INTERVIEW: Solving the Problem of Decentralizing Biometrics with Anonybit CEO Frances Zelazny

Anonybit made its debut last year, and the startup quickly grabbed a major share of attention thanks to its innovative approach to securing biometric data. Essentially, the Anonybit platform is designed to break a given biometric profile into anonymized pieces – dubbed ‘Anonybits’ – which are then scattered across a peer-to-peer network. It’s a decentralized approach to storing identity information, delivering enhanced security by ensuring that there is no single biometric template to be hacked in the event of a data breach. And it’s all offered through a lightweight, easy-to-implement SDK.

It’s a solution that could only have come from a strong foundation of expertise in biometrics and data security, so it’s no wonder that Anonybit was co-founded and is now headed by CEO Frances Zelazny, who previously served as a Chief Strategy and Marketing Officer, and later Strategic Advisor, for BioCatch, a pioneer of behavioral biometrics. In this exclusive interview, Zelazny delves into detail about Anonybit’s game-changing technology, discusses important considerations including privacy and liveness detection, and offers a picture of who has been showing early interest in the startup’s platform, and where the biometrics industry is headed.

FindBiometrics: What is the history of Anonybit and what can you tell me about your unique technology?

Frances Zelazny, CEO, Anonybit: Anonybit started as a project to solve the problem of decentralizing biometrics. My partners and I are all industry veterans, coming out of biometrics, digital identity and cybersecurity and we understand fundamentally that there are two problems with identity management today. First, data breaches continue because there is money to be made. Second, fraud continues because we continue to rely on weak authenticators to identify people. But if we can give attackers nothing to find and nothing to steal, and get to a point where biometrics are the primary means of authentication without fall backs on PINs, passcodes, and knowledge-based authenticators, we will have a world with greater trust in our digital interactions and more faith in the institutions that we are doing business with.

This is what we are aiming for at Anonybit. Our breakthrough infrastructure decentralizes both the storage and the matching function of biometrics so there is no need to store any templates or other PII for that matter in any central honeypot. And because it is in the cloud, there is a built-in backup mechanism that does not rely on devices, location, or other methods that are currently used today to identify people.

FindBiometrics: What are the privacy risks with systems that use traditional methods of biometric data storage, either in-the-cloud or on-device?

Frances Zelazny, CEO, Anonybit: Let’s start with the view of centralized storage, which can be on premises or in the cloud. Storing templates in this manner provides the enterprise more control in terms of who they enroll, how to manage reenrollments, account recovery, etc. But there is no doubt that there is a vulnerability to a breach. This is not theoretical, as we have seen with the Office of Personnel Management (OPM) breach, and others. On the device side, there is no possibility of a breach, per se, as the biometric template is stored in a secured enclave. The downside is that it is not possible to know who is behind the device because the device only sends a yes or no response. So what happens is that the enterprise ends up trading off privacy for security, or vice versa. 

FindBiometrics: What role does Anonybit’s authentication solution play in your overall portfolio?

Frances Zelazny, CEO, Anonybit: One of our products is a turnkey biometric authentication solution that includes liveness detection, decentralized storage, decentralized matching and integration into orchestration platforms. What is unique is that the solution can support multiple authentication needs – from web and mobile applications to physical access control, frictionless payments, time and attendance – pretty much any scenario where you want to make sure that people are who they claim to be without maintaining a central honeypot of data. Because we are doing the matching in the decentralized cloud, Anonybit can become the link between onboarding, account access and account recovery, one of the biggest needs to fill in for identity management. Our decentralized authentication solution is also the security mechanism for our digital asset vault, where private keys, backup passphrase and other secrets can also be stored in a decentralized manner, further protecting people from theft.

FindBiometrics: Where are you seeing the most enthusiasm for your solutions?

Frances Zelazny, CEO, Anonybit: Fundamentally, our mission is to eliminate central honeypots of biometric data. This is a problem that the industry has long sought to achieve. We are getting a lot of enthusiasm for our decentralized biometrics cloud which allows biometrics players to port their algorithms to our infrastructure and build privacy by design solutions on top. The infrastructure is algorithm and modality independent and can support a very wide range of use cases. We’ve already ported a number of facial recognition algorithms and are in the process of working on fingerprint, iris and voice. For the biometrics industry, this approach generates tremendous excitement as it solves the privacy and security problem that is considered to be a hindrance to full mainstream adoption.

What do you see in store for biometrics and identity in 2022?

Frances Zelazny, CEO, Anonybit: The biometrics industry is poised to grow another 20 percent in 2022 alone. We will see biometrics in traditional applications and also in new ones like in the Metaverse. But in order for biometrics to truly be accepted at a societal level, we have to resolve the privacy and security issues. It is incumbent on us as an industry to ensure responsible use guidelines are developed and enforced, from consent, usage and storage. A good starting point would be to decentralize all the biometrics that are collected, so attackers have nothing to find and nothing to steal, and people feel comfortable that the entities that they are entrusting their sensitive data with, will be good custodians of that data.