Algorithmic Jim Crow

This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact

Biometric surveillance in schools : cause for concern or case for curriculum?

This article critically examines the draft consultation paper issued by the Scottish Government to local authorities on the use of biometric technologies in schools in September 2008 (see http://www.scotland.gov.uk/Publications/2008/09/08135019/0). Coming at a time when a number of schools are considering using biometric systems to register and confirm the identity of pupils in a number of settings (cashless catering systems, automated registration of pupils' arrival in school and school library automation), this guidance is undoubtedly welcome. The present focus seems to be on using fingerprints, but as the guidance acknowledges, the debate in future may encompass iris prints, voice prints and facial recognition systems, which are already in use in non-educational settings. The article notes broader developments in school surveillance in Scotland and in the rest of the UK and argues that serious attention must be given to the educational considerations which arise. Schools must prepare pupils for life in the newly emergent 'surveillance society', not by uncritically habituating them to the surveillance systems installed in their schools, but by critically engaging them in thought about the way surveillance technologies work in the wider world, the various rationales given to them, and the implications - in terms of privacy, safety and inclusion - of being a 'surveilled subject'

Biometric Boom: How the Private Sector Commodifies Human Characteristics

Biometric technology has become an increasingly common part of daily life. Although biometrics have been used for decades, recent ad- vances and new uses have made the technology more prevalent, particu- larly in the private sector. This Note examines how widespread use of biometrics by the private sector is commodifying human characteristics. As the use of biometrics has become more extensive, it exacerbates and exposes individuals and industry to a number of risks and problems asso- ciated with biometrics. Despite public belief, biometric systems may be bypassed, hacked, or even fail. The more a characteristic is utilized, the less value it will hold for security purposes. Once compromised, a biome- tric cannot be replaced as would a password or other security device. This Note argues that there are strong justifications for a legal struc- ture that builds hurdles to slow the adoption of biometrics in the private sector. By examining the law and economics and personality theories of commodification, this Note identifies market failure and potential harm to personhood due to biometrics. The competing theories justify a reform to protect human characteristics from commodification. This Note presents a set of principles and tools based on defaults, disclosures, incen- tives, and taxation to discourage use of biometrics, buying time to streng- then the technology, educate the public, and establish legal safeguards for when the technology is compromised or fails

Phishing – the threat of internet banking

The attractiveness of Internet banking, the dynamics and the integration with e-business is still growing. The current use of electronic banking is defined by cyberspace and abused in the form of cyber terrorism as well. Therefore it is in the interest of all banks to focus on minimizing the real attacks. This article analyzes and compares the current possibilities against so-called phishing and identifies the area of the safe use of Internet banking in terms of the current potential threats in this area

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Frictionless Authentication Systems: Emerging Trends, Research Challenges and Opportunities

Authentication and authorization are critical security layers to protect a wide range of online systems, services and content. However, the increased prevalence of wearable and mobile devices, the expectations of a frictionless experience and the diverse user environments will challenge the way users are authenticated. Consumers demand secure and privacy-aware access from any device, whenever and wherever they are, without any obstacles. This paper reviews emerging trends and challenges with frictionless authentication systems and identifies opportunities for further research related to the enrollment of users, the usability of authentication schemes, as well as security and privacy trade-offs of mobile and wearable continuous authentication systems.Comment: published at the 11th International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2017

Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Development of a typing behaviour recognition mechanism on Android

This paper proposes a biometric authentication system which use password based and behavioural traits (typing behaviours) authentication technology to establish user’s identity on a mobile phone. The proposed system can work on the latest smart phone platform. It uses mobile devices to capture user’s keystroke data and transmit it to web server. The authentication engine will establish if a user is genuine or fraudulent. In addition, a multiplier of the standard deviation “α” has been defined which aims to achieve the balance between security and usability. Experimental results indicate that the developed authentication system is highly reliable and very secure with an equal error rate is below 7.5%