Securing Our Minds: The Need For Brainwave Tech Standards Against Hacking

Editor’s note: Ariel Garten is the co-founder and CEO of InteraXon, a Toronto-based company that builds brainwave-enabled products and applications. In her work as a neuroscientist and entrepreneur, Ariel’s insights into how the human mind works are creating new ways for society to interact with the world – and ourselves – using the power of our brains. Follow her on Twitter: @ariel_garten.

Last month, researchers from UC Berkeley, Oxford, and University of Geneva posted results of a joint research study suggesting hackers could hijack a brainwave-reading headset and attempt to uncover sensitive user information – think PINs and bank information.

As a long-time member of the Brainwave-computer Interface (or BCI) community, I’d like to shed some light on the study and make an ask of the industry. But first, I want to clear up two important pieces of information.

1. Brainwave-computer interface technology cannot actually read your thoughts

What you’re thinking right this moment is not decipherable by any computer today. What is possible is the ability to pick up alpha and beta brainwaves. These waves identify when you’re relaxed or when you’re thinking actively, and then they infer things, such as your state of mind or how alert or excited you are. It allows you to control things by transmitting and translating those signals into computable actions. It also picks up random spikes, or what are called P300 brainwaves, that come up just after something familiar has been shown to you.

In the case of the study, the researchers were able to see these spikes after the person was shown familiar information, e.g. neighborhood, PIN or credit card image. This doesn’t give a malicious hacker your information. It could, though, give them enough to piece together how to steal your information, which is why this study should not be ignored. But assuming a hacker could know what you’re thinking or that the technology itself is intelligent enough to read your mind is still science fiction.

2. Brain hacking isn’t as easy as the study made it out to be

A lot of conditions have to be in place for your brain to actually be “hacked.” The tests uncovering the potential security flaw were constructed showing participants familiar information that, if identified, could cause their personal data to be hacked. They each wore a headset and were presented with images corresponding with information hackers would find valuable.

But if you actually look at what’s being developed by BCI companies today, the vast majority are in gaming. How bizarre would it be to randomly come across your bank’s logo while playing Angry Birds with your mind? Would you really be thinking about your PIN while using a brainwave headset to relax? And remember, you’d have to be shown the exact number on a screen for a hacker to detect it could be hack-worthy information.

This is a lot harder than it appears. Unless a game has you point to your PINs or identify your bank’s name, the likelihood of your information getting hacked while wearing the device is pretty slim.

Looking back at the study, they were only able to show 15 percent improvement in guessing one digit of a person’s PIN at a time. (Note: This is after researchers had already secured the correct answer from participants beforehand.) To acquire an entire PIN using this method, you’d have to guess one digit at a time in the right order, which dramatically reduces the chances of a hacker being successful.

Despite the study’s loopholes, the hysteria arising from it does highlight a real need for our industry to sort out self-regulation and governing of security and ethical measures in a big way.

The Case For A Center For Brainwave Ethics

The brainwave technology industry has made huge research and development breakthroughs in past decades. Consumer technology and medical tools have been created to benefit our daily lives. Without self-regulation, though, the industry could be at risk of potentially halting years of innovation and stunting growth in this field.

For this reason, we at Interaxon are proposing the creation of an industry-led International Center for Brainwave Ethics — a place for the industry to establish security standards and a code of ethics, develop global initiatives, and provide ongoing communications with consumers, developers, decision-makers, government bodies, and businesses on how best to protect brainwave information.

We’ve watched cloning research and development come to a screeching halt when the government began regulating activity. The community had not united to ensure safety and establish standards from the get-go.

Similarly, governments and the Internet industry are battling it out over who controls rights with the introduction of SOPA. In this case, their industry is well beyond the point of uniting.

It’s reasonable for us to assume the government will eventually step in to regulate brainwave technology, but who knows how and when this will happen. This brings me back to why a joint international initiative is so critical now when the industry is still forming.

Having an effective and credible industry-organized group in place will ensure we have a voice in how our industry moves forward. If we do not work to educate, guide, and regulate our work, we become an easy target for hyperbolic hysteria as the “hacking” study headlines have shown.

InteraXon is aiming to create the International Center for Brainwave Ethics for Fall 2012. We’d like to invite other members of the BCI industry and brainwave technology research community to come together, now, at one of the more critical milestones.

If you are interested in getting involved, please email me at

[Image: InteraXon]