Welcome to tech Stuff, a production from iHeartRadio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeartRadio. And how the tech are you? You know, I'm sure you've all seen movies which someone has to get past a security system by having an eye scan, and maybe they have an unconscious or potentially unalive security guard laying nearby and they hold the person's head up to the scanner to gain access to the security door. Or maybe the main character has undergone some sort of incredibly disturbing surgical procedure to have their own eyes altered to give them access. But you get the idea. The eye scan verifies that the person trying to open the door has the authorization to do that. This is a form a biometric and I'm sure we're all familiar with biometrics. You probably use them regularly. If you have a phone that has a fingerprint scanner or a face scanner to unlock the phone, that's biometrics. I used to use a laptop that had a fingerprint scanner, which was kind of cool. It made it really easy for me to log in. Not necessarily the most secure technology. However, as I remember reading about how that particular fingerprint scanner had some issues, but it's still sure made logging into my computer easy back in those days. My current one does not have that. And there are actually a couple of different definitions for biometrics, but the one we're concerned about involves body and behavioral measurements for the purposes of authentication and verification or identification, because these are all related but different things. So for this to work, the stuff what we're measuring has to be unique to an individual. It needs to be something that cannot be easily replicated. That's the whole point, right. If it could be replicated, then it's no good for verifying someone or identifying someone because it could be one of many people. So you need to have something that is unique to that person. Spoiler alert. While biometrics can be used for the purposes of security, for verification or identification, it's also pretty darn handy if you just want to keep track of someone, right, so you get enough biometric data on a person, it becomes easier to track that person down to keep track of what they're doing, assuming that they're not like hold up in some off grid shack in the middle of nowhere and they never venture out of there, in which case, yeah, they can be under the radar then, but otherwise it gets pretty tricky. But before we get into all that and the concerns around biometrics, let's talk a little bit about the history of biometrics. This history is varied, It goes all over the place. It has lots of starts and stops and stutters, and that's because biometrics focuses on lots of different things, right Like, it's not all just one area of study. Typically we're talking about things that people were interested in studying or advancing that collectively we would categorize under biometrics, but they were looking at a very specific version of it. So you could argue that biometrics traces its history to more than twenty five hundred years ago. Because Babylonians back in the day, which I'm told was a Tuesday, would sign off on business transactions by placing a thumb print on a clay tablet. Right that the clay tablet would be pliable, you would PLoP your thumb down and make an impression. The tablet would dry and your print would be there to authenticate that you had, in fact completed whatever the transaction was. Bo that's biometrics, and Tom Cruise wasn't even involved a little bit. I always think of Tom Cruise in movies like the Mission Impossible series, or even in Minority Report. When I think about biometrics, those are the ones that pop up in my head. Of course, it's not like there was a direct line of evolution from the ancient Babylonians to Tom Cruise, at least not that I am aware of. Biometrics weren't always a common means of marking documents or anything like that. But by the late nineteenth century, some folks started to figure out that the Babylonians could have really been onto something. Actually, I'm kidding. They probably didn't even know about the Babylonian stuff. They just thought they came up with it themselves. Because typically that's how we see the smarty pants of the eighteenth and nineteenth centuries. Some of them were a little more humble than that, but not all of them. Anyway, Folks in the late nineteenth century, so we're talking the eighteen hundreds here, they observe that fingerprints appeared to be unique to the individual, and if you got two different people to make prints of their fingertips. You would see the differences in the patterns of those fingerprints, and you would be able to tell which person made which set of prints, assuming that you had a reference right, as long as you're able to refer it back to something on record. This logically led to the concept of using fingerprints as a way to identify if a suspect had been present at the scene of a crime. Of course, folks had to figure out how to detect and lift prints at the scene. Typically, they would use a very fine powder or dust which would adhere to the oils left behind from the fingertips on different surfaces, and then they would lift those prints and then compare that to a record of fingerprints so that they could reference the prints that were lifted at the scene with ones that were in their database the reference system, or if they had the suspect in custody, they would have the suspect, you know, get printed, and they would compare the prints against whatever was found at the scene and then try to determine if the suspect was actually present at the scene of the crime. You know how this works, But the science of that and the systems based around that took a while to develop. Folks had to identify the elements and fingerprints that are definable and identifiable. They had to make classifications and taxonomies. You know, you had to have a way to communicate the qualities of a print when talking with someone else, or to be able to look for a match or even just a partial match. And it took a couple of decades to really catch on. And while fingerprints are the most famous example of early biometrics and law enforcement, police were trying different stuff too. In France, around the same time as fingerprints coming into vogue, there was a system called the Bertilline process or Bertillion process. The police would measure suspects and they would write down their measurements on a card and keep that in an index. And I'm talking all sorts of measurements. You know. It's kind of like if you were to go and get fitted for custom clothing, except you're being fitted for crimes, I guess. So the police would take down stuff like how tall you were, you know, how wide were your shoulders, how long are your arms, all that kind of stuff. This approach had some big drawbacks, however, the biggest one being that there was a lack of standardization in technique and metrics, which meant it wasn't terribly useful. Because if one police officer measures arm length one way, let's say, like they measure the arm just hanging down from the shoulder, and someone else measures it in a different way, like you're holding your arm up at an angle, then you might end up getting very different you know, metrics measurements. And that meant that you would look at the index card and say, oh, well, this person's not a match. That's not who who this person is or whatever, And so it was not terribly useful, and you could get false positives or false negatives. So this particular method wouldn't stand the test of time. Fingerprints definitely did. In the nineteen thirties, a guy named Frank Birch had another idea for using biometrics as a way to identify people. He was an ophthalmologist, that, by the way, is a great word that trips me up in spelling bees, and you might imagine. His idea was that an individual's iris contains complex patterns, and those patterns are unique to that person. It's like a fingerprint, but it's the pattern that's in the iris of your eye, and so like a fingerprint, a person's iris could serve as a way to identify that person and subsequently verify their identity in the future. You just needed a way to capture those patterns and then a technology capable of scanning and matching patterns against those that are stored in a database. So in twenty six when Frank Birch came up with this idea, none of that was really practical or possible, but his basic concept using the eye as a way to verify identity, that was solid. Now, it would take more than fifty years before someone would come up with a computer algorithm that could identify iris patterns and moreover, match an IRIS pattern that is collected to one in a database. That came to us courtesy of Cambridge University professor John Dogman in nineteen eighty seven, and it took a few more years to actually capitalize on that development. It wasn't until the mid nineteen nineties that a company called Iridium Technologies became the first to commercialize iris scanning. Now there are lots of companies that do this, many with their own proprietary approach to doing it, but it's all rooted in Frank Birch's suggestions back in the nineteen thirties. Okay, we've got a lot more to talk about with biometrics before we get into that. Let's take a quick break. You know, not long ago I talked a little bit about the early days of researchers trying to use computers to develop facial recognition technology, another example of biometrics. So the pioneers in that space included Woody Bledsoe, a mathematician and computer scientist, Helen chan Wolf, a scientist specializing in early artificial intelligence work, and Charles Bisson, another computer scientist and the three word for panoramic research in California. And they set about trying to figure out how to break down facial features into data points that a computer could analyze and match. So, you know, you imagined that at first, this just looks and involves looking at pictures of people and saying, well, where are some ways that we can we can point out, like landmarks that a computer would be able to recognize and measure against, right, like the corners of eyes compared to the bridge of the nose, that kind of stuff. And there are all these different images of pictures of people with all these different lines geometric lines drawn on the faces in an effort to kind of establish these standards. And as you might imagine, in the early days, this technology hit some pretty tough limitations. A computer couldn't necessarily match two different pictures of the same person's face. If the lighting and the shadows or the angle of the picture were different enough, the computer system would have trouble determining that both images were of the same face. Yes, if you had two pictures of the same person where it was under identical lighting conditions and the camera was at the same distance in the same angle, then it was easier, But with any deviation from that it became much more difficult. It would take many years for the algorithms, the computer technology, camera technologies to improve to a point that made facial recognition a possibility. So we're going to skip way up to the present day, and we've talked extensively on this show about how facial recognition technology often has major issues, particularly when it comes to false positives and false negatives with certain populations. Now, I'm not going to dive into that whole can of worms yet again, because I'm sure most of you have heard me talk about it a lot, but it is an inescapable fact that most facial recognition systems are prone to making errors due to biases that are in the system. And just to be clear, I don't mean to imply that there was ever any intentional bias, but intentional or not, that bias still has an effect. Meanwhile, other computer scientists were working in the mid twentieth century on the challenge of developing speech recognition technologies. Now, like facial recognition, this tech had a steep barrier of entry. Voices come in all sorts of timbers, volumes, pitches, dialects, or accents. So two people might say the very same word in very different ways. You know, it may sound very different, and yet it's the same word, And that means the system needs to be capable of recognizing that word no matter who says it or how they say it. Otherwise you're not going to have a satisfying experience. Well, folks in Bell Labs were working on speech recognition tech as early as the nineteen fifties, but that work focused on training a machine to recognize when someone was speaking out numbers. It took a decade of hard work to get to a point where the computer systems could recognize words of a certain complexity. The nineteen seventies would see the technology advanced significantly, helped in large part by a DARPA initiative. Y'all remember DARPA, right, that's the division within the US Department of Defense that awards contracts to companies that engage in R and D, and it's all in the purpose of trying to fund projects that could potentially benefit US defense initiatives in the future. DARPA has funded research into everything from autonomous vehicles to robots capable of performing half a dozen different tasks, and in the seventies, the division funded work in speech recognition. But speech recognition is really related to using voice technology for the purposes of a computer understanding what someone is saying. There's also voice recognition, or some people prefer speaker recognition, because that's all about recognizing a specific person. So speech recognition is really more about computer systems that can parse what you're saying and glean instructions from that and respond properly so that when you ask your smart speaker about the weather, it can give you the information you want instead of I don't knowtaneously turning off all the lights in your house or whatever, not that I've had that experience. Voice recognition or speaker recognition involves breaking a specific voice into data points for the purposes of identification, just like with facial recognition. Right. So, the idea of developing a system to do serious analysis on voices dates back to the early twentieth century. However, a lot of that early work lacked scientific value or rigor. So while you had people saying, yes, I can get a print out of what someone's voices and thus be able to compare two print outs and tell you if it's the same person speaking or not, in truth, it was a bit more complicated than that. I mean, you know, it required more than just having a long strip of paper tape pulled across a pencil that, in turn was connected to a diaphragm that would cause vibrations to move through when sound would go through like a horn or a microphone. Yeah, you could create a visual representation of someone's voice that way, but it wasn't something that was specific enough for you to be able to differentiate that voice from another voice or even sometimes other noises entirely, like you might get a record of noise that is not a voice at all, but because it looks kind of like what someone else produced when they were speaking into it, you might think, oh, it was this person. It would take years to get to a more sophisticated approach to speech analysis and voice analysis to approach the possibility of identifying someone based on their voice. In the nineteen forties, folks learned about a sound spectrograph technology. So this is a device that would create a visual representation of a signal. Sound spectrograph being sound. We're talking about audio in this case, but you can have spectrographs that create a visual representation of lots of different types of signals. This is just specifically about audio. Some people would refer to these as voice prints. They would compare this to a fingerprint, saying, oh, this representation shows the quality of this person's voice. If we find a match, then that's the same person. It's just like a fingerprint. The people who were actually working in the field really didn't use the term voice print very much, if at all, but it was a term that was used a lot in the media, and I think a lot of folks who were working in the field were frustrated because they felt it was a bit reductive and an oversimplification of what they were doing. So a slightly more acceptable term is what I've referenced earlier, speaker recognition. This implies the technology isn't necessarily trying to understand what someone is saying. Instead is trying to identify the person who is saying it, or verifying that the person who is saying it is who they claimed to be. You might use this technology to have someone get access to something secret, right, like the voice print analysis. You've seen this in movies too, where someone walks up to a door and they say a phrase and then apparently the computer inside the door and analyzes the voice and then either allows entry or denies it. Or you might use it to try and identify somebody, right, maybe you've got a recording of someone. Maybe someone calls into a television station and makes a threat. This has happened, and then what you're trying to do is identify a suspect you have found and to determine whether or not they were the person who made the phone call, and you're trying to match the voices together. This is something that's been going on in law enforcement for decades and for a very long time. Courts would reject the evidence presented because there was a lack of scientific studies showing the accuracy and reliability of this kind of approach, and you needed to show that there was a scientific basis for this and not just a claim that these two voices must be identical. The technology involves sophisticated pattern analysis and it is really tricky. So those early court cases, it's probably a good idea to throw those cases out. Now, maybe some guilty people went free. It's hard to say, but the fact is we just weren't at a level of sophistication a pattern analysis to be able to have really reliable identification. These days, there are examples of speaker recognition technology built into consumer products. My smart speaker at home supposedly recognizes my voice, for example, and this should make it possible for me to ask about my daily schedule, and because the speaker recognizes that the user is yours, truly, it could then cross reference my calendar and then tell me what my schedule is, or at least it's supposed to be able to do that. I don't know. I mean, it's probably because I never put anything in my calendar. I'm really bad about doing that. So really, my speaker just gets fed up with me because I'm asking it to do something it really cannot do. All right, we're gonna take another quick break. When we come back, I'm going to talk a little bit more about some other biometric approaches and also about a current story that really inspired this entire episode and the different sides to that story. But first let's take another quick break. Before the break, I alluded to the fact that there are other approaches to biometric verification or identification. So another one is gate recognition GAI. This is the way someone moves through a space, like things like the length of their stride, the position of their body as they are walking, the location of various body parts in relation to one another, like how far are your hips from your knees or your knees from your ankles, that sort of thing, what sort of how much do you bend when you're moving. So it is possible to analyze how a person naturally walks or moves through space and then to use that information to identify someone. So if you have reference data where you know how a person typically walks, then you might be able to use that in when you're searching for somebody. A person could be trying to evade surveillance, for example, through the use of disguises, but gate analysis might reveal who they really are, assuming you've got reference data as well. I've seen movies that do this where it's a person who's just watching like a video feed. They're saying, ah, I see they have a limp, and you know, we know so and so favors their right legs, so I think we've got the person here. Like we've seen that sort of thing. It's the same basic idea, except you don't have to have a limp. It's really just all the basic movements you make that end up kind of being unique to you. You can try and disguise that. Obviously, you can purposefully give yourself like a limp or something in an effort to throw off any surveillance techniques that would be looking to match your GIT with you. And that's a possibility, but this is an actual thing that's being used, this gate analysis and gait verification. Really, when it comes to biometrics, again, as I said at the beginning, the important quality is that whatever thing you are measuring needs to be unique to individuals. So it could be physical, it could be behavioral. It could be a combination of the two, but it has to be unique or else it doesn't do you any good whether you're using this technology to verify someone's identity before or letting them through a secure checkpoint, or if you're just trying to use it to determine an unknown person's identity by comparing it against the database of known individuals. Now, there are a lot of reasonable concerns about biometrics. It's totally understandable, right, like, this is information that is unique to you, that is a very private info. And we're seeing more and more implementations of biometric systems around us. Like I mentioned before, your very phone may rely on it. Mine has a fingerprint sensor for example. A lot of iPhones use facial recognition to activate, to turn on without you having to put in some sort of code. So we're seeing biometrics rolled out very in very wide deployments in all sorts of different applications. We also have seen it for things that are very official, not just use of consumer products, but things like you know, maybe getting an iris scan as part of identification like in a past or or something, or you might have a biometric scan that allows you to bypass the normal process of getting on a plane. I've had that happen a couple of times, and it freaked me out the first time because I don't remember ever submitting to the initial scan, but it knew who I was when I walked up, and I thought, well, that's weird because I didn't actually I didn't do I didn't sit down or agree to do a process I didn't knowingly agree. I probably did agree, I just didn't read the fine print, because nobody ever does, right, But that I walked up to the gate and it recognized who I was and I didn't even have to present a boarding pass or anything. I just got waved in. And that's a little creepy, and I can see why people would be hesitant about it. And you think about the possibilities of this technology and the possibilities of abusing that technology, and it quickly does get into that dis stopian kind of a vibe. But we're still seeing it rolled out every place. There are a lot of sports stadiums out there that now use biometric systems in order to scan someone, and that way you have a ticketless approach. Right you walk up to the stadium, you scan your palm and it identifies who you are and the fact that you already have tickets to that event and you're just you're waved in. This is being deployed more and more around the world. And as I record this, Amazon is rolling out It's Amazon One technology. This is it's palm scanning technology, which was already being used in things like Amazon Go storefronts. It's now rolling those out to Whole Foods grocery stores here in the United States, and it's already in several hundred of them. It's going to be put into the rest of them before the end of the year. And the value proposition that Amazon is giving customers is this, It's mainly one of convenience that customers can opt to scan their palm, which then will create a unique identifier associated with that person. That identifier then in turn must be linked to the customer's Amazon account and then whatever payment options they have linked to that Amazon account. So you go to Whole food so you do your grocery shopping, you scan all your items at the self scan cashier area, and then you scan your palm and it automatically deducts however much the groceries were from your account and you're done. You don't have to carry credit cards. You don't even need a smartphone with a digital card on it. You literally have your payment on hand. It is your hand. The scanner, meanwhile, is looking not just at the skin of the palm. It's actually using wavelengths of light that let it see below the skin level to the pattern of veins in your palm. That ends up being part of the information that ultimately generates this identifier that it's associated with you. Amazon says they're not actually saving the palm scans themselves, so it's not like there's some According to Amazon, it's not like there's some sort of massive database that has all these different palm scans in it. Instead, what they're saying is that when you scan your palm, the scanner essentially reduces all the features of your palm into data points, which then end up generating this unique identifier. So really what you're doing is verifying every single time right you hold your palm up, it scans it, it generates this number, it compares that to the number on file, and if the two numbers match, yay, you're who you say you are, and then you can be charged for your very expensive groceries and then you can go on your merry way. What they what they're saying is not happening is that it's scanning your hand and then comparing the physical scan again and stay previous physical scan that has to be saved somewhere. That's important because all the information that Amazon is storing is in the cloud. They say that they've put a lot of security on this because people are understandably concerned about having very personal and personally identifiable information stored on the company systems, and if it's on the cloud, that means that potentially you could have hackers target it. Maybe you could have law enforcement agencies try to force Amazon to share information as they go through some form of investigation. So people are understandably concerned. If Amazon's telling the truth and the only information it's storing is a unique identifier, then if hackers were to get access to that, then it arguably wouldn't be very useful. It'd be kind of like you got the answer to a math question, but you don't know what the math question was, or in the case of hitching Guide to the Galaxy. They the part of the story is that these people build this massively powerful computer to give the answer to life, the universe, and everything, and the answer ends up being forty two, and they say, how's that? What does that mean forty two? Well, you need to know the question. You need to know what the question is for forty two to make sense. You just said the answer to life, the universe, and everything. And so you see that you need to know both the question and the answer. If you only have the answer, you don't know what the question was. So if Amazon's just storing these numbers and hackers got access to it, they wouldn't be able to backtrack and figure out your scan What they could do, however, potentially, is find out every single time you used that technology, whether it was when you were grocery shopping or going to a sporting event, or going to any other place that has opted to use AMI Amazon's palm scanning technology in their business. It would become a way of tracking your movements and potentially also seeing what it was you were using the scanner for, you know, maybe getting access to stuff or whatever, like going to a sporting event or a concert. And that's where you start to see real security and privacy issues. Even if Amazon's super super careful with this, Amazon itself still has access to all of that right, So of course, if you go to Amazon dot com and buy something, Amazon knows what you bought, and it can use that information to try and target you for advertising and to give suggestions for products you might find useful based upon your past purchases. If you're using Amazon's palm scanning system out in the wild, then Amazon also knows all that information out in the real world, not just on Amazon dot Com. So you go to Whole Foods and you buy a whole bunch of groceries, you scan your palm. Now Amazon knows exactly what things you bought, and they know it's you. They've got the identifier it's connected to your Amazon account that could be used for the purposes of targeted advertising. Amazon has said they're not sharing the palm data with advertisers, which is fine, but they didn't say anything like all the stuff I read. They very carefully did not say they weren't sharing purchase history or use history. And sure they might keep your actual palm scan private, but if they're sharing with advertisers what it is you're buying or where you are going, the palm scan thing ends up being kind of moot, Like, that's not that important. Your activities are telling the advertisers and Amazon a lot about you beyond just what your palm is like it. Yeah, knowing where the veins are in your palm is potentially disastrous if someone's trying to somehow replicate you and run up a bunch of charges on your account. But to me, the more disturbing thing is that every time you use a point of sale or point of access that relies on this technology, it's another data point that associates you with a specific action, and collectively that ends up really mattering a whole lot, both to Amazon and to potential advertisers. So I have real concerns about using this kind of technology. I mean, you could argue the same thing is true if you're using the same credit cards or the same payment systems. It's the same issue, right, Like, Honestly, the big issue I have, and I'm not like a conspiracy minded person, but the big issue I have is that we are past the days where you would do things like cash transactions for a lot of stuff, and cash transactions could be really useful if you need to make a transaction that you didn't want to be associated with you for the rest of your life. Right if you need to buy something, Maybe you need to buy some medication and it's nobody businesses but your own that you need this medication, and you normally would use cash to do it, but now you're using some other method that is linked to you, which means other people know that you're having to get this medication beyond you and the pharmacist and your doctor, and that becomes a potential privacy issue, and you could apply that to all sorts of different stuff. So to me, the biometrics approach, especially in a consumer use for things like access to events or a way of paying, doesn't appeal to me. But you could argue that it's really just an extension of how we already interact in the world. I guess the more I talk about this, the more I can see why some cryptocurrency enthusiasts really like cryptocurrency. They like the idea of being able to use currency in a way that doesn't immediately associate them as a person with their purchases or the way they're spending their money. I kind of get that. I don't think cryptocurrency is still the solution for that personally. That's my own personal belief, but I can understand the tendency because I feel the same way about biometrics and other forms of credit and debit cards and stuff too. But really, biometrics just takes it to a degree that's so personal that I think it's impossible to deny. So anyway, that's just a quick overview of biometrics. There's clearly tons more we can talk about, and lots of different applications that have really valid uses, including ones where you could argue, yeah, I understand that, you know, I'm giving up my privacy, but in return, I'm getting this additional convenience and maybe even some other features that normally wouldn't be available to me if I were using other methods of payments. So I'm willing to make that trade. That's valid if that's who you are. There is nothing invalid about that. I think the important thing is just making the decision with as much information as possible so that you feel good about it. And even though I don't feel good about that for myself, I wouldn't fault someone else for opting into it. If to them they're like, no, this is what matters most to me. That to me is a perfectly cromulent thing to say. Okay, I've rambled enough. Like I said, we'll probably do episodes where we focus more on specific types of biometrics in the future. I have done one on ones on things like fingerprints, and I think I've even done some on voice recognition. All they think I was focusing more on speech recognition as opposed to speaker recognition. But maybe I'll do some more specifics and talk about the actual development of the technologies and the algorith needed to make that possible. Because you know, I summarized it in this episode, but you have to understand it took decades of work and tons of very smart people and a lot of advancements in technology to make it a really feasible possibility. So very interesting stuff. Lots of concerns around it, not necessarily about the technology itself but how we apply it. And yeah, there's plenty more to talk about, but for now, let's wrap up. I hope you are all well. This Tech Stuff Tidbits ended up being sub forty minutes, so I'm going to call that a win, and I'll talk to you again really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple podcasts, or wherever you listen to your favorite shows.

Welcome to tech Stuff, a production from iHeartRadio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with iHeartRadio. And how the tech are you? You know, I'm sure you've all seen movies which someone has to get past a security system by having an eye scan, and maybe they have an unconscious or potentially unalive security guard laying nearby and they hold the person's head up to the scanner to gain access to the security door. Or maybe the main character has undergone some sort of incredibly disturbing surgical procedure to have their own eyes altered to give them access. But you get the idea. The eye scan verifies that the person trying to open the door has the authorization to do that. This is a form a biometric and I'm sure we're all familiar with biometrics. You probably use them regularly. If you have a phone that has a fingerprint scanner or a face scanner to unlock the phone, that's biometrics. I used to use a laptop that had a fingerprint scanner, which was kind of cool. It made it really easy for me to log in. Not necessarily the most secure technology. However, as I remember reading about how that particular fingerprint scanner had some issues, but it's still sure made logging into my computer easy back in those days. My current one does not have that. And there are actually a couple of different definitions for biometrics, but the one we're concerned about involves body and behavioral measurements for the purposes of authentication and verification or identification, because these are all related but different things. So for this to work, the stuff what we're measuring has to be unique to an individual. It needs to be something that cannot be easily replicated. That's the whole point, right. If it could be replicated, then it's no good for verifying someone or identifying someone because it could be one of many people. So you need to have something that is unique to that person. Spoiler alert. While biometrics can be used for the purposes of security, for verification or identification, it's also pretty darn handy if you just want to keep track of someone, right, so you get enough biometric data on a person, it becomes easier to track that person down to keep track of what they're doing, assuming that they're not like hold up in some off grid shack in the middle of nowhere and they never venture out of there, in which case, yeah, they can be under the radar then, but otherwise it gets pretty tricky. But before we get into all that and the concerns around biometrics, let's talk a little bit about the history of biometrics. This history is varied, It goes all over the place. It has lots of starts and stops and stutters, and that's because biometrics focuses on lots of different things, right Like, it's not all just one area of study. Typically we're talking about things that people were interested in studying or advancing that collectively we would categorize under biometrics, but they were looking at a very specific version of it. So you could argue that biometrics traces its history to more than twenty five hundred years ago. Because Babylonians back in the day, which I'm told was a Tuesday, would sign off on business transactions by placing a thumb print on a clay tablet. Right that the clay tablet would be pliable, you would PLoP your thumb down and make an impression. The tablet would dry and your print would be there to authenticate that you had, in fact completed whatever the transaction was. Bo that's biometrics, and Tom Cruise wasn't even involved a little bit. I always think of Tom Cruise in movies like the Mission Impossible series, or even in Minority Report. When I think about biometrics, those are the ones that pop up in my head. Of course, it's not like there was a direct line of evolution from the ancient Babylonians to Tom Cruise, at least not that I am aware of. Biometrics weren't always a common means of marking documents or anything like that. But by the late nineteenth century, some folks started to figure out that the Babylonians could have really been onto something. Actually, I'm kidding. They probably didn't even know about the Babylonian stuff. They just thought they came up with it themselves. Because typically that's how we see the smarty pants of the eighteenth and nineteenth centuries. Some of them were a little more humble than that, but not all of them. Anyway, Folks in the late nineteenth century, so we're talking the eighteen hundreds here, they observe that fingerprints appeared to be unique to the individual, and if you got two different people to make prints of their fingertips. You would see the differences in the patterns of those fingerprints, and you would be able to tell which person made which set of prints, assuming that you had a reference right, as long as you're able to refer it back to something on record. This logically led to the concept of using fingerprints as a way to identify if a suspect had been present at the scene of a crime. Of course, folks had to figure out how to detect and lift prints at the scene. Typically, they would use a very fine powder or dust which would adhere to the oils left behind from the fingertips on different surfaces, and then they would lift those prints and then compare that to a record of fingerprints so that they could reference the prints that were lifted at the scene with ones that were in their database the reference system, or if they had the suspect in custody, they would have the suspect, you know, get printed, and they would compare the prints against whatever was found at the scene and then try to determine if the suspect was actually present at the scene of the crime. You know how this works, But the science of that and the systems based around that took a while to develop. Folks had to identify the elements and fingerprints that are definable and identifiable. They had to make classifications and taxonomies. You know, you had to have a way to communicate the qualities of a print when talking with someone else, or to be able to look for a match or even just a partial match. And it took a couple of decades to really catch on. And while fingerprints are the most famous example of early biometrics and law enforcement, police were trying different stuff too. In France, around the same time as fingerprints coming into vogue, there was a system called the Bertilline process or Bertillion process. The police would measure suspects and they would write down their measurements on a card and keep that in an index. And I'm talking all sorts of measurements. You know. It's kind of like if you were to go and get fitted for custom clothing, except you're being fitted for crimes, I guess. So the police would take down stuff like how tall you were, you know, how wide were your shoulders, how long are your arms, all that kind of stuff. This approach had some big drawbacks, however, the biggest one being that there was a lack of standardization in technique and metrics, which meant it wasn't terribly useful. Because if one police officer measures arm length one way, let's say, like they measure the arm just hanging down from the shoulder, and someone else measures it in a different way, like you're holding your arm up at an angle, then you might end up getting very different you know, metrics measurements. And that meant that you would look at the index card and say, oh, well, this person's not a match. That's not who who this person is or whatever, And so it was not terribly useful, and you could get false positives or false negatives. So this particular method wouldn't stand the test of time. Fingerprints definitely did. In the nineteen thirties, a guy named Frank Birch had another idea for using biometrics as a way to identify people. He was an ophthalmologist, that, by the way, is a great word that trips me up in spelling bees, and you might imagine. His idea was that an individual's iris contains complex patterns, and those patterns are unique to that person. It's like a fingerprint, but it's the pattern that's in the iris of your eye, and so like a fingerprint, a person's iris could serve as a way to identify that person and subsequently verify their identity in the future. You just needed a way to capture those patterns and then a technology capable of scanning and matching patterns against those that are stored in a database. So in twenty six when Frank Birch came up with this idea, none of that was really practical or possible, but his basic concept using the eye as a way to verify identity, that was solid. Now, it would take more than fifty years before someone would come up with a computer algorithm that could identify iris patterns and moreover, match an IRIS pattern that is collected to one in a database. That came to us courtesy of Cambridge University professor John Dogman in nineteen eighty seven, and it took a few more years to actually capitalize on that development. It wasn't until the mid nineteen nineties that a company called Iridium Technologies became the first to commercialize iris scanning. Now there are lots of companies that do this, many with their own proprietary approach to doing it, but it's all rooted in Frank Birch's suggestions back in the nineteen thirties. Okay, we've got a lot more to talk about with biometrics before we get into that. Let's take a quick break. You know, not long ago I talked a little bit about the early days of researchers trying to use computers to develop facial recognition technology, another example of biometrics. So the pioneers in that space included Woody Bledsoe, a mathematician and computer scientist, Helen chan Wolf, a scientist specializing in early artificial intelligence work, and Charles Bisson, another computer scientist and the three word for panoramic research in California. And they set about trying to figure out how to break down facial features into data points that a computer could analyze and match. So, you know, you imagined that at first, this just looks and involves looking at pictures of people and saying, well, where are some ways that we can we can point out, like landmarks that a computer would be able to recognize and measure against, right, like the corners of eyes compared to the bridge of the nose, that kind of stuff. And there are all these different images of pictures of people with all these different lines geometric lines drawn on the faces in an effort to kind of establish these standards. And as you might imagine, in the early days, this technology hit some pretty tough limitations. A computer couldn't necessarily match two different pictures of the same person's face. If the lighting and the shadows or the angle of the picture were different enough, the computer system would have trouble determining that both images were of the same face. Yes, if you had two pictures of the same person where it was under identical lighting conditions and the camera was at the same distance in the same angle, then it was easier, But with any deviation from that it became much more difficult. It would take many years for the algorithms, the computer technology, camera technologies to improve to a point that made facial recognition a possibility. So we're going to skip way up to the present day, and we've talked extensively on this show about how facial recognition technology often has major issues, particularly when it comes to false positives and false negatives with certain populations. Now, I'm not going to dive into that whole can of worms yet again, because I'm sure most of you have heard me talk about it a lot, but it is an inescapable fact that most facial recognition systems are prone to making errors due to biases that are in the system. And just to be clear, I don't mean to imply that there was ever any intentional bias, but intentional or not, that bias still has an effect. Meanwhile, other computer scientists were working in the mid twentieth century on the challenge of developing speech recognition technologies. Now, like facial recognition, this tech had a steep barrier of entry. Voices come in all sorts of timbers, volumes, pitches, dialects, or accents. So two people might say the very same word in very different ways. You know, it may sound very different, and yet it's the same word, And that means the system needs to be capable of recognizing that word no matter who says it or how they say it. Otherwise you're not going to have a satisfying experience. Well, folks in Bell Labs were working on speech recognition tech as early as the nineteen fifties, but that work focused on training a machine to recognize when someone was speaking out numbers. It took a decade of hard work to get to a point where the computer systems could recognize words of a certain complexity. The nineteen seventies would see the technology advanced significantly, helped in large part by a DARPA initiative. Y'all remember DARPA, right, that's the division within the US Department of Defense that awards contracts to companies that engage in R and D, and it's all in the purpose of trying to fund projects that could potentially benefit US defense initiatives in the future. DARPA has funded research into everything from autonomous vehicles to robots capable of performing half a dozen different tasks, and in the seventies, the division funded work in speech recognition. But speech recognition is really related to using voice technology for the purposes of a computer understanding what someone is saying. There's also voice recognition, or some people prefer speaker recognition, because that's all about recognizing a specific person. So speech recognition is really more about computer systems that can parse what you're saying and glean instructions from that and respond properly so that when you ask your smart speaker about the weather, it can give you the information you want instead of I don't knowtaneously turning off all the lights in your house or whatever, not that I've had that experience. Voice recognition or speaker recognition involves breaking a specific voice into data points for the purposes of identification, just like with facial recognition. Right. So, the idea of developing a system to do serious analysis on voices dates back to the early twentieth century. However, a lot of that early work lacked scientific value or rigor. So while you had people saying, yes, I can get a print out of what someone's voices and thus be able to compare two print outs and tell you if it's the same person speaking or not, in truth, it was a bit more complicated than that. I mean, you know, it required more than just having a long strip of paper tape pulled across a pencil that, in turn was connected to a diaphragm that would cause vibrations to move through when sound would go through like a horn or a microphone. Yeah, you could create a visual representation of someone's voice that way, but it wasn't something that was specific enough for you to be able to differentiate that voice from another voice or even sometimes other noises entirely, like you might get a record of noise that is not a voice at all, but because it looks kind of like what someone else produced when they were speaking into it, you might think, oh, it was this person. It would take years to get to a more sophisticated approach to speech analysis and voice analysis to approach the possibility of identifying someone based on their voice. In the nineteen forties, folks learned about a sound spectrograph technology. So this is a device that would create a visual representation of a signal. Sound spectrograph being sound. We're talking about audio in this case, but you can have spectrographs that create a visual representation of lots of different types of signals. This is just specifically about audio. Some people would refer to these as voice prints. They would compare this to a fingerprint, saying, oh, this representation shows the quality of this person's voice. If we find a match, then that's the same person. It's just like a fingerprint. The people who were actually working in the field really didn't use the term voice print very much, if at all, but it was a term that was used a lot in the media, and I think a lot of folks who were working in the field were frustrated because they felt it was a bit reductive and an oversimplification of what they were doing. So a slightly more acceptable term is what I've referenced earlier, speaker recognition. This implies the technology isn't necessarily trying to understand what someone is saying. Instead is trying to identify the person who is saying it, or verifying that the person who is saying it is who they claimed to be. You might use this technology to have someone get access to something secret, right, like the voice print analysis. You've seen this in movies too, where someone walks up to a door and they say a phrase and then apparently the computer inside the door and analyzes the voice and then either allows entry or denies it. Or you might use it to try and identify somebody, right, maybe you've got a recording of someone. Maybe someone calls into a television station and makes a threat. This has happened, and then what you're trying to do is identify a suspect you have found and to determine whether or not they were the person who made the phone call, and you're trying to match the voices together. This is something that's been going on in law enforcement for decades and for a very long time. Courts would reject the evidence presented because there was a lack of scientific studies showing the accuracy and reliability of this kind of approach, and you needed to show that there was a scientific basis for this and not just a claim that these two voices must be identical. The technology involves sophisticated pattern analysis and it is really tricky. So those early court cases, it's probably a good idea to throw those cases out. Now, maybe some guilty people went free. It's hard to say, but the fact is we just weren't at a level of sophistication a pattern analysis to be able to have really reliable identification. These days, there are examples of speaker recognition technology built into consumer products. My smart speaker at home supposedly recognizes my voice, for example, and this should make it possible for me to ask about my daily schedule, and because the speaker recognizes that the user is yours, truly, it could then cross reference my calendar and then tell me what my schedule is, or at least it's supposed to be able to do that. I don't know. I mean, it's probably because I never put anything in my calendar. I'm really bad about doing that. So really, my speaker just gets fed up with me because I'm asking it to do something it really cannot do. All right, we're gonna take another quick break. When we come back, I'm going to talk a little bit more about some other biometric approaches and also about a current story that really inspired this entire episode and the different sides to that story. But first let's take another quick break. Before the break, I alluded to the fact that there are other approaches to biometric verification or identification. So another one is gate recognition GAI. This is the way someone moves through a space, like things like the length of their stride, the position of their body as they are walking, the location of various body parts in relation to one another, like how far are your hips from your knees or your knees from your ankles, that sort of thing, what sort of how much do you bend when you're moving. So it is possible to analyze how a person naturally walks or moves through space and then to use that information to identify someone. So if you have reference data where you know how a person typically walks, then you might be able to use that in when you're searching for somebody. A person could be trying to evade surveillance, for example, through the use of disguises, but gate analysis might reveal who they really are, assuming you've got reference data as well. I've seen movies that do this where it's a person who's just watching like a video feed. They're saying, ah, I see they have a limp, and you know, we know so and so favors their right legs, so I think we've got the person here. Like we've seen that sort of thing. It's the same basic idea, except you don't have to have a limp. It's really just all the basic movements you make that end up kind of being unique to you. You can try and disguise that. Obviously, you can purposefully give yourself like a limp or something in an effort to throw off any surveillance techniques that would be looking to match your GIT with you. And that's a possibility, but this is an actual thing that's being used, this gate analysis and gait verification. Really, when it comes to biometrics, again, as I said at the beginning, the important quality is that whatever thing you are measuring needs to be unique to individuals. So it could be physical, it could be behavioral. It could be a combination of the two, but it has to be unique or else it doesn't do you any good whether you're using this technology to verify someone's identity before or letting them through a secure checkpoint, or if you're just trying to use it to determine an unknown person's identity by comparing it against the database of known individuals. Now, there are a lot of reasonable concerns about biometrics. It's totally understandable, right, like, this is information that is unique to you, that is a very private info. And we're seeing more and more implementations of biometric systems around us. Like I mentioned before, your very phone may rely on it. Mine has a fingerprint sensor for example. A lot of iPhones use facial recognition to activate, to turn on without you having to put in some sort of code. So we're seeing biometrics rolled out very in very wide deployments in all sorts of different applications. We also have seen it for things that are very official, not just use of consumer products, but things like you know, maybe getting an iris scan as part of identification like in a past or or something, or you might have a biometric scan that allows you to bypass the normal process of getting on a plane. I've had that happen a couple of times, and it freaked me out the first time because I don't remember ever submitting to the initial scan, but it knew who I was when I walked up, and I thought, well, that's weird because I didn't actually I didn't do I didn't sit down or agree to do a process I didn't knowingly agree. I probably did agree, I just didn't read the fine print, because nobody ever does, right, But that I walked up to the gate and it recognized who I was and I didn't even have to present a boarding pass or anything. I just got waved in. And that's a little creepy, and I can see why people would be hesitant about it. And you think about the possibilities of this technology and the possibilities of abusing that technology, and it quickly does get into that dis stopian kind of a vibe. But we're still seeing it rolled out every place. There are a lot of sports stadiums out there that now use biometric systems in order to scan someone, and that way you have a ticketless approach. Right you walk up to the stadium, you scan your palm and it identifies who you are and the fact that you already have tickets to that event and you're just you're waved in. This is being deployed more and more around the world. And as I record this, Amazon is rolling out It's Amazon One technology. This is it's palm scanning technology, which was already being used in things like Amazon Go storefronts. It's now rolling those out to Whole Foods grocery stores here in the United States, and it's already in several hundred of them. It's going to be put into the rest of them before the end of the year. And the value proposition that Amazon is giving customers is this, It's mainly one of convenience that customers can opt to scan their palm, which then will create a unique identifier associated with that person. That identifier then in turn must be linked to the customer's Amazon account and then whatever payment options they have linked to that Amazon account. So you go to Whole food so you do your grocery shopping, you scan all your items at the self scan cashier area, and then you scan your palm and it automatically deducts however much the groceries were from your account and you're done. You don't have to carry credit cards. You don't even need a smartphone with a digital card on it. You literally have your payment on hand. It is your hand. The scanner, meanwhile, is looking not just at the skin of the palm. It's actually using wavelengths of light that let it see below the skin level to the pattern of veins in your palm. That ends up being part of the information that ultimately generates this identifier that it's associated with you. Amazon says they're not actually saving the palm scans themselves, so it's not like there's some According to Amazon, it's not like there's some sort of massive database that has all these different palm scans in it. Instead, what they're saying is that when you scan your palm, the scanner essentially reduces all the features of your palm into data points, which then end up generating this unique identifier. So really what you're doing is verifying every single time right you hold your palm up, it scans it, it generates this number, it compares that to the number on file, and if the two numbers match, yay, you're who you say you are, and then you can be charged for your very expensive groceries and then you can go on your merry way. What they what they're saying is not happening is that it's scanning your hand and then comparing the physical scan again and stay previous physical scan that has to be saved somewhere. That's important because all the information that Amazon is storing is in the cloud. They say that they've put a lot of security on this because people are understandably concerned about having very personal and personally identifiable information stored on the company systems, and if it's on the cloud, that means that potentially you could have hackers target it. Maybe you could have law enforcement agencies try to force Amazon to share information as they go through some form of investigation. So people are understandably concerned. If Amazon's telling the truth and the only information it's storing is a unique identifier, then if hackers were to get access to that, then it arguably wouldn't be very useful. It'd be kind of like you got the answer to a math question, but you don't know what the math question was, or in the case of hitching Guide to the Galaxy. They the part of the story is that these people build this massively powerful computer to give the answer to life, the universe, and everything, and the answer ends up being forty two, and they say, how's that? What does that mean forty two? Well, you need to know the question. You need to know what the question is for forty two to make sense. You just said the answer to life, the universe, and everything. And so you see that you need to know both the question and the answer. If you only have the answer, you don't know what the question was. So if Amazon's just storing these numbers and hackers got access to it, they wouldn't be able to backtrack and figure out your scan What they could do, however, potentially, is find out every single time you used that technology, whether it was when you were grocery shopping or going to a sporting event, or going to any other place that has opted to use AMI Amazon's palm scanning technology in their business. It would become a way of tracking your movements and potentially also seeing what it was you were using the scanner for, you know, maybe getting access to stuff or whatever, like going to a sporting event or a concert. And that's where you start to see real security and privacy issues. Even if Amazon's super super careful with this, Amazon itself still has access to all of that right, So of course, if you go to Amazon dot com and buy something, Amazon knows what you bought, and it can use that information to try and target you for advertising and to give suggestions for products you might find useful based upon your past purchases. If you're using Amazon's palm scanning system out in the wild, then Amazon also knows all that information out in the real world, not just on Amazon dot Com. So you go to Whole Foods and you buy a whole bunch of groceries, you scan your palm. Now Amazon knows exactly what things you bought, and they know it's you. They've got the identifier it's connected to your Amazon account that could be used for the purposes of targeted advertising. Amazon has said they're not sharing the palm data with advertisers, which is fine, but they didn't say anything like all the stuff I read. They very carefully did not say they weren't sharing purchase history or use history. And sure they might keep your actual palm scan private, but if they're sharing with advertisers what it is you're buying or where you are going, the palm scan thing ends up being kind of moot, Like, that's not that important. Your activities are telling the advertisers and Amazon a lot about you beyond just what your palm is like it. Yeah, knowing where the veins are in your palm is potentially disastrous if someone's trying to somehow replicate you and run up a bunch of charges on your account. But to me, the more disturbing thing is that every time you use a point of sale or point of access that relies on this technology, it's another data point that associates you with a specific action, and collectively that ends up really mattering a whole lot, both to Amazon and to potential advertisers. So I have real concerns about using this kind of technology. I mean, you could argue the same thing is true if you're using the same credit cards or the same payment systems. It's the same issue, right, Like, Honestly, the big issue I have, and I'm not like a conspiracy minded person, but the big issue I have is that we are past the days where you would do things like cash transactions for a lot of stuff, and cash transactions could be really useful if you need to make a transaction that you didn't want to be associated with you for the rest of your life. Right if you need to buy something, Maybe you need to buy some medication and it's nobody businesses but your own that you need this medication, and you normally would use cash to do it, but now you're using some other method that is linked to you, which means other people know that you're having to get this medication beyond you and the pharmacist and your doctor, and that becomes a potential privacy issue, and you could apply that to all sorts of different stuff. So to me, the biometrics approach, especially in a consumer use for things like access to events or a way of paying, doesn't appeal to me. But you could argue that it's really just an extension of how we already interact in the world. I guess the more I talk about this, the more I can see why some cryptocurrency enthusiasts really like cryptocurrency. They like the idea of being able to use currency in a way that doesn't immediately associate them as a person with their purchases or the way they're spending their money. I kind of get that. I don't think cryptocurrency is still the solution for that personally. That's my own personal belief, but I can understand the tendency because I feel the same way about biometrics and other forms of credit and debit cards and stuff too. But really, biometrics just takes it to a degree that's so personal that I think it's impossible to deny. So anyway, that's just a quick overview of biometrics. There's clearly tons more we can talk about, and lots of different applications that have really valid uses, including ones where you could argue, yeah, I understand that, you know, I'm giving up my privacy, but in return, I'm getting this additional convenience and maybe even some other features that normally wouldn't be available to me if I were using other methods of payments. So I'm willing to make that trade. That's valid if that's who you are. There is nothing invalid about that. I think the important thing is just making the decision with as much information as possible so that you feel good about it. And even though I don't feel good about that for myself, I wouldn't fault someone else for opting into it. If to them they're like, no, this is what matters most to me. That to me is a perfectly cromulent thing to say. Okay, I've rambled enough. Like I said, we'll probably do episodes where we focus more on specific types of biometrics in the future. I have done one on ones on things like fingerprints, and I think I've even done some on voice recognition. All they think I was focusing more on speech recognition as opposed to speaker recognition. But maybe I'll do some more specifics and talk about the actual development of the technologies and the algorith needed to make that possible. Because you know, I summarized it in this episode, but you have to understand it took decades of work and tons of very smart people and a lot of advancements in technology to make it a really feasible possibility. So very interesting stuff. Lots of concerns around it, not necessarily about the technology itself but how we apply it. And yeah, there's plenty more to talk about, but for now, let's wrap up. I hope you are all well. This Tech Stuff Tidbits ended up being sub forty minutes, so I'm going to call that a win, and I'll talk to you again really soon. Tech Stuff is an iHeartRadio production. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple podcasts, or wherever you listen to your favorite shows.