Biometric data collected by the tech industry introduces multiple risk vectors to end users and imposes massive costs on tech companies.
Evin McMullen, co-founder of Privado ID — a decentralized identity project that uses zero-knowledge cryptography — recently explained to Cointelegraph explain how decentralized blockchains mitigate these risks.
McMullen began by pointing out that biometric data isn't just processed or stored through traditional Big Tech companies like Google, Apple, or Microsoft. Instead, the data often passes through a complex supply chain of service providers that opine on the validity of certain pieces of data, which exposes user data to multiple third parties. The Privado ID co-founder stated:
"Data should be shared on a need-to-know basis, meaning that whenever possible, we can collect biometrics using our mobile phones, we can keep that data on the device itself so it never gets shared away from the device, never gets connected to the internet, and instead, create a zero-knowledge proof."
Zero-knowledge proofs — a way of verifying data without revealing specific contents of that data — would limit this data exposure, McMullen explained.
"We can use our blockchain keys as a way to control who gets access to information about our biometrics," the entrepreneur told Cointelegraph.
A pyramid of factors building upon each level to achieve a reputable and reliable digital identity. Source: Privado ID
Massive costs and cybersecurity risks
Collecting biometric data presents significant cybersecurity, regulatory compliance, and storage costs for tech firms. "It's actually in the economic best interest of many businesses to avoid storing biometric data," McMullen said.
Examples of this include individual requests to remove or delete biometric data from information repositories. These are notoriously difficult to search for or amend but they must maintain compliance with regulatory frameworks such as the European Union's General Data Protection Regulation (GDPR).
Moreover, the centralized nature of data storage by traditional tech companies creates an opportunity for malicious actors to attack the firm's security infrastructure and steal sensitive user data. These centralized points of failure and the "monopolistic assumptions" of traditional tech providers are remedied by the decentralization inherent in blockchain identity solutions, McMullen told Cointelegraph.
The potential for human rights abuses
The Privado ID co-founder also touched on the potential for centralized biometric databases to be used for human rights abuses — an often overlooked concern. Using a historical example, McMullen noted:
"During World War II, the thorough documentation of Know Your Customer, banking, and voting records led to the systematic persecution of ethnic minorities in Europe."
This point was previously argued by Nym CEO Harry Halpin, who used the historical backdrop of the Second World War to illustrate why privacy is a human right and to defend the founders of Tornado Cash.
Magazine: Real AI & crypto use cases, No. 4: Fight AI fakes with blockchain