Against the Flow...

December 6, 2017

           By:   Martin Zizi

It has been a bit more than two years now, since I started building up a company and a new technology aiming at Biometrics. I did this with the clear intent to help users be safely identified across the IoT while at the same time protect their rights to privacy, because “Hell No” I firmly believe that it cannot be the end of privacy. My company's name is Aerendir Mobile.

While working mostly in stealth mode, I closely followed the public and commercial debates around this topic, sometimes a bit surprised, sometimes amused, but mostly befuddled. I am always surprised by how fast people are to act on partial information, and for once I felt that I might contribute with a broader view. This is not about us as a company or about our future products, but about us as a human society.

Of course, the rise of on-demand products and of the Internet of Things disrupted traditional ways, opened up novel opportunities, and created new challenges. One of the most pressing is how we can SAFELY be identified while we interact with IT systems and objects, be them local or in the Cloud. Biometry was very quickly presented as the answer; remember all payments products based on fingerprints, or on biometry-enabled phones? Knowing that identity theft across electronic payments costs us all 6% of a 79 trillion dollar monetary market exchange, we – as a group – ought to be able to do better. Knowing that connected objects can be hacked, we have to become smarter about how we use technology. Do you want to risk being locked up - or worse kidnapped - inside your connected car? Bad examples abound.

However, biometrics is a double-edged sword. While fitting the motto “you are the password”, and hence being convenient, what good does it do if a remotely located database is breached? It is already a problem to lose a credit card or a Social Security number, but if one loses his/her fingerprint or retinal scan; one can never go to buy a new one. This loss is forever. What good is it, if - to make it mobile and user-friendly - one has to reduce the complexity of the calculation, simplifying the models and hence having failure rates above 1-2 percent? What good is it, if one has to combine private data about your behavior, about your personal habits, and when and where you like to exercise, in order to build a repertoire or a profile of ‘who you are’ via powerful and centralized AI bots to identify you? What then if this AI can impersonate your profile across the IoT? Those questions are legitimate and are not addressed by most of what is available and oftentimes loudly presented as the next ‘big thing’.

Recently, with the release of iPhone X, there was a flurry of activity about how to crack its facial recognition software, how to spoof it, and we even saw some funny video of a youngster breaching into his mother’s profile on day one or two of the purchase. In such a complex, fast moving and intellectually noisy environment, I want to highlight why I do think that Apple Inc. is developing not only some of the best technology but also some of the safest… and I may add that I am certainly no Apple insider as I may even become one of their competitors eventually.

For a long time now, Apple has built privacy protection into its smartphones. Everything is computed on the device, no data exchanged with- and no computation in- the Cloud. Everything is encrypted on the device. There is a dedicated chip for security and safety only, and now a GPU to enable mobile AI. Is it perfect? No, because someone can steal your device while you open it, or open it with your face, and mostly because this technology has to mature. However, we know this technology steps in the right direction and that it will learn your facial features with time and use. Give it enough time, and it will ‘know’ the micro-features of your face like those aging wrinkles, and the details of your eyes. Give it enough time and it will surprise you.

And what about this funny video with the child and his mom? Well a mix of genetics, and the fact that the phone was brand new, could explain that the son’s features became part of the training process, it is a bit like having 2 users.

Why am I being positive about a potential and so large competitor? Because - like them - we believe that your privacy should not become a commodity and that keeping all computation local, obfuscating what needs to be, encrypting the whole thing, is the best way to implement a solid, safe and effective biometry… this is also what we have been busy with at Aerendir, with just a minor difference: we are using a signal from the junction of the individual nerve fibers and individual muscle cells, signal originating in the brain, which is truly unique.

So, I felt like a kinship in going against the flow. That is where the fun and the future of our privacy lies.