"Writeprinting" America

The source: “Digital Fingerprints” by Julie J. Rehmeyer, in Science News, Jan. 13, ­2007.

Illicit online ­activity—­from hacking to sexual predation to communication between terrorist ­cells—­requires anonymity. But that same cloak of privacy enables free speech on the Internet and helps protect the identity of whistleblowers. Now researchers are beginning to uncover new ways to identify individuals online, using such unique markers as typing rhythms, punctuation patterns, and ­Web-­surfing habits. While such tech­niques can increase online security and help law enforcement agencies combat fraudulent activity, they also unlock troubling surveillance possibilities that are raising concerns among civil ­libertarians.

The ability to identify people through the timing of their key­strokes grew out of a 1980 study by Rand Corporation researchers, according to Julie Rehmeyer, a former Science News editorial aide. In the study, seven trained typists keyed in three separate passages, then repeated the task four months later. Without fail, analyzing only “the grids of data showing average pauses between pairs of says Rehmeyer, researchers were able to correctly match all seven typists with their keystroke profiles. Reh­meyer likens the process to the way British intel­ligence officers eaves­dropped on German radio operators during World War II. Although unable to decipher the coded messages being sent, the British soon learned to recognize operators’ “fists”—signature styles of signal ­tapping—­and were able to track the movements of their military units by triangulating the identified ­signals.

Online security companies are now developing software tools that utilize ­“typeprint-­security” tech­nology. ­California-­based iMagic Soft­ware, for instance, markets a program that asks users to key in their passwords several times; thereafter, reports Reh­meyer, the program “permits access only if the keystroke timing is sufficiently similar to its initial data.” The tech­­nology is much cheaper than sophis­ticated alternative means of identification such as retinal scanning and other forms of ­biometrics.

Other researchers are developing ways to track malefactors across chatrooms, blogs, and ­e-­mail. Using the same techniques scholars employ to establish authorship of a ­manuscript—­word preference, punctuation, and ­style—­inves­tigators can now identify a person’s unique “writeprint” even if he or she adopts an online alias. The technology has been used to identify messages from terrorists, sexual predators, digital pirates, and ­others.

Mouse ­clicking provides other means to tag online users. On the security side, new programs can map signatures or doodles “drawn” with the mouse; a procedure that pairs such “clickprints” with a password “rejected more than 95 per­cent of participants who were acting as intruders, while accepting the legitimate users more than 99 percent of the time,” Rehmeyer says. But researchers are also looking at ways of deciphering “clickstream ­data—­what a user clicks on and ­when—­to verify website visitors’ claimed identities and to prevent fraud online.”

In addition to the privacy concerns raised by such forms of data collection, Rehmeyer points to other “Orwellian possibilities,” such as the potential for governments to “probe political forums or to create a profile of people.” Indeed, while some may welcome the increased security these new technologies provide to company networks or online transactions, and the added tools they give to efforts to nab wrongdoers online, Rehmeyer says it may be “many years before the full impact of digital fingerprints becomes clear.”