You may recall that we talked about Uber (UBER.NYSE) on our sister site late last month, and how the general thrust was that Uber was going to have their license revoked if they didn’t capitulate to the demands put forth by the City of London’s travel regulator, Transport for London (TfL). The problem here isn’t only with biometrics but a lack of trust on both sides.
Those demands, you also might recall, involved installing facial recognition and fingerprint biometrics to ensure that the person driving the car was the stated driver on record with the company. On the surface it’s not a bad idea. After a closer look, not so much. Technology provides the company with accountability (even if it doesn’t actually provide any increase in safety) and your customers get a sense of security, even if it is a lie.
Uber turned the deal down cold and lost its license and started the lengthy and expensive appeals process. London isn’t the only European stronghold putting strong regulatory controls on the rideshare company either, because cities in Germany, Spain, Italy and Denmark have all limited its availability. But London is the first to require biometrics, which are both expensive and data invasive.
“We understand we’re held to a high bar, as we should be. But this TfL decision is just wrong. Over the last 2 years we have fundamentally changed how we operate in London. We have come very far — and we will keep going, for the millions of drivers and riders who rely on us,” said Dara Khosrowshahi, Uber’s chief executive, on Twitter.
Uber somehow had to sell the notion of biometric data to their drivers, and the TfL has to sell the idea that they’re doing their job in ensuring Uber is a reputable company that cares about their customers safety to their population. Both have solid points. Depending on the region, Uber has a terrible track record when it comes to keeping both its passengers and drivers safe, but Khosrowshahi is correct that they’ve made some improvements. Biometric data could, should and probably was a hard sell, though.
There is another option that neither side has visited, at least not yet, and it starts off with a question.
If the essential problem involves trust—then why not take trust completely out of the equation by implementing a blockchain solution?
The problem with biometrics
We covered in the earlier story about how biometric inputs such as facial recognition could be spoofed through either a two-dimensional composite of a person’s face (and a three-dimensional model for more advanced mechanisms) and a plaster-cast of a persons’ finger to fool a fingerprint input. But even if Uber shelled out for the most advanced biometric data hardware that leaves the actual data centre, and that’s where the real anxiety comes from. This isn’t a comment about how data centres misuse our data by bundling it and selling it to the highest bidder (although it totally is being misused that way), or some slippery-slope argument about today’s benign capitalist surveillance being the tool of tomorrow’s oppressive regime (although it wouldn’t be the first time). Instead, this is about idiocy and the second law of thermodynamics.
Vaya con wikipedia:
The second law of thermodynamics states that the total entropy of an isolated system can never decrease over time, and is constant if and only if all processes are reversible. … The increase in entropy accounts for the irreversibility of natural processes, and the asymmetry between future and past.
Basically, everything falls apart given a long enough timeline.
It’s the same for you and I, as it is for your car as it is with your relationship with your mailman. Every biological system degenerates; cars rust, corrode and end up as landfill; and your mailman secretly hates you because your dog keeps stalking him with murder in his eyes. How that pertains to biometrics is that even the most secure of systems will eventually be tampered with, broken into and someone will abscond with all of the goodies inside. Such goodies include credit card data, identification,
Those big data centers where the biometric data flows are not impregnable. Most of these places are one disgruntled employee away from a massive data breach.
A trust less solution
Transport for London claimed that approximately 14,000 Uber journeys were with drivers with falsified identity information, with all the insurance and safety ramifications that ensue. Drivers authenticate themselves once, using only a username and password for the app—and could even change their ID photo without any authentication being required.
Let’s get something out of the way first. In no way is blockchain exempt from the second law of thermodynamics. It isn’t a 100% safe solution for all of your data storage needs. Nothing is. You will never find a solution that’s 100% safe. What you want is to maximize that percentage. Push it so that the probability of hacking into your secure vault is as close to zero as to be negligible, and even then understand that there’s always a puncher’s chance.
But outside of hackneyed boxing metaphors, blockchain represents the safest method of storing information because of its immutability and decentralization. It’s inherently trustworthy because it mitigates the need for trust. There are a number of different issues as we auger down into each individual blockchain, beginning at the level of consensus protocol and ending with social engineering of smart contracts and decentralized applications, but if the right people doing the right things for the right incentives can be found and utilized, then an air-tight trust less ecosystem is entirely possible.
“The problem with biometric authentication is that it’s very sensitive information. People probably don’t want others sharing their biometric data. So what we’re proposing is using blockchain as a core technology to verify yourself, in a privacy preserving way,” Abbas Ali, head of digital identity at blockchain company R3.
The process could be as simple as verifying their identity using a selfie, a facial scan or a fingerprint, but instead of being sent to a massive data collection, it would be sent to Uber, which would put it on a trust mitigating tamper-proof blockchain to be verified using an algorithm every time the driver accepts a ride.
“You don’t need to have multiple verification factors across all your online services; you don’t have to do one with Uber, one with Airbnb, one with Netflix. Instead of your identity being held by every one of these providers, in their own databases—their own silos—a user would manage their own identity and permission these guys to access it,” said Ali.
Sometime in the middle of the 20th Century, Russian psychopath Joseph Stalin took a breather from killing upwards to 20+ million of his countrymen to utter the words, “history shows that there are no invincible armies.” It’s a noteworthy quote because not only is it historically accurate, but it takes into account the second law of thermodynamics.
Everything falls apart.
Now I’m going to take a break from eating this chocolate bar and say there are no impenetrable security systems. If Uber is going to meet the City of London halfway and adopt some biometrics, then it can minimize the potential risk for its customers by ensuring that their drivers are who they say they are, and minimize the risk for its drivers by putting their data on the blockchain where it will be safe.
—Joseph Morton