THE SOURCE: "Digital Fingerprints" by Julie J. Rehmeyer, in Science News, Jan. 13, 2007.
ILLICIT ONLINE ACTIVITY--from hacking to sexual predation to communication between terrorist cells--requires anonymity. But that same cloak of privacy enables free speech on the Internet and helps protect the identity of whistleblowers. Now researchers are beginning to uncover new ways to identify individuals online, using such unique markers as typing rhythms, punctuation patterns, and Web-surfing habits. While such techniques can increase online security and help law enforcement agencies combat fraudulent activity, they also unlock troubling surveillance possibilities that are raising concerns among civil libertarians.
The ability to identify people through the timing of their keystrokes grew out of a 1980 study by Rand Corporation researchers, according to Julie Rehmeyer, a former Science News editorial aide. In the study, seven trained typists keyed in three separate passages, then repeated the task four months later. Without fail, analyzing only "the grids of data showing average pauses between pairs of letters," says Rehmeyer, researchers were able to correctly match all seven typists with their keystroke profiles. Rehmeyer likens the process to the way British intelligence officers eavesdropped on German radio operators during World War II. Although unable to decipher the coded messages being sent, the British soon learned to recognize operators' "fists"--signature styles of signal tapping--and were able to track the movements of their military units by triangulating the identified signals.
Online security companies are now developing software tools that utilize "typeprint-security" technology. California-based iMagic Software, for instance, markets a program that asks users to key in their passwords several times; thereafter, reports Rehmeyer, the program "permits access only if the keystroke timing is sufficiently similar to its initial data. …