Foreword

Welcome to the 16th edition of Predictions for the Technology, Media and Telecommunications (TMT) sectors.

This edition introduces a number of changes.

For the first time we are including predictions for all three sectors together, and not splitting them, as we had done in prior years. This reflects TMT's evolution: with every year the overlap between these sectors has become greater, and multiple predictions are relevant to more than one sector. Assigning a prediction to a specific sector had in some instances become misleading. So from this year on, all topics are part of the same list.

The introduction of dedicated machine learning capability to smartphones (page 20) is relevant to all industry sectors, not just the technology or telecommunications verticals. Faster mobile networks, as well as dedicated Internet of Things networks, both of which will be enabled by 5G networks, are again universally relevant (page 14). The mainstream ubiquity of biometric sensors, mostly in the form of fingerprint readers on smartphones, could revolutionize authentication (page 2). Cybersecurity is an evergreen topic to all sectors; understanding the threat of distributed denial of service (DDoS) attacks is particularly relevant in 2017 for reasons explored on page 6. Understanding device adoption trends, including consumer attitudes to tablet computers, is key for any company with an online presence (page 33). The growth of IT-as-a-Service is important to all companies with IT spend: in other words, almost every company (page 40).

A second change is to include medium term predictions, looking out into the next decade. Some developments, such as the deployment of 5G cellular networks (page 14), the introduction of automatic emergency braking (page 10), and the use of indoor navigation (page 24) will likely take years to manifest fully, but it is as important to understand the implications of these topics in 2017, as it will be over the coming years.

We have maintained a sector focus too. The TV market remains the most important part of the media industry, and its output is increasingly strategic to technology and telecommunications companies. This year we explain the US TV advertising market's resilience in the face of, and because of, digital (page 30). We also contextualize one much-publicized counter-trend: the rise of vinyl (page 38).

Prints charming: biometric security reaches the billions

Deloitte Global predicts that the active base of fingerprint reader-equipped devices will top one billion for the first time in early 2017. Additionally we expect each active sensor will be used an average of 30 times a day, implying over 10 trillion aggregate presses globally over the year1.

Deloitte Global further predicts that about 40 percent of all smartphones in developed countries will incorporate a fingerprint reader as of end-2017. This compares to 30 percent as of mid-20162. We expect that at least 80 percent of users with a fingerprint reader-equipped smartphone will use this sensor regularly; this compares to 69 percent of users in mid-20163.

Over 90 percent of active devices with fingerprint readers will likely be smartphones and tablets4. Three years ago, these sensors were only included in premium models but in 2017 they are likely to be included in most mid-range models. By the end of the decade we expect fingerprint readers to have become as ubiquitous as front-facing cameras on smartphones and available on all but the cheapest models. By this time fingerprint sensors are likely to have been incorporated into a range of other devices, from laptop computers to remote control devices, for identification and authentication purposes.

The smartphone fingerprint reader's success is due to its ability to provide a rapid and discreet way, relative to passwords, of unlocking phones and authenticating transactions (see sidebar: Factors of authentication). It is a challenge for most people to remember multiple strong passwords for their growing number of online accounts, and by 2020 the average user may have 200 online accounts5,6. In addition, it is particularly hard to enter them on a smartphone, yet this is the device that most people have with them throughout the day.

The set up process for fingerprint readers typically takes 15-30 seconds per fingerprint. The corresponding data is normally stored on the device in a secure enclave and not uploaded to the cloud. Authentication occurs when the fingerprint on the reader matches the 'image' stored on the device. For smartphones that use a capacitive sensor, as do the majority of the installed base as of early 2017, the 'image' that is captured is a description of the fingerprint's characteristics, including arches, loops and whorls as well as variations, such as pores7.

Factors of authentication

Establishing that someone is who they say they are relies on what are known as factors of authentication. There are three broad categories:
  • a knowledge factor (something a person knows, such as a password, PIN, or a challenge-response such as "what was the name of your first dog?")
  • an inherent factor (something a person is or does, such as a signature, biometric fingerprint, voice print, iris, face, or retinal pattern8)
  • an ownership factor (a physical object that a person has, such as an identity card, passport, bank card or a digital device with a hardware or software token).
Factors that had been regarded as reliable authenticators are now being seen as less reliable. Some of the challenges with passwords are discussed later, people can lose physical objects and signatures are not very secure inherent authenticators.

The smartphone is likely to be regarded as a strong all-in-one authentication tool as it can conveniently combine all three factors:
  • knowledge: smartphone access is based on a range of knowledge factors, for example by entering a PIN. These are likely to be used in a complementary way to fingerprint readers in the medium term. If additional authentication is needed beyond biometric inputs, a call can be placed to the phone to ask challenge-response security questions
  • inherent: as mentioned later, multi-factor authentication biometric data is readily available
  • ownership: people tend to have their smartphone with them, and owners soon become aware if phones are left behind or lost. In contrast, an office access card, if left at work on a Friday, may not be missed until the Monday. Passports may be mislaid for months before their owners realize and in that time may have been used constantly. Furthermore, as smartphones are connected devices, if they do go missing, their whereabouts can be more readily tracked. If the phone is stolen, it can be remotely wiped and disabled. If a device's software has become compromised, an update can be sent over-the-air.

The main purpose for the trillions of aggregate uses of fingerprint readers in 2017 is likely to be for unlocking phones and tablets, typically dozens of times per day. The usage will be markedly increased from late 2013, when the first commercially successful fingerprint reader equipped phone launched. At this time very few people would ever provide biometric data – perhaps only when entering certain countries – and would do so infrequently. As the ubiquity of the fingerprint reader grows, Deloitte Global expects a growing proportion of apps and websites to support the technology, primarily as an alternative to password entry.

The fingerprint reader's reliability, particularly with regard to its ability to spot fake fingerprints, is likely to be challenged at times in 2017. Earlier models of fingerprint readers were relatively susceptible to spoofing but9, in reality, capturing a fingerprint that can be used to spoof a reader on a two-year old phone may require an unrealistic degree of cooperation from the intended victim. One approach to creating a copy of a print requires placing the victim's finger in dental putty or wood glue for a few minutes, then creating a mold. A spoof of this kind may make for an entertaining demonstration at a trade fair but is unlikely to reflect real life conditions10.

The very latest fingerprint readers based on ultrasonic technology take a detailed image of the fingerprint and are reputed to be hard to spoof. They may even be able to determine readily whether a finger is live or a model11.

A further benefit of ultrasonic sensors is that they function in humid or wet conditions. In traditional readers with capacitive sensors, water on the surface of the finger may inhibit the sensor. Ultrasonic fingerprint readers read a 3D-image of the print that is generated by ultrasonic waves, which are unaffected by water. It therefore works with wet or dry hands.

The fingerprint is the biometric trailblazer

Billions of smartphones and tablets are expected to be capable of processing and collecting multiple types of biometric inputs, including face recognition, voice pattern and iris scan in 2017, but usage of fingerprints is likely to lead the way. Deloitte Global expects, as of end-2017, that the percentage of smartphone or tablet owners using facial, voice or iris recognition for authentication will be less than five percent compared to 40 percent for fingerprint readers12.

The fingerprint reader has the lead despite being the most recently introduced sensor. Voice recognition has been a possible biometric input ever since the arrival of mobile phones as a microphone is built into every device. Iris and facial recognition is possible with any device with a front-facing camera, although the quality of the lens and the processor affects both speed and accuracy.

The challenge with voice recognition is that this technology may struggle when used in a noisy area. Additionally, its usage might be considered distracting or antisocial when used, for example, in an open-plan office or during a meal. Voices are easily captured by would-be criminals through recordings. A possible solution would be the combination of voice recognition with challenge-response techniques such as repeating a specific phrase, or answering a security question.

Facial recognition often requires similar lighting conditions to those in which the reference images were taken; if not, false negatives are likely13. Glasses, hats and scarves further reduce the effectiveness. Iris recognition may require precise positioning and specific light to work and is sensitive to reflections so it can be affected by the use of contact lenses or glasses. A further challenge with facial and iris recognition is the ease of spoofing: both may be fooled by a photograph of the face or eye. A workaround would be to use interactive facial recognition; for example, a system that would require the subject to blink. However, a cleverly constructed video or a series of photos could still deceive the system14.

By contrast, fingerprint recognition works in the dark and can be carried out while the user is walking – or riding in the back of a speeding car on a bumpy road.

From biometric phones to other devices

Biometric recognition, such as fingerprints, is new to the smartphone but has been in use for decades. The smartphone, however, is making everyday usage of biometrics familiar and may have dispelled some of the taboos associated with provision of biometric data.

Deloitte Global predicts that mainstream adoption of smartphone biometrics will act as a catalyst for the deployment of biometric sensors in other environments.

For example, finger vein and palm vein scanners which use near- infrared light to see an individual's vein structure can be integrated into automated teller machines (ATMs) as an alternative to PIN entry, or be incorporated into the authorization process for high- value business-to-business transfers. Schools could use a vein scanner as a means of authenticating access to the building and also registering when a pupil has left. The technology could be used by students to check in and out of classes or to pay for food and stationery supplies.

A growing number of countries may consider using biometrics in national identity schemes. The largest scheme so far is in India, which collects facial, fingerprint and iris data. In 2016, the scheme surpassed one billion registrants15.

The usage of biometrics is millennia-old but its large-scale adoption in modern technology has taken place only in recent years and is likely to become increasingly sophisticated and effective in 2017 and in years to come16.

The bottom line

There are multiple private and public organizations which should consider how best to exploit the growing base of fingerprint readers and the large number of individuals who have become accustomed to using them on their phones.

The challenge is to determine which additional applications could use fingerprint readers and other biometric inputs to provide rapid and secure authentication:
  • financial institutions: Deloitte research found that 43 percent of adult smartphone users in developed markets use their phones to check their bank accounts17. Banks could benefit by exploring how best to use biometric identifiers in fraud detection, access to or opening of new accounts by customers, and payments authorization.
  • retailers – online commerce: the fingerprint reader could be used to provide a one-tap checkout, but this requires the consumer to have downloaded the app, as well as input information such as credit card data, and a preferred billing address. Deloitte research has found that the majority of smartphone owners have downloaded 20 or fewer apps on to their phone18. But the ability to make fast and secure payments may be sufficient incentive to encourage users to download an additional app.
  • retailers – in-store commerce: in-store payment apps can use near-field communication (NFC) technology to enable the user to authenticate a payment by putting their finger on a sensor and holding the phone near the NFC reader. This eliminates the need to enter a PIN.
  • enterprise users – access to data: biometrics could be used as an alternative to entering a password to get access to email, intranet and other such services. Timesheets could be accessed and authenticated via a tap. Deloitte research has found that current usage of enterprise apps is low18. A simple but secure means of authentication could catalyze adoption.
  • enterprise users – physical security: biometrics could be used to control entry into a building and therefore eliminate reliance on passes. Biometrics, unlike passes, cannot be swapped. Nor can they be left at home.
  • media companies – online subscription services: providers of music, premium news, television or other content held behind a paywall could control illicit sharing of user IDs and passwords by requiring users to authenticate themselves using fingerprints. A single-user account could be tied to one set of fingerprints and the prints would be far harder to share than a password.
  • government services: biometrics could be used as an additional way of accessing services such as tax payments, access to medical records and even e-voting19. The latter might encourage younger people to vote. Currently this group tends to have high levels of smartphone ownership and usage but lower than average participation in voting.

This prediction has focused mostly on the usage of fingerprint readers but the smartphone's presence in all aspects of our daily lives lends itself well to combined use of other data unique to us such as typing patterns and location information. Deloitte Global would expect blended usage of various biometric inputs, known as multi-factor authentication, to become increasingly popular20. It would provide still more robust authentication. For example, a banking app could use both fingerprint and voice recognition, with the fingerprint providing initial access and voice inputs additional verification.

To read this Report in full, please click here.

Footnotes

1. Deloitte Global analysis based on conversations with industry experts, a variety of publicly available sources and results from the Deloitte's Global Mobile Consumer Survey data across 23 countries (Argentina, Australia, Belgium, Brazil, Canada, China, Finland, France, Germany, India, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, Norway, Poland, Russia, South Korea, Sweden, UK, and US). Deloitte's Global Mobile Consumer Survey (GMCS) refers to Deloitte's individual member firms' 2016 GMCS survey results. For more details, see Deloitte's Global Mobile Consumer Survey: www.deloitte.com/gmcs

2. This data is from Deloitte's Global Mobile Consumer Survey across in 15 developed countries (Australia, Belgium, Canada, Finland, France, Germany, Ireland, Italy, Japan, Luxembourg, Netherlands, Norway, Sweden, UK, and US). Deloitte's Global Mobile Consumer Survey (GMCS) refers to Deloitte's individual member firms' 2016 GMCS survey results. For more details, see Deloitte's Global Mobile Consumer Survey: www.deloitte.com/gmcs

3. Ibid.

4. There are also likely to be fingerprint readers available in laptops, but on a scale far smaller than found in smartphones and tablets, at least in 2017. Other examples will also exist, such as in airports, for national ID programs and for building access.

5. Passwords have inherent limitations. Ideally they should get steadily stronger over time, as the digital tools used to crack them become ever more powerful. A stronger password is longer and composed of a blend of numbers, letters and special characters, in a sequence that does not resemble a word. 'Pa$$w0rd' is easier to remember but not ideal. Those blessed with an exceptionally precise memory could create ever longer passwords for a growing range of services. However, for most people, between five and nine characters is the limit. When people are asked to create strong passwords for a rising number of services, and to refresh them every three months, their typical response is to use the same password for multiple accounts.

6. A world beyond passwords: Improving security, efficiency, and user experience in digital transformation, Deloitte University Press, Deloitte Development LLC, 25 July 2016: http://dupress.com/articles/moving-beyond-passwords-cybersecurity/

7. For more detailed description of how this works see How fingerprint scanners work: optical, capacitive, and ultrasonic variants explained, Android Authority, 5 February 2016: http://www.androidauthority.com/how-fingerprint-scanners-work-670934/

8. For more information, see Authentication, Wikipedia, as accessed on 29 November 2016: https://en.wikipedia.org/wiki/Authentication

9. Your smartphone fingerprint reader could be hacked using paper and ink, Naked Security, 8 March 2016: https://nakedsecurity.sophos.com/2016/03/08/your-smartphone-fingerprint-reader-could-be-hacked-using-paper-and-ink/

10. Can you really hack a smartphone with Play-Doh?, CNBC, 25 February 2016: http://www.cnbc.com/2016/02/24/can-you-really-hack-a-smartphone-with-play-doh.html

11. For more information, see Breakthrough 3D fingerprint authentication with Snapdragon Sense ID, Qualcomm Technologies, 2 March 2015: https://www.qualcomm.com/news/snapdragon/2015/03/02/breakthrough-3d-fingerprint-authentication-snapdragon-sense-id

12. Deloitte Global analysis based on conversations with industry experts, a variety of publicly available sources and results from the Deloitte's Global Mobile Consumer Survey data across 23 countries. Deloitte's Global Mobile Consumer Survey (GMCS) refers to Deloitte's individual member firms' 2016 GMCS survey results. For more details, see Deloitte's Global Mobile Consumer Survey: www.deloitte.com/gmcs

13. A facial recognition tool may perceive more of a difference between the same person in varying lighting conditions, than between two different people with similar lighting. See Face Averages Enhance User Recognition for Smartphone Security, PLOS ONE, volume 10, US National Library of Medicine National Institutes of Health, 25 March 2015: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4373928/#pone.0119460.ref014

14. It is also possible to fool facial recognition by creating a mask of the person being imitated. Arguably the investment required to do so would put off most fraudsters. For more information, see Banking biometrics: hacking into your account is easier than you think, Financial Times, 4 November 2016: https://www.ft.com/content/959b64fe-9f66-11e6-891e-abe238dee8e2 (requires subscription)

15. Dashboard Summary, Unique Identification Authority of India, National Institute of Justice, as accessed on 24 November, 2016: https://portal.uidai.gov.in/uidwebportal/dashboard.do

16. Chapter 1, Fingerprint Sourcebook, International Association for Identification, et al., July 2011: http://www.nij.gov/publications/pages/publication-detail.aspx?ncjnumber=225320

17. Deloitte's Global Mobile Consumer Survey, conducted in 15 developed countries. Deloitte's Global Mobile Consumer Survey (GMCS) refers to Deloitte's individual member firms' 2016 GMCS survey results. For more details, see Deloitte's Global Mobile Consumer Survey: www.deloitte.com/gmcs

18. Ibid.

19. This article describes a hypothetical implementation of voting using a smartphone and biometrics. See Security System for Mobile Voting with Biometrics, Journal of Mobile, Embedded and Distributed Systems – JMEDS, Vol. 7 No 3 (2015): http://www.jmeds.eu/index.php/jmeds/article/view/Security_System_for_Mobile_Voting_with_Biometrics/pdf_33

20. For example, see HSBC launches biometric security for mobile banking in the UK, Computer Weekly, 19 February 2016: http://www.computerweekly.com/news/4500273410/HSBC-launches-biometric-security-for-mobile-banking-in-the-UK

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.