Former Head of GCHQ Worried About Biometrics, Data Sharing and Apple Pay

Touch IDYesterday the BBC published comments from Sir John Adye, the former boss of the UK’s Government Communications Headquarters (GCHQ), regarding his concerns over biometric authentication technology, particularly in the area of payments.

The article, written by Leala Padmanabhan, quotes Sir Adye admitting that he, like many users the world over, doesn’t know what happens to his personal data when he uses his smartphone. His comments go on to include biometrics when he specifically singles out Apple Pay as a worrisome development in the relationship between a user and her data.

“You can now use your iPhone 6 to make payments using biometrics on the internet and you’ve got to tick various boxes before you do so, but how many people are actually going read through all those boxes properly and understand what they mean when it goes in?”

Though perhaps choosing the wrong target for his concerns – Apple Pay is actually the first instance of a new user privacy-focused payment paradigm called tokenization, which Visa has stated is a key to its future plans – it is an example of a growing mistrust of companies uses of user information.

Apple has particularly gone out of its way to address this mistrust, stating that user data stored on the secure element of its mobile devices is wholly private. Biometrics industry experts from all sorts of backgrounds have come out in praise of this tactic, which is directly in opposition to the type of behavior Sir Adye seems to be concerned about.

It is also worth noting that Sir Adye does recognize biometrics as a necessary security improvement.

Though the information that can satiate these concerns is readily available and widely celebrated in some circles, in the end, Sir Adye is calling for transparency and better biometrics industry oversight, neither of which seem to pose a threat to the march of progress in identity management. The issue of users not understanding how technology uses and stores their personal data is prevalent, and the comments out of the UK underline the need for greater education on the methods and uses of biometric technology especially now that it is rocketing into mainstream use.