Former boss of British spy agency says smartphone biometric security measures need more control and supervision
In an ironic twist, a former head of the government’s top secret listening station, GCHQ, is warning smartphone users to careful with their personal data.
Specifically, Sir John Adye says that there needs to be more control and supervision of smartphone security measures that use biometric techniques such as fingerprint recognition.
Apple’s new iPhone 6 for example uses fingerprint recognition to check identity, but Sir John reckons there are security concerns with this. He welcomed these added security measures, but warned that it was not clear enough about what is happening to people’s data.
“I don’t know what happens to my personal data when I use it on a smartphone,” Sir John was reported by the BBC as telling MPs. “If you go to an ATM and put in your credit or debit card, that system is supervised by the bank in some way,” he said in evidence to the Commons Science and Technology Committee, which is examining the use of biometric technology.
“But when you’re using your smartphone… there’s no physical supervision of the system,” Sir John reportedly said. “You need to design security methods… which are going to be strong to protect the interests of the individual who is using the phone and the relying party at the other end… the bank or whoever it is, who is providing a service to them.”
Sir John was in charge of GCHQ between 1989 and 1996, and now chairs a company which is developing biometric technology for identity recognition. He reportedly singled out the iPhone 6 which allows users to make payments and access services using a fingerprint.
“You can now use your iPhone 6 to make payments using biometrics on the internet and you’ve got to tick various boxes before you do so, but how many people are actually going read through all those boxes properly and understand what they mean when it goes in?” he was quoted as saying.
“I think Apple has done some good things,” Sir John added. “They appear to have a good system at the moment for protecting their operating system so it’s difficult for anyone outside to penetrate it and retrieve data from it. But how long will that last, because the criminals… are very inventive at finding ways in, and although you can protect it in that way on the device itself, what happens if the device is lost or stolen?”
Essentially, Sir John wants greater transparency in the way personal information may be passed on to third parties.
“I don’t know, although I’m quite experienced in this area, what happens to my personal data when I use it on a smartphone for proving my identity,” he said. “Is Google going to use that data to target advertising at me? Is some other commercial company or maybe some hostile foreign government going to use it to target me in some other way? I don’t know.
Sir John’s comments are somewhat ironic considering that nowadays GCHQ and the US NSA are known to track and eavesdrop on potential suspects via their mobile devices.
Earlier this year, it was alleged by Edward Snowden that the US and UK intelligence agencies were exploiting data leakage flaws in popular mobile apps such as Angry Birds and Google Maps to gain information on targets.
How well do you know security? Try our quiz!