Pentagon-Funded Project Will 'Solve' Cellphone Identity Verification Within Two Years

Long-time Slashdot reader Zorro quotes Nextgov: The Defense Department is funding a project that officials say could revolutionize the way companies, federal agencies and the military itself verify that people are who they say they are and it could be available in most commercial smartphones within two years. The technology, which will be embedded in smartphones' hardware, will analyze a variety of identifiers that are unique to an individual, such as the hand pressure and wrist tension when the person holds a smartphone and the person's peculiar gait while walking, said Steve Wallace, technical director at the Defense Information Systems Agency.

Organizations that use the tool can combine those identifiers to give the phone holder a "risk score," Wallace said. If the risk score is low enough, the organization can presume the person is who she says she is and grant her access to sensitive files on the phone or on a connected computer or grant her access to a secure facility. If the score's too high, she'll be locked out... Another identifier that will likely be built into the chips is a GPS tracker that will store encrypted information about a person's movements, Wallace said. The verification tool would analyze historical information about a person's locations and major, recent anomalies would raise the person's risk score.
A technical director at the agency "declined to say which smartphone and chipmakers planned to participate in the project, but said the capability will be available 'in the vast majority of mobile devices.'"

Giving up on the pretense of "meta-data"

[fibonacci8]

Just admit that with enough pieces of information it's all "personally identifying".

Re:Giving up on the pretense of "meta-data"

[Entrope]

That's a false dichotomy. The point of metadata collection has always been to identify the parties to a conversation. The point of collecting the content is to find it whether the parties are talking about weddings and grandchildren or about compromised email servers and collusion with foreign governments.

Re:Giving up on the pretense of "meta-data"

[fibonacci8]

And that's a red herring. The contention of metadata collection has been whether or not it qualifies as unreasonable search and seizure, emphasis on the search part. Gathering such data within the limits of a warrant is legal. It's still a grey area whether requiring metadata gathering and retention on everyone is overreach. The "point" isn't relevant if it legally poisons evidence collected to where the rest becomes inadmissible in court.
To my understanding, the 4th amendment is still supposed to be a thing. Skipping the need for probable cause for each search, and not requiring a warrant to specify appropriately narrow limits for each search, by requiring businesses to conduct a continuous broad search seems to violate the letter and the spirit of the law. Privatization of corruption doesn't stop the practice from being corrupt.

Avoid American-made chipsets and phones

Eventually it will come down to Google being forced to demand that these features are in phones, in order to license the Android mark and access to Google Play.

In the extension this means Qualcomm and other American manufacturers will get to take in heavy licensing fees, because it will all be patented.

It's a drive to both sell more American products and collect more information on people at the same time.

One scary aspect of this is that the data will obviously be collectable to U.S. government and manufacturers. Three-letter agencies could literally replay the signals and have a water-proof case against anyone, by claiming the data shows that "they were there".

Incompatible

[AmiMoJo]

I have arthritis. I can't apply consistent pressure. Changes day to day. Used to have trouble signing for credit card purchases.

Re:Incompatible

[AmiMoJo]

Or more likely I'll go to use some service and the computer will say no. If there even is a human being available they won't be able to do anything.

Re:Incompatible

[currently_awake]

This isn't about paying for lunch, it's about eliminating burner phones. Once all phones are legally required to have this, they can ensure nobody has anonimity.

Translation

[jenningsthecat]

... will be available in the vast majority of mobile devices

... will be mandated for every phone sold in North America

Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc. There will be no rooting, no disabling of location services, no turning off mobile data and WiFi. 'Airplane Mode' will be turned off and on automatically - there will be a separate always-on low-power RF transceiver specifically for that purpose. If you are allowed to turn your phone off, it won't be fully off - it will be recording audio all the time. Letting your battery die without a damned good excuse will be a criminal offence. As will putting your phone in a Faraday cage.

Part of me kinda thinks I'm just trolling here - but the bigger part is afraid that much of what I've outlined above may really come to pass. After all, if I could go back to 1980 and tell my then-self what happens in the world after 2000, that earlier self would be totally incredulous.

Re:Translation

[lgw]

Eventually, owning and carrying a smartphone will be compulsory - it will serve as your government ID and will sub for driver's licence, passport, Social Insurance / Social Security card, health card, etc.

So, sort of like WeChat in China then. Oh, it might not be technically required, but good luck getting very far without it. And don't forget your social credit score!

Google

[AndyKron]

Google: By your grip you're getting ready to throw your phone. Is there anything I can hel.....CRASH!

Great

[Megane]

Now when do they solve the robo-caller identity verification problem?

Re:Great

[GrumpySteen]

When it stops being profitable for the carriers (i.e. never).

Great idea

[burtosis]

911 emergency, how can we help you?

*shaking* I've been in a car accident and am pretty badly hurt, can you send help?

Sir, I'm not sure who you are but placing a false call to 911 is a crime *click*

Hello? Hello?

Re: GDPR

[BlueStrat]

However, these legal fees only apply if they are being prosecuted for not complying with the law (when, and more importantly, if they are). Hiding "we're tracking you... (20 pages later) ... and if you agree, click this button" in a EULA / click-through isn't going to fly, particularly if there is no opting out.

Bullshit.

It requires keeping teams of specialist lawyers on retainer and an entire new department in the company that does nothing towards generating revenue, only monitor compliance and deal with GDPR-related issues with users and government. Regulatory compliance costs are a real thing and hurt smaller enterprises far more than some megacorp.

Strat