Digital fingerprints are spawning new security enhancements, and allowing both marketers and law enforcement agencies to track online identities.
The source: “Digital Fingerprints” by Julie J. Rehmeyer, in Science News, Jan. 13, 2007.
Illicit online activity—from hacking to sexual predation to communication between terrorist cells—requires anonymity. But that same cloak of privacy enables free speech on the Internet and helps protect the identity of whistleblowers. Now researchers are beginning to uncover new ways to identify individuals online, using such unique markers as typing rhythms, punctuation patterns, and Web-surfing habits. While such techniques can increase online security and help law enforcement agencies combat fraudulent activity, they also unlock troubling surveillance possibilities that are raising concerns among civil libertarians.
The ability to identify people through the timing of their keystrokes grew out of a 1980 study by Rand Corporation researchers, according to Julie Rehmeyer, a former Science News editorial aide. In the study, seven trained typists keyed in three separate passages, then repeated the task four months later. Without fail, analyzing only “the grids of data showing average pauses between pairs of says Rehmeyer, researchers were able to correctly match all seven typists with their keystroke profiles. Rehmeyer likens the process to the way British intelligence officers eavesdropped on German radio operators during World War II. Although unable to decipher the coded messages being sent, the British soon learned to recognize operators’ “fists”—signature styles of signal tapping—and were able to track the movements of their military units by triangulating the identified signals.
Online security companies are now developing software tools that utilize “typeprint-security” technology. California-based iMagic Software, for instance, markets a program that asks users to key in their passwords several times; thereafter, reports Rehmeyer, the program “permits access only if the keystroke timing is sufficiently similar to its initial data.” The technology is much cheaper than sophisticated alternative means of identification such as retinal scanning and other forms of biometrics.
Other researchers are developing ways to track malefactors across chatrooms, blogs, and e-mail. Using the same techniques scholars employ to establish authorship of a manuscript—word preference, punctuation, and style—investigators can now identify a person’s unique “writeprint” even if he or she adopts an online alias. The technology has been used to identify messages from terrorists, sexual predators, digital pirates, and others.
Mouse clicking provides other means to tag online users. On the security side, new programs can map signatures or doodles “drawn” with the mouse; a procedure that pairs such “clickprints” with a password “rejected more than 95 percent of participants who were acting as intruders, while accepting the legitimate users more than 99 percent of the time,” Rehmeyer says. But researchers are also looking at ways of deciphering “clickstream data—what a user clicks on and when—to verify website visitors’ claimed identities and to prevent fraud online.”
In addition to the privacy concerns raised by such forms of data collection, Rehmeyer points to other “Orwellian possibilities,” such as the potential for governments to “probe political forums or to create a profile of people.” Indeed, while some may welcome the increased security these new technologies provide to company networks or online transactions, and the added tools they give to efforts to nab wrongdoers online, Rehmeyer says it may be “many years before the full impact of digital fingerprints becomes clear.”