Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"

Re:Giving up on the pretense of "meta-data"

[fibonacci8]

And that's a red herring. The contention of metadata collection has been whether or not it qualifies as unreasonable search and seizure, emphasis on the search part. Gathering such data within the limits of a warrant is legal. It's still a grey area whether requiring metadata gathering and retention on everyone is overreach. The "point" isn't relevant if it legally poisons evidence collected to where the rest becomes inadmissible in court.
To my understanding, the 4th amendment is still supposed to be a thing. Skipping the need for probable cause for each search, and not requiring a warrant to specify appropriately narrow limits for each search, by requiring businesses to conduct a continuous broad search seems to violate the letter and the spirit of the law. Privatization of corruption doesn't stop the practice from being corrupt.

Re: GDPR

[BlueStrat]

However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.

Bullshit.

It requires keeping teams of specialist lawyers on retainer and an entire new department in the company that does nothing towards generating revenue, only monitor compliance and deal with GDPR-related issues with users and government. Regulatory compliance costs are a real thing and hurt smaller enterprises far more than some megacorp.

Strat