Inspire the world to learn poem #ANZTLC15

This is a poem I have written for the Blackboard Teaching and Learning Conference APAC 2015. It is a creative piece on how we at the conference use our knowledge and experiences to…

#InspireTheWorldToLearn

We gather each and every year,
With ideas we have to share.
These seeds of innovation,
Start to travel through the air.

These seeds, containing great new things,
New ways to challenge and inspire.
Providing tools and proven methods,
They start to spread like wild fire.

This year we’re more than 300 strong,
Working in all aspects of education.
There’s educators, support staff and industry too,
We gather with eager anticipation.

As we share our unique experiences,
The seeds of innovation start to grow and sprout.
We take the time to look to the year ahead,
At opportunities that are round about.

We have a passion for improving education,
In all different shapes and kinds.
Using these ideas to improve teaching and learning
To really blow our student’s minds!

These sprouts, these ideas, help us to engage and inspire,
To provide an experience that is different and new.
Letting us reach out to students new and old,
Helping to inspire them to DO!

So in the coming year we have these sprouts,
And the friendships we have made.
We keep in contact and continue to chat,
Building upon the foundations that we have laid.

In the end, these sprouts that we take back,
We watch them grow at every turn.
We nurture them, that’s we’re here,
To inspire the world to LEARN.

Blackboard #ANZTLC15 Opening Keynote

Blackboard #ANZTLC15 Impromptu Discussion

Blackboard #ANZTLC15 Kaltura Demo

Could bugs like Heartbleed pose issues for biometric authentication?

Heartbleed and Biometric SecurityCould a future bug, with similar implications to that of Heartbleed cause major concern to the future use of biometric security? Following the critical Heartbleed vulnerability in OpenSSL, and reading countless articles online (see below for a few) an interesting conundrum came to my mind.

As we now know, there are three requirements to overcome the effects of the Heartbleed bug on any one server or service:

  1. Patch the affected software on the affected server
  2. Revoke and re-issue the SSL certificates (essentially the private keys used to encrypt traffic between two points such as the end user’s browser and a bank’s web server for example)
  3. Change your password for the affected service/application in case it had been compromised

 

The conundrum focuses on a problem with step 3 and the use of biometric security measures such as fingerprints, retina scans and potentially new vein-scanning technologies. While these technologies are not heavily in use by consumers today they are becoming more commonplace, many users of the new Apple iPhone 5s (myself included) use a fingerprint to speed up unlocking the lock screen and the potential uses are already on the rise as this technology becomes more mainstream.

Taking a high level look at this, from a pure sequence of events (as opposed to analysing how or where the biometric data is stored and/or transferred and how it may or may not be encrypted), I provide the following hypothetical scenario to consider. In 12 months time lets say you can use your fingerprint or a retina scan to get cash out at an ATM, or to identify yourself to your bank and other providers using your smart phone. The technology is in use for a period of time and after a while a bug with similar consequences as Heartbleed happens to be discovered. At that time there may be no clear evidence of whether the bug has been exploited or not, however this actually becomes irrelevant. Taking a worst case scenario, lets say despite the best efforts of the companies, the multiple layers of encryption and all the other security measures that one of the many supporting components of the authentication process has a bug which has, or could potentially cause your biometric details to be exposed, copied or intercepted.

As our primary form of authenticating ourselves today is using a password, we can simply change our passwords which invalidates the potentially compromised user credentials. As I am sure you can now surmise if we were using biometric authentication, we could not simply change our retinas or fingerprints, these stay with us for life. I will admit this is taking the extreme end of a worst case scenario, with any high level security solution, you would expect several layers of protection, but it definitely poses an interesting question of what can be done to invalidate and then re-issue a biometric credential.

Unfortunately I don’t have an answer, I do hope that this might promote some discussion or at least get the idea in the back of a few peoples minds. If anyone has any thoughts or ideas please let me know as I am genuinely curious as to the answer to the riddle. In the mean time, perhaps it is best for us to all strongly consider who we want to hand over our biometric “prints” to… if they are ever compromised you can’t simply change them.

 

Articles that prompted my thinking:

Collusion the new iPad stylus – A video of my first experiences

OK so you will have heard a lot about Collusion from me lately. 😀 Why? Because I love the concept and the team from Collusion are a great bunch of blokes. They have also just released the video they took of me from the first Collusion Beta Backers event so I thought I should definitely share it with everyone. Hopefully this will help answer some of the questions that people have been asking me thus far. As always if you have any questions just drop a comment here :).

Also don’t forget to check out my other posts on Collusion. Or if you want check out the official Collusion site, or the Collusion Project on Kickstarter.