The period for filing appeals before the National Register of Cellular Telephone Users (Panaut) ended, but there are still doubts among the population regarding when its application will begin, how its implementation will be carried out and what data will be requested.
The authorities that proposed the initiative have not provided answers to the basic questions regarding its operation, says Adriana García, country manager of the cybersecurity firm Forcepoint. One of the most important issues, says the specialist, “is the definition of biometric data, because it could well be just a fingerprint, but so far there is no clear answer as to what data they will request from us. This is still a myth, because many assume that they will ask us for everything, including how we walk ”.
This fact is one of the reasons why there is so much uncertainty and annoyance towards the initiative, to which is added the fact that details are not yet known regarding how the information will be collected, where it will be collected, who will be in charge of protect it and through what mechanisms.
“Is there going to be a system that is owned by the IFT or the State to enter the data and will they be responsible for its capture and care?”, Asks García, who highlights the position of the Federal Telecommunications Institute, which has said no have a sufficient budget for this task.
In this sense, it should be remembered that in mid-May, IFT commissioners decided to file a constitutional controversy against the Panaut on the grounds that in addition to not having the necessary resources for its management, it affects constitutional guarantees.
In this regard, the expert points out that an answer must be given to the issue of who will be in charge of taking care of the data, because until now that part of the operation remains a mystery, which represents animosity on the part of people who do not want to put at risk data of which you have only one version, such as your face, voice or fingerprints.
“The concern on the part of the population is genuine because how are they going to ensure the care of the information if we have even seen data leaks in multimillion dollar companies with budgets larger than Mexico in cybersecurity”, he points out.
Is a biometric data leak really a risk? Last week, Banxico announced the number of cyberattacks against banks suffered in 2019 and 2020. Several of them, the institution highlighted, occurred after hackers violated the controls of two mobile applications by means of stolen keys, which it could be replicated from biometric data.
“The risk is quite large at the cybersecurity level and does not compensate for what is to be mitigated,” says García, who exemplifies that in the event of a leak – which is very likely with this type of repositories – the data can be used to empty accounts of banking applications that verify the identity of the user through fingerprints or facial recognition.
Likewise, it highlights that there is no clear response or contingency plan to these problems. “Assuming that any government is capable of protecting data of this nature and shielding the information 100% is quite naive,” says García, who concludes with a forceful phrase: “Therefore, my personal finances and even my life is going to see compromised “.
On the other hand, a specialist in computer law, mentions that there must also be responsibility on the part of users, because although they show their annoyance at this type of initiatives, in voting periods they make mistakes such as sharing photos to their social networks where they are they can see their fingerprint ridges, which puts them at risk from cybercriminals.
“If someone obtained our fingerprint and managed to replicate it, at some point they could simply unlock our mobile; the same applies to smart locks and in other scenarios for identity theft by committing various crimes in the earthly world and thus managing to incriminate the person, thanks to the fact that they provided their identity ”, the expert details.