-
Case Study 6: Your Biometrics?
Scenario: You use your fingerprint to unlock your smartphone,
relying on the phone manufacturer’s biometric system to
authenticate you. The phone manufacturer stores and processes
your fingerprint data.
Self-Custody is Control: You use your fingerprint to unlock your phone, but the phone manufacturer controls how your biometric data is stored and processed. The manufacturer holds authority over this system, meaning they can modify or revoke your access based on their policies or security settings. You are responsible for securely setting up and using the biometric system, while the manufacturer is responsible for ensuring the data is protected and not misused. Enforcement occurs through the phone’s operating system, which can disable biometric access, require additional verification, or lock the device under certain conditions.
Self-Custody is a Spectrum: The parties involved are you, the user, and the phone manufacturer. The manufacturer has an unfair advantage because they control the storage and processing of your fingerprint data. While you use the fingerprint for authentication, the manufacturer can block access or misuse the data, meaning you lack full control. This imbalance places you low on the self-custody spectrum.
Self-Custody is Recursive: Biometric data, such as fingerprints or facial recognition, is used to secure access to smartphones, bank accounts, and secured facilities. The unfair advantage tech companies and device manufacturers hold is their control over how your biometric data is stored and processed. If your biometric data is compromised—either through a data breach or misuse by the company—access to all dependent constructs secured by biometrics is at risk. For instance, unauthorized access to your phone can lead to the theft of financial data, personal communications, or sensitive information stored within. Moreover, compromised biometrics could be used to access your financial accounts or even gain entry into secure physical locations, making the breach potentially life-threatening.
Self-Custody is Control: You use your fingerprint to unlock your phone, but the phone manufacturer controls how your biometric data is stored and processed. The manufacturer holds authority over this system, meaning they can modify or revoke your access based on their policies or security settings. You are responsible for securely setting up and using the biometric system, while the manufacturer is responsible for ensuring the data is protected and not misused. Enforcement occurs through the phone’s operating system, which can disable biometric access, require additional verification, or lock the device under certain conditions.
Self-Custody is a Spectrum: The parties involved are you, the user, and the phone manufacturer. The manufacturer has an unfair advantage because they control the storage and processing of your fingerprint data. While you use the fingerprint for authentication, the manufacturer can block access or misuse the data, meaning you lack full control. This imbalance places you low on the self-custody spectrum.
Self-Custody is Recursive: Biometric data, such as fingerprints or facial recognition, is used to secure access to smartphones, bank accounts, and secured facilities. The unfair advantage tech companies and device manufacturers hold is their control over how your biometric data is stored and processed. If your biometric data is compromised—either through a data breach or misuse by the company—access to all dependent constructs secured by biometrics is at risk. For instance, unauthorized access to your phone can lead to the theft of financial data, personal communications, or sensitive information stored within. Moreover, compromised biometrics could be used to access your financial accounts or even gain entry into secure physical locations, making the breach potentially life-threatening.