Security Checks Reaching Towards Your Brain

When Descartes said “I think therefore I am” he probably didn’t know that he was answering a security question. Using behavioral or physical characteristics to identify people, biometrics, has gotten a big boost in the EU. The Orwellian sounding HUMABIO (Human Monitoring and Authentication using Biodynamic Indicators and Behavioral Analysis) is a well funded research project that seeks to combine sensor technology with the latest in biometrics to find reliable and non-obtrusive ways to identify people quickly. One of their proposed methods: scanning your brain stem. That’s right, in addition to reading your retinas, looking at your finger prints, and monitoring your voice, the security systems of the future may be scanning your brain.


How could they actually read your brain? What kind of patterns would they use to authenticate your identity? Yeah, that haven’t quite figured that out yet. HUMABIO is still definitely in the “pre-commercial” and “proof of concept” phase. They do have a nice ethics manual to read, and they’ve actually written some “stories” that illustrate the uses of their various works in progress, but they haven’t produced a fieldable instrument yet. In fact, this aspect of the STREP (Specific Targeted Research Project) would hardly be remarkable if we didn’t know more about the available technology from other sources.

Singularity Hub has been keeping at the forefront of brain scanning news. From fMRIs being used as lie detectors and mind readers, to robots being controlled by thoughts, we’ve seen a lot of new tech that could be adapted to provide biometric data. Each method relies on scanning the brain and monitoring electrical signals or blood flow to “read” someone’s mind. Each brain has its own unique patterns, as well as common signals. Monitor a brain enough, and you should be able to distinguish it from other brains using a scan. The big question is, is this technology really going to be the final frontier in security checks?

Ok, but what I am thinking now?

There are a lot of competing technologies out there (including reading your ear). Many of which are also being pursued by HUMABIO. For its part, the UK’s Foreign Office is seeking to spend more than £15 million on facial, fingerprint, iris, and vein-palm recognition to help secure its embassies around the world. The FO has also said such technology would be used to enhance “surveillance” and “data collection” for various purposes. Am I the only one who wants governments just to drop the euphemisms and say “spying”? I’d be satisfied with “intelligence gathering”.

The truth is, every government agency in charge of security is really fighting two fights: identifying/verifying its own people, and cataloging/marking likely threats. The technology used for one is readily adapted to serve in the other. More so when that technology is passive and unobtrusive as so many of these security check projects hope to become. The U.S. Intelligence Advanced Research Projects Authority (IARPA doesn’t have the same ring as HUMABIO) is seeking to ramp up its non-contact security checks with greater funding and new research.

Non-contact is one leg of the tripod of biometrics, the other two being 100% reliability and user acceptability. The big problem is that no one check (brain scan, iris scan, fingerprint, etc) is going to be 100% reliable or acceptable. Most of the relevant agencies (especially HUMABIO) are seeking a multi-tiered approach.

Could you find a way to fool a fingerprint scan? Sure, just watch Mythbusters to see how. Iris scan and voice scan defeats are probably on their way as well. But defeating a voice scan and an iris scan while simultaneously passing a brain scan? Much more difficult. And that’s a large part of what HUMABIO is attempting: layering biometric checks, hopefully in a way such that defeating one makes you more vulnerable to being detected by another.

Despite the lack of a commercially available system, HUMABIO has managed to run three successful tests of combined biometric security checks. A freight truck simulator used EEG (brain scan on scalp) and ECG (heart rhythm) monitoring, face recognition cameras, voice checking microphones and a sensing seat to verify the driver’s identity. A pilot security check used gait monitoring (they actually can identify you by the way you walk – the Bee Gees were right!) as well as face and voice recognition. The laboratory trial identified scientists using EEG, ECG, face and voice recognition. All three trials were shown to be effective and, just as importantly, were acceptable to the users. Even truck drivers didn’t find the security checks to be overly annoying.

Big Brother or Oh, Brother

For biometric tests to be successful you need to understand when they stop working. Voice recognition probably won’t work on someone weeping. Most gait measurements require you to walk at a steady pace. HUMABIO is aiming to understand these thresholds much better so that they can clue in one test to take over when another is unlikely to work.

And this is where I think the technology gets scary. The research that leads to us understanding when someone is too emotional or too stressed to pass an ID check will also enable us to identify those emotions on their own. That is, the same scanner that is trying to identify your face may soon be able to say “that guy looks upset” or “that guy looks like he’s going to kill someone.” HUMABIO is actively focusing on these ‘dynamic definitions’ of the test’s thresholds. The brain scan that is simply there to identify you, or the voice recognition that is supposed to give you access to your computer, may also be recording how you seem to be feeling. Which would be very useful when stopping terrorists from bombing an airport, but is a little intimidating for the general public.

This gate at Manchester Airport scans faces to make sure they match new UK passports.
This gate at Manchester Airport scans faces to make sure they match new UK passports.

That general public, however, is getting younger and more used to invasions into its personal life. In fact, the age of facebook and twitter actively encourages us to make our private lives public as a way of controlling the decline in privacy. As biometric security checks become more advanced, they will be able to learn more about us in a few seconds than people could learn on their own in years. That trend has started and will continue to grow even in the face of the public’s discomfort.

UK’s Home Office is already ramping up its biometric security checks. They plan on having ten more face-recognizing gates in the UK airports by August. Right now, the newest British passport holders traveling through Manchester or Stansted are being face-checked. As we seek to have a more secure society, the biometric tests are going to become much more common. When brain scans become reliable biometric tests, we will all experience them as we travel. While those machines read the blood flow and electrical pulses in our head, it’s important for us to remember our IDs are also our thoughts. Is the temporary loss of privacy going to be worth the benefits of security? The question may take a philosopher to answer.

Don't miss a trend
Get Hub delivered to your inbox