Re: New open issues in response to draft note on CAPTCHA

A quick search reveals that there's a literature on behavioral biometrics. It would be worth finding out whether disability or accessibility are addressed directly.

On 3/11/19, 09:53, "Janina Sajka" <janina@rednote.net> wrote:

    I think this is correct, Jason.

    I have learned a new buzzword from following up on this post:
    "behavioral biometrics." I think those are the ones that would gives us
    most concern, at least on first blush. Seems IBM is among companies
    involved in that:

    https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.finextra.com%2Fpressarticle%2F66842%2Fibm-adds-behavioural-biometrics-to-security-suite&amp;data=02%7C01%7Cjjwhite%40ets.org%7C1436d67ab41a44781d2a08d6a628f66b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879092197140274&amp;sdata=O66F2Di%2F3HFqEHPrTpXOhCiTAaNjnINufd%2Bb1dpfcrk%3D&amp;reserved=0



    The above is dated 2016, so relatively recent.

    Janina

    White, Jason J writes:
    > Thank you, Janina. A further aspect of the biometrics issue is that, to the best of my knowledge, the biometric data are not shared directly with the party requesting authentication. They are, instead, processed locally by the user's device, and the authentication itself takes place via cryptographic protocols.
    >
    > I'll readily admit that I am not acquainted with the details.
    >
    > On 3/11/19, 09:17, "Janina Sajka" <janina@rednote.net> wrote:
    >
    >     Thanks, Jason.
    >
    >     As I continue to consider the comment we received, I believe we're being
    >     asked to say more about further developments in biometrics. Possible
    >     plain language example is that fingerprint sensors could validate not
    >     only a pattern match in the ridges and valleys that constitute the
    >     traditional fingerprint, but also the presence of a pulse and, blood
    >     flow, and body heat. These would not be available should someone create
    >     a mold from fingerprints left on objects.
    >
    >     I think that's one aspect of the post.
    >
    >
    >     Perhaps even more interesting is his pointer to work attempting to
    >
    >     enhance privacy while supporting noninteractive authentication. He gives
    >     this pointer while suggesting this is just one scheme among several:
    >
    >     https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprivacypass.github.io&amp;data=02%7C01%7Cjjwhite%40ets.org%7C1436d67ab41a44781d2a08d6a628f66b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879092197140274&amp;sdata=IN0RsuQxcHB29tFIx9ZftHlXZy%2BcZQJ2ioeGtCYDjWg%3D&amp;reserved=0

    >
    >
    >     I wonder whether we need do much more than note people are working on
    >     such things, and that noninteractive mechanisms that also protect
    >     individual privacy would be welcome.
    >
    >
    >     The mechanism at the above URI seems different from reCAPTCHA V. 2 in
    >     that it isn't analyzing how users interact with their devices.
    >
    >     That's as far as I've gotten with these latest comments. I welcome
    >     further discussion. Perhaps, should we find we need to say more, we
    >     might need a consult from W3C privacy or authentication people.
    >
    >     Janina
    >
    >     White, Jason J writes:
    >     > I'll add these issues to our agenda for next week's meeting. All Task Force participants are welcome to review and comment on the list in the meantime.
    >     >
    >     > On 3/8/19, 19:50, "Janina Sajka" <janina@rednote.net> wrote:
    >     >
    >     >     Thanks for the heads up, Jason. Yes, I do see three substantive comments
    >     >     from the same poster in the past day or so. I find his writing a bit
    >     >     hard to grok, but it seems there are some good points. We'll need to
    >     >     study these and discuss.
    >     >
    >     >     You may be correct about another publication round.
    >     >
    >     >     Janina
    >     >
    >     >     White, Jason J writes:
    >     >     > Dear colleagues,
    >     >     >
    >     >     > Please note that new issues have been opened on GitHub containing public comments on our "CAPTCHA" draft.
    >     >     >
    >     >     > All of the issues can be reviewed here:
    >     >     > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Fapa%2Fissues&amp;data=02%7C01%7Cjjwhite%40ets.org%7C1436d67ab41a44781d2a08d6a628f66b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879092197140274&amp;sdata=xruFEU0tHf%2F865fA7Lqq49WGoNzFAX9Pz9isKlcxJ4Y%3D&amp;reserved=0

    >     >     >
    >     >     >
    >     >     > ________________________________
    >     >     >
    >     >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >     >     >
    >     >     >
    >     >     > Thank you for your compliance.
    >     >     >
    >     >     > ________________________________
    >     >
    >     >     --
    >     >
    >     >     Janina Sajka
    >     >
    >     >     Linux Foundation Fellow
    >     >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=YH2YalHc9NB7v9dCpw4v3li%2FjLMnNsosdydjrxgZ%2Bs4%3D&amp;reserved=0

    >     >
    >     >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    >     >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7Cc0ad0d4027d44575d02908d6a429447f%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636876894492439672&amp;sdata=uvt%2BD2YXgp0qDm0Pn4xreJwdSKI16QtMcSr9RnZNrRk%3D&amp;reserved=0

    >     >
    >     >
    >     >
    >     >
    >     >
    >     > ________________________________
    >     >
    >     > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >     >
    >     >
    >     > Thank you for your compliance.
    >     >
    >     > ________________________________
    >
    >     --
    >
    >     Janina Sajka
    >
    >     Linux Foundation Fellow
    >     Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=zeqBIzZCDyPe%2FZ4Kxh2tvenq5O9OWxaB6yrPw9HwpRs%3D&amp;reserved=0

    >
    >     The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    >     Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C6113ff19599f4f19621108d6a623f1ef%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879070652445009&amp;sdata=bXbOMlqBA3PpWWHOmUYVWHCnU5Mgzpa4o2rBFk7rsrY%3D&amp;reserved=0

    >
    >
    >
    >
    > ________________________________
    >
    > This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.
    >
    >
    > Thank you for your compliance.
    >
    > ________________________________

    --

    Janina Sajka

    Linux Foundation Fellow
    Executive Chair, Accessibility Workgroup:https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa11y.org&amp;data=02%7C01%7Cjjwhite%40ets.org%7C1436d67ab41a44781d2a08d6a628f66b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879092197140274&amp;sdata=%2FAZW6YpFvtgpTCJcqs%2BWEj5kzEPIQGWXlgDrHLTCq2w%3D&amp;reserved=0


    The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
    Chair, Accessible Platform Architectureshttps://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2Fwai%2Fapa&amp;data=02%7C01%7Cjjwhite%40ets.org%7C1436d67ab41a44781d2a08d6a628f66b%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636879092197140274&amp;sdata=2UYbYWjmO9ogkvYv3I2srfjq1mWWBAxjPV%2BbHo0K8MI%3D&amp;reserved=0





________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

Received on Monday, 11 March 2019 14:20:27 UTC