIDO, an acronym for the Fast ID Online, is the standard for developing “universal strong authentication” for the entire spectrum of internet-capable devices, including Android smart phones, online payments systems, even bank branch transactions. In mid-March of 2015, FIDO Alliance announced that executives from Google and PayPal had been appointed to leadership positions in that organization, a consortium of technologists and corporations working toward open source biometric identification systems.
FIDO membership is growing rapidly and already includes a Who’s Who list of global corporations from
Alibaba to Wells Fargo, as well as financial giants Discover, Visa, Mastercard and Bank of America.
The goal of the Alliance is to create a standard for the adoption of worldwide “passwordless” authentication. According to its website, FIDO was “nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.”
The Alliance, however, also meets the demands of the National Strategy for Trusted Identities in Cyberspace (NSTIC), an initiative created by the White House beginning in 2011. According to its website, NSTIC is “helping individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice and innovation.” Surprisingly, the “trusted identities” here defined are not the corporations or government departments responsible for secure transactions, but the citizens who visit their websites, who must now be “authenticated.”
Although the government says this will all be voluntary, it is at the same time developing and promoting what is calls “a vibrant identity ecosystem” where users are able to “trust each” other because all are submitted to the same standards of digital recognition. In February of 2014, NSTC entered its fourth round of
pilot programs, where private companies began offering individuals alternatives to passwords, using grant money from federal tax dollars. The State of Michigan, for example, has used funds from a NSTIC pilot program on low-income citizens who are enrolling in its food assistance program,
Bridges.
Various national agencies began immediately to implement NSTIC and FIDO protocols into their planning. The IRS discussed the use of biometric identification for tax filing two years ago as a way to reduce fraud. In a
2013 report, the IRS praised NSTIC saying, “The National Strategy for Trusted Identities in Cyberspace (NSTIC) offers a vision of more secure, efficient, and cost-effective authentication through widespread use of robust third-party credentials standardized to a national strategy.”
The Affordable Care Act, widely known as Obamacare, has biometric identification built into the enrollment process.
The Act mandated that all states accept voice signatures, in compliance with the Government Paperwork Elimination Act.
Banks are jumping on board quickly, and not just those with a national presence. Loan officers in some independent community banks are already using biometric authentication, and outside of the United States, biometric authentication may be required for simple bank transactions. Bank Muscat in Oman recently began forcing depositors to scan both their national identification cards and their thumbprints when visiting
bank branches throughout the country.
Healthcare is seen as a vital and growing area for biometric technologies. Floyd Memorial Hospital in Albany, Indiana uses a
fingerprint identity system to match patients with their records, citing cost savings. The hospital says it saves on duplicate records.
Biometric systems are far from water tight. Security experts have shown
how vulnerable fingerprint scans are and how
hackers can gain access to records of government officials. Civil rights activists are alarmed by the addition of biometrics to the already massive amount of private information gathered on citizens by the NSA and other federal entities. In a
2010 document leaked by Edward Snowden, the NSA said it is “taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to
compile biographic and biometric information.”
Thus far legislative efforts have been slow to regulate the gathering of this sensitive biometric information. A couple of states, including Illinois,
have passed laws to protect biometric information, though in Illinois no provisions have been made to monitor and censure government use of biometrics, or to accommodate religious objections. In a blog post regarding the matter, law firm
Fisher & Phillips reports that unions and other worker groups are deeply concerned over new policies requiring biometric identification. Lawsuits have already been filed in at least one case where a worker refused the biometric tracking, citing religious reasons. The employee requested an alternative sign-in method, then proceeded with legal action when the company refused the accommodation.
Even beverage companies have jumped on the biometric bandwagon. In Australia,
Coca-Cola is testing a vending machine that uses facial recognition. It gives new meaning to the company’s vintage slogan, “Have a Coke and a smile,” and an insight into the biometric world to come.
