Sep 2019 – Apr 2020

[NHSJS] Ethics in Cybersecurity Research - Behavioral Biometrics

Identified user concerns regarding behavioral biometric systems and proposed effective mitigation

Full abstract: Understanding Behavioural Biometric Systems: Mechanisms, Privacy, and RestoringIndividual User’s Agency

The behavioral biometric system tracks consistencies in the user’s behavioral traits across multiple logins to verify a person’s online identity. Currently, financial websites and corporations have widely adopted such systems in risk-based authentication to protect users’ cybersecurity. However, the continuous collection of user data during passive authentification routines inevitably violates an individual’s right to privacy. Researching the public’s expectation of privacy shows that privacy concerns arise from companies’ lack of transparency in data applications and users’ lack of control over their personal information. To effectively mitigate user concerns while preserving the main functionalities of the system, this paper proposes a new form of intervention, which includes an indicator that reminds users of the collection of data and an information center that allows for website customization. Through establishing the background of behavioral biometric systems and surveying the public’s perception of privacy, this paper illustrates the conflict between security and privacy in biometric systems to explore its implications on users.