Smells Like Teen Logins
Passive identification has pluses and minuses
Dateline: Tel Aviv, 2nd October 2022.
One form of biometric identification that has been overlooked, in my opinion, is smell. I remember reading somewhere that we are all much more different from each other in “smell space” so to speak, than we are in “light space”. That is to say that a dog, to pick the obvious example, finds us more unique and more easily separable through odour than through light.
In the future, everyone will be famous for 15Mb is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
(Dogs, in fact, have neural pathways that link smell and sight in a way that humans do not. Cornell University research seems to indicate that dogs’ connections between the nose and the visual cortex means that olfaction is integrated with vision in terms of how they learn about their environment.)
If we could invent a dogs nose on a chip and add it to smart phones then a few minutes after walking into a room, your phone would be able to present you with a list of all of the people in the room. Pretty interesting. It’s difficult to do this because (as the Wall Street Journal reports) odours are made up of many different chemicals and our olfactory receptors are therefore rich and difficult to emulate in electronics. Humans have three types of receptors for colour vision, but hundreds of different olfactory receptors.
(Smell biometric identification is not simply about security, by the way. Dogs can smell cancer, Parkinson’s and other conditions (including, apparently, COVID) that cause changes in human body odour. If scientists could engineer a robot nose to detect diseases the way a dog’s nose does it would be a significant breakthrough in disease detection.)
The technology isn’t ready yet, but I imagine that someone, somewhere will crack it within the next few years as people have been working on the problem for years. I rather like the idea that soon devices will know when I’m around simply by sniffing the breeze and I already have a business idea for an elevator-based odour detection and identification system that I’m taking straight to Schindler. But there must be some concerns about the deployment of such passive area identification biometrics. Look at the fuss that is going on right now about facial recognition systems in public places.
It’s my smell, even if the glasses and the hat fool you.
There are lots of good reasons for wanting facial cognition, provided that it is used for good. And provided that it works. Police use of the technology is a live issue here in the UK where there have been many negative reports about face recognition because of the decision by some forces to begin using it despite the current not-quite-Minority-Report state of the art.
(The facial recognition technology used by police in London incorrectly identified members of the public in 96 per cent of matches made between 2016 and 2018.)
As my good friend Jamie Bartlett, the man behind "The Missing Cryptoqueen" (the best podcast of 2019), observed on this police use of face recognition in London “if the technology doesn't work it will be a disaster and if it does work it will be even worse.”
Even if biometric identification technology did work perfectly, though, is it worth risking the collection and processing of such data? What if this biometric data falls into the wrong hands? Remember when America pulled out of Afghanisatan and left behind vast digital data stores. Government databases included personnel records and, in particular, biometric data like fingerprints that make people easy to identify.
What if your body odour could be snaffled by bad actors just as your fingerprints might be?
If you think that sounds implausible, remember that one of the more bizarre activities of the East German secret police, the Stasi, was the collection of geruchsproben — smell samples — for the benefit of the East German smell hounds. The odours were collected during interrogations using a perforated metal “smell sample chair” or by breaking into people’s homes and stealing their dirty underwear. The samples were then stored in small glass jars.
(I have to say that if the Stasi had put me in an interrogation chair, they would have needed something more than a small glass jar to store the smell samples.)
Use and Misuse
It isn’t only law enforcement that wants biometrics. Fintechs also want to go in this direction to support transactions. This is why, for example, Amazon is extending the palm scanning payments check out to more than 65 Whole Foods stores in California. Now, the idea of linking a biometric identifier to a payment card to speed up checkout in the grocery store is hardly new or revolutionary (after all, Piggly Wiggly was doing this many years ago), Amazon’s decision to go this way interests me because it is about convenience, not security.
Personally, I don’t find it that inconvenient to pay right now. I use my phone most of the time and I have a wearable (a ring) that I use when I can’t be bothered to get my phone out or, as happens now and then, when my phone is out of battery. Nonetheless, I can see that some people might find it useful to go to the store without a phone or a wallet and rely on identification rather than authentication to authorise a transaction.
(Note the important distinction between biometric authentication to obtain service, such as me using FaceID on my iPhone, and biometric identification to obtain service, such as in-store cameras scanning my face when I walk in the store.)
Not everyone is comfortable with the idea of using this kind of biometric identification to obtain service. Last year, Amazon wanted to try out palm scanning at the Colorado’s Red Rocks Amphitheatre in Denver, but consumers, artists and human rights groups complained about the move and demanded a ban on all such biometric tools.
The Federal Trade Commission is currently considering rulemaking for the business of biometric and other personal data. Consumers with an opinion about how their biometric data is managed and mismanaged are likely going to say the FTC should step in to stop any abuse. That is because biometric data is unique in its potential for "life-altering" harm. The Commission which is weighing options on commercial surveillance wants public input about regulating unfair or deceptive practices in how companies “collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetise that data.”
I think that there are valid concerns here. We do not yet really know what the new etiquette in a new world of pervasive biometric identification should be, which is why some people (eg, the EU, Google and me) would like to see a moratorium in the deployment of face recognition technology (a moratorium that ought to be extended to all population-scale passive biometrics in my opinion). As the FT noted, Brussels and Silicon Valley rarely see eye-to-eye when it comes to technology regulation but in this particular case (and in the case of artificial intelligence) they may well be aligned. We do not quite know what we are doing, so we should stop and think about it.
China illustrates quite clearly how quickly the biometric technology can begin to permeate all sectors if unrestricted. I can choose any one of a thousand examples to illustrate this point, but I like this one: taxi drivers in the Chinese city of Xi'an are verified by facial recognition technology when they get behind the wheel. The biometric identification system is, as is much the fashion these days, linked to an AI to ensure that drivers are not misbehaving (eg, using their smartphone when on the road and so forth). Now, I can see why such a system is attractive: Who doesn't want a safer taxi service? But what if the database gets hacked or the system is abused? What is the fallback? What is the recovery?
Recovery is a really important point. I particularly enjoyed a story from the South China Morning Post about a woman who had plastic surgery only to discover she could no longer pay online or get into her office! If we start to rely on such interfaces, they can bring unexpected problems and there must be a way to recover from these.
We cannot hold back the tide on passive biometric identification but which ever way you look at it, regulators are surely right to focus on biometric identification as being a technology with a social context that we absolutely do not understand and that needs a regulatory context. Let’s stop and take a breath (without having it analysed for odour.)