Digital fingerprints, with roots in WWII, attract attention
Identifying a users “fist” permits stronger password protection; even Web surfing habits can be used to detect on-line fraud; writeprints offer a method of identifying bulletin board users by their grammar and syntax; privacy experts express concern
If fingerprints are the oldest form of biometrics (other than just saying “hey, look, it’s Charlie”), then digital fingerprints are the the second oldest, dating back to World War II. During the war, when the telegraph was still the primary means of military communication, British intelligence officers learned to identify the senders of encrypted German messages by their “fist” — their unique rhythm of punching in the dots and dashes. This allowed them to trace the operators travels through Europe, thereby providing critical information about his unit’s location. In the Intenet age, many believe the fist of ordinary computer users could be adapted to strengthen online security and reduce fraud. Not everyone, of course, is thrilled. “It’s a bit scary,” says Jaideep Srivastava of the University of Minnesota in Minneapolis. “The privacy implications are huge.” The technology, some fear, might make it impossible for a person to use the Web anonymously.
The modern incarnation of the tecnology began, as many intelligent things do, at the Rand Corporation in the early 1980s. Nowadays, many companies, such as Solvang, California-based iMagic Software, sell digital fingerprinting as password security. That program is typical in that it enrolls users by asking them to type their password multiple times. It then derives statistics, such as the average time between the strokes; unless the users types his password with the exact same speed, he cannot access his account. This is easier than it might initially appear, and unlike other forms of biometrics does not require any sophisticated equipment on the user’s end. It could even be used to track criminals on the Web by permitting a way to identify their behavior from the mass of bits and bytes floating through the digital ether. One might even be able to learn a user’s native language because the common keystroke combinations that are typed most quickly vary depending upon the person’s native language.
Typing speed and rythym are not the only forms of digital fingerprints. Some, for instance, think that something similar could be done with the manner in which a user operates a computer mouse. Others are working on ways to identify Internet users by the way they surf the web — the idea being to reduce fraud. If a user typically accesses Amazon.com on Friday evenings and buys only books related to Maltese dogs and orchid growing techniques, but is then detected on a Tuesday morning buying encyclopedias of motorcycle maintenence, the system might ask for an additional form of identity verification. One study showed it would take at least thirty browsing sessions to discern the habits of a user, and even then the program would be only about 80 percent accurate.
One other method to keep in mind: the writeprint. Intended to identify Internet trolls and other abusers, the technique relies on the observation that individuals have their own style of writing — syntax, vocabulary, and punctuation. “It could be used to track anyone who is trying to hide their identity on the Web,” said Hsinchun Chen of the University of Arizona. “They’ll leave a trace.” In his work assisting police, Chen has studied messages from the Ku Klux Klan; the Al-Aqsa Martyrs Brigade; and English and Chinese bulletin boards where pirated software and music are commonly sold. According to Chen, after running an analysis on thirty to forty messages from any known author, this program could identify subsequent messages by that author with 93 percent accuracy in Chinese, 95 percent in Arabic, and 99 percent in English. “We’ve been successful at bringing up clues that will alert authorities about suspicious people,” he says.
-read more in Julie J. Rehmeyer Science News report