Data breaches of private information are constant. In response, information security measures have become ever more complex. The newest security norm, multifactor authentication, requires a password input and a temporary code sent to the user’s phone. But beefed-up electronic security can fail when it’s too inconvenient for people to use properly. For instance, the increased security of a long, complicated alphanumeric password isn’t much use when, as is frequently the case, the password is taped to the back of the computer monitor for anyone to see.
Researchers at UC Berkeley’s BioSENSE program have designed a potential solution to this problem: an earpiece that logs users in by tracking their brain activity. The custom earpiece contains small electrodes that contact the ear canal and detect the tiny electrical changes that occur when neurons fire in the brain. This way of measuring the brain’s electrical activity is called electroencephalography (EEG), and it has been used to study everything from visual perception to broad mental states, such as relaxation and concentration.
However, Nick Merrill, who worked on the earpiece as a graduate student in School of Information Professor John Chuang’s lab, aims to use the earpiece’s readout for authentication. “There are patterns that you can observe in EEG that recur when you think the same thing,” Merrill explains. These patterns of electrical activity were analyzed by machine learning to distinguish between users performing specific, secret mental tasks called passthoughts. For example, a user could unlock their phone by imagining their favorite song. This system has the potential to be especially secure because different people think the same passthought in distinguishable ways, so an imposter could not log in even if they knew the passthought.
While it’s hard to know exactly how the machine learning algorithm recognizes different users and mental tasks, the algorithm seems to pick up on the same parts of the EEG signal that human experts are interested in: periodic oscillations in neural activity called brainwaves. This agreement between human expertise and the machine learning algorithm is evidence that the earpiece works, claims Merrill, but some neuroscientists remain skeptical that the sensor is detecting brain activity at all.
“EEG signal can reflect all the components including brain activity, muscle activity, other movements, and other electrical noises in the environment”, explains Dr. Yuki Murai, a postdoctoral researcher studying visual perception in UC Berkeley’s psychology department. Signals from muscle and eye movements are much stronger than signals from the brain. The placement of the earpiece far from the brain, combined with the small number of electrodes, make detecting brain activity particularly difficult. Instead, subconscious changes in muscle activity or eye movements may be what distinguishes between users and mental tasks. Murai concludes that “as a scientist using EEG, I’m not sure it really reflects thoughts, but still I believe the electrical signals measured by the earbud could be useful to identify a person.
”Whatever the EEG earpiece is actually detecting, the signals are specific enough to discriminate between passthoughts, and the combination of a secret mental task with the user’s unique way of thinking could result in a high level of security. However, with increased security comes new downsides. Professor Deirdre Mulligan, a faculty director of the Berkeley Center for Law & Technology, explains that because users can’t describe how they think their passthought, they lose the ability to share access with others. Moreover, brainwaves are influenced by mental states like stress, which could prevent someone from passing the security barrier if they were, for instance, being held at gunpoint by an intruder. “The phone stays really secure,” Mulligan says, “but if you’re thinking about the security of the person, it might be a slightly different calculus.”
Those concerned about the risks that accompany a password that can’t be shared or transferred, or skeptical about what the earpiece can actually detect, might find it reassuring that the earbuds probably won’t hit the shelves for a while. The current version of the EEG earpiece requires its users to put conductive electrode gel in their ears, making it less than ideal for everyday use. But once the practical hurdles are cleared, passthought-based authentication technology has the potential to be higher security and lower effort than current methods. It’s worth a thought.
Sophia Friesen is a graduate student in molecular and cell biology
Design: Alison Nguyen