IEEE Technology and Society Magazine - June 2015 - 35

charge from his own mouth, but a person may be compelled to provide real or physical evidence" [21]. The
author presented several examples, showing how modern
neuroscience is expected to facilitate evidence collection
during criminal investigation. The presented examples
strongly indicate the traditional boundary between testimonial and physical evidence becomes blurry when applied
to evidence collected by neural engineering techniques.
Finally, at the 2011 Ethicomp conference, Whalstrom et al. introduced the question of BCI privacy. The
authors reviewed the European Union's privacy directives and analyzed how the directive's legal context and
requirements apply to emerging BCI privacy issues [27].

Privacy and Security Issues in Neural Engineering
Neural Signals for Identification and Authentication
Based on the observation that neural signals of each
individual are unique and can therefore be used for biometrics [28], many researchers have recognized potential benefits of using neural data for user identification
and authentication [28]-[31], respectively defined as the
identity selection out of a set of identities (identification) and verification that the claimed identity is valid
(authentication). EEG signals have shown to be particularly useful for these applications.
In [31], a method using an a-rhythm was proposed
for identification, and correct classification scores in the
range of 72% to 84% were reported. Further, an EEGbased identification method that uses data collected
only from the two frontal electrodes was proposed in
[32]. In [33], the authors present an overview of biometric identification methods based on EEG, electrocardiogram (ECG), and on skin conductance signals, also
known as electrodermal response (EDR).
In [28], the practicability of different mental tasks for
authentication was investigated, and it was shown that
some tasks are more appropriate for authentication than
others. Finally, [34] proposed neural data can be used
to prevent coercion attacks (also known as rubber hose
cryptanalysis), where users are forced to reveal cryptographic secrets known to them. The proposed approach
is based on the idea of implicit learning. Instead of asking users to consciously memorize a secret and use it for
identification and authentication, in this approach the
users are identified and authenticated based on specific
patterns that they have learned and can use without ever
being aware they know them.

Neurosecurity
In 2009, Denning et al. [35] recognized that "the use of
standard engineering practices, medical trials, and neuroethical evaluations during the design process can create
systems that are safe and that follow ethical guidelines;
june 2015

∕

unfortunately, none of these disciplines currently ensure
that neural devices are robust against adversarial entities
trying to exploit these devices to alter, block, or eavesdrop on neural signals." Potential security threats that can
be mounted against implanted neural devices were identified, and the term "neurosecurity" was introduced as "the
protection of the confidentiality, integrity, and availability
of neural devices from malicious parties with the goal of
preserving the safety of a person's neural mechanisms,
neural computation, and free will" [35].

Brain Spyware - BCI-Enabled Malicious Application
At the 2012 USENIX Security Symposium, Martinovic
et al. [7] presented the first malicious software designed
to detect a user's private information using a BCI. They
referred to is as the "brain spyware." The authors used a
commercially available BCI to present users with visual
stimuli and record their EEG neural signals. They focused
on the P300 response, and analyzed the recorded signals
in order to detect users': a) 4-digit PINs, b) bank information, c) months of birth, d) locations of residence, and e) if
they recognized the presented set of faces.
While the authors of [7] have focused only on the P300
response, it is not hard to imagine brain spyware applications being developed to extract private information about
users' memories, prejudices, and beliefs, but also about
their possible neurophysiological disorders. Currently, there
does not seem to exist a way to resist these attacks.
Moreover, recent results [36] show that attempts at willful
deception can themselves be detected from an individual's
neural signals. Going a step further, the same authors [36]
show that non-invasive brain stimulators, emitting imperceptible DC electrical currents, can be used to make a
user's responses noticeably slower when attempting to lie.
Thus, there is a growing need to address the potential
privacy and security risks arising from the use of BCIs,
in both medical and non-medical applications. As a first
step, we are exploring which components of the EEG signal can be used to infer private information about a user,
and quantifying the amount of exposed information.

Threat Model
Consider an example model of an attacker who uses BCIs
to extract private information about users. We assume
this will involve non-invasive BCI devices, mostly intended
for consumer use. Manufacturers of non-invasive EEGbased BCIs generally distribute software development
kits and guides with their products, as well as technical
support. Their intention is to promote application development, but such "open- development" platforms may compromise user privacy and security, since there is currently
no review process, standards, or guidelines in place to
protect users: nor is there technical protection to restrict
inappropriate or malicious BCI use.

IEEE Technology and Society Magazine

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - June 2015