Prepare to be scanned
 |
 |
Biometrics: High-tech security
systems that rely on detailed
measurements of the human body,
known as biometrics, are taking
off. But should they be?
IT HAS been a long time coming.
But after years of false starts,
security systems based on
biometrics—human characteristics
such as faces, hand shapes and
fingerprints—are finally taking
off. Proponents have long argued
that because biometrics cannot be
forgotten, like a password, or
lost or stolen, like a key or an
identity card, they are an ideal
way to control access to computer
networks, airport service-areas
and bank vaults.
But biometrics have not yet spread
beyond such niche markets, for two
main reasons. The first is the
unease they can inspire among
users. Many people would prefer
not to have to submit their eyes
for scanning in order to withdraw
money from a cash dispenser. The
second reason is cost: biometric
systems are expensive compared
with other security measures, such
as passwords and personal
identification numbers. So while
biometrics may provide extra
security, the costs currently
outweigh the benefits in most
cases.
In the wake of the terrorist
attacks of September 11th 2001,
however, these objections have
been swept aside. After all, if
you are already being forced to
remove your shoes at the airport,
and submit your laptop for
explosives testing, surely you
will not object to having your
fingers scanned too? The desire to
tighten security in every way
possible, particularly in America,
also means the funds are being
made available to deploy
technology that was previously
regarded as too expensive to
bother with.
As a result, biometrics are
suddenly about to become far more
widespread. America will begin
using biometrics at its airports
and seaports on January 5th. Under
the new US-VISIT programme, all
foreigners entering on visas will
have their hands and faces
digitally scanned. This will
create what Tom Ridge, America's
homeland-security supremo, calls
“an electronic check-in and
check-out system for foreign
nationals”. American citizens will
also be affected, as new passports
with a chip that contains
biometric data are issued from
next year. And the new rules
specify that by October 26th 2004,
all countries whose nationals can
enter America without a
visa—including western European
countries, Japan and
Australia—must begin issuing
passports that contain biometric
data too. Moves to create a
European standard for biometric
passports are already under way,
and many other countries are
following suit: Oman and the
United Arab Emirates, among
others, will begin issuing
national identity cards containing
biometrics next year. Britain's
planned new national identity card
will also include biometrics.
In other words, governments either
do not believe that the costs of
biometrics still outweigh any
potential benefits or, more
likely, fearing more terrorism
they simply do not care. This
could be an expensive choice.
Recent reports from groups such as
the General Accounting Office
(GAO), the investigative arm of
America's Congress, and America's
National Academy of Science (NAS),
point out that, while the
political environment has changed,
the technology has not. Biometrics
still do not work well enough to
be effective for many of the
applications in which they are now
being deployed.
Even John Siedlarz, who co-founded
the International Biometrics
Industry Association to promote
the sale and use of the
technology, says that “recent
congressional requirements are
premature in my view.” Despite
this concern from industry
experts, politicians are keen to
push onwards, and not only in
America. Otto Schily, Germany's
interior minister, recently
declared his support for increased
use of biometrics, asking: “How
else would you propose to improve
security?” Similarly, America's
Justice Department responded to a
recent GAO report by saying that
the government is in a hurry to
deploy biometrics—so why couldn't
the GAO just get on board? It is
difficult to avoid the conclusion
that the chief motivation for
deploying biometrics is not so
much to provide security, but to
provide the appearance of
security.
I am whoever I say I am?
The claim that biometrics are not
ready for widespread application
may seem puzzling, given the
advances in computer technology.
To understand the reservations of
the experts, it is necessary to
take a closer look at how
biometrics work.
Biometrics can be used in two
ways. The first is identification
(“who is this person?”), in which
a subject's identity is determined
by comparing a measured biometric
against a database of stored
records—a one-to-many comparison.
The second is verification (“is
this person who he claims to
be?”), which involves a one-to-one
comparison between a measured
biometric and one known to come
from a particular person. All
biometrics can be used for
verification, but different kinds
of biometric vary in the extent to
which they can be used for
identification. They also vary in
cost, complexity and
intrusiveness. So which biometrics
have been chosen for the new
passports, visas and identity
cards, and why?
The oldest biometric is the one we
use most frequently—a person's
face. But while recognising faces
is something that people can do
easily, computers find it very
difficult. Most computerised
face-recognition systems work by
building a template based on 30 or
so “markers”—the positions of the
edges of the eyes, the cheekbones,
the base of the nose, and so on.
These markers are chosen so that
they are unaffected by expression
or the presence of facial hair.
Matching faces is then a matter of
matching the templates.
However, the results of an
American government test released
in March cast doubt on the
accuracy of face-recognition
systems. The test, called the Face
Recognition Vendor Test, used
systems from ten leading firms and
a database of 121,589 images of
37,437 people. None of the systems
worked well in a formal
identification mode when shown a
face and asked to identify the
subject; nor did they work well
when trying to recognise a face
surreptitiously. However, three of
the systems could be used for
verifying identity in a controlled
environment, such as the booths
used to take passport photos.
“Biometrics
still do not work well enough for
many applications in which they
are being deployed”
Joseph Atick of Identix, a
biometrics vendor based in
Minnetonka, Minnesota that took
part in the test, insists that the
deployment of his company's system
by customers such as the state of
Colorado, which is using it to try
to prevent individuals from
obtaining multiple driving
licences, attests to the viability
of facial biometrics. But Joel
Lisker, a biometrics consultant
who has worked extensively with
America's Transportation Security
Administration (TSA), says
face-recognition systems have yet
to prove themselves. In the TSA's
own tests, not a single wanted
person was spotted.
|
A hands-on approach
The first biometric technology to
become widely used was hand
geometry. It involves scanning the
shape, size and other
characteristics (such as finger
length) of some or all of the
hand. Users are required to make
some claim about who they are—by
swiping a card, for example—before
a scan. The biometric template of
the person they claim to be (in
some cases, stored on the card
itself) is then compared with the
scan.
Because it relies on comparatively
simple sensors, hand geometry does
not require the fancy technology
that underpins other biometric
systems, which gave it a head
start. Bill Spence of Recognition
Systems, a biometrics company
based in Campbell, California,
says San Francisco's international
airport has used hand-geometry
systems to control employee access
since 1993. Another system, at Ben
Gurion airport in Israel, uses
hand geometry to allow trusted
passengers to pass security
control. A similar system deployed
in America, called INSPASS, allows
frequent travellers to the United
States to skip immigration queues
at several large airports.
Hand-geometry systems are already
used to control access and verify
identities at many airports,
offices, factories, schools,
hospitals, nuclear-power plants
and high-security government
buildings. They are also used in
“time and attendance” systems, in
which shift workers clock on and
off using their
handprints—preventing time-card
fraud through “buddy punching”.
One benefit of hand geometry is
that unlike fingerprint scanning,
it is not stigmatised by an
association with law enforcement.
However, hand geometry has a key
problem: people's hands do not
differ enough for it to be used as
an identification system. As a
result, says Dr Atick, hand
geometry's market share is
plunging.
The technology which is perhaps
most responsible for the decline
in hand geometry is finger
scanning. Ink-based fingerprints
have been in use for over a
century, but in recent years they
have gone digital. Modern
electronic systems distil the
arches, loops and whorls of
conventional fingerprints into a
numerical code. This can be
compared with a database in
seconds and with an extraordinary
degree of accuracy. Identix, which
sells such a system, was recently
selected by America's Department
of Homeland Security to provide
fingerprint scanners at
Citizenship and Immigration
Services offices across the
country. |
The remarkable success of
fingerprints as a forensic tool
for law-enforcement agencies has
come about because these agencies
take fingerprints very
meticulously. All ten fingers are
used, and each finger must be
rolled back and forth, to get
“nail-to-nail coverage”. Such
thoroughness is appropriate in a
police station, however, but not
in an airport. Another problem is
that around 5% of people do not
have readable fingerprints, either
because their fingerprints are
genetically indistinct or because
years of manual labour have worn
them down.
And while the technology is now
relatively cheap—basic digital
fingerprint readers cost less than
$100—it is not foolproof. Some
fingerprint scanners can be
spoofed with nothing more than a
breath of hot air, which
reactivates latent prints left on
the scanner. And Tsutomu
Matsumoto, a researcher at
Yokohama National University, was
able to fool fingerprint scanners
around 80% of the time using
fingers made of moulded gelatin. |
 |
An eye for an eye
Another option is to scan the eye.
Such systems date back to the
1970s, when the retina, the
surface of the back of the eye,
was considered the useful bit,
mostly because medical techniques
for probing it had been developed.
The iris, the coloured part
surrounding the pupil, had been
less thoroughly investigated.
However, almost all experts now
agree that the iris makes a better
biometric than the retina, because
it can be more easily examined.
The use of cameras to measure the
fibres, furrows and freckles in
the iris is familiar from numerous
spy films, with good reason: iris
scanning is generally deemed to be
the most reliable biometric.
According to Peter Higgins, a
biometrics consultant, the most
widespread use of iris biometrics
to date has been in Afghanistan,
where the United Nations High
Commissioner for Refugees (UNHCR)
is using iris scans to attempt to
prevent refugees from collecting
benefits more than once. Though
the system has logged over 7m
transactions, Mr Higgins points
out that, because it is impossible
to collect meaningful statistics
in such an uncontrolled
environment, no one has any idea
how well the system has performed.
Smaller-scale tests of other
state-of-the-art iris systems,
described in a GAO report,
indicate that the rate of false
non-matches can be as a high as
6%. This would mean that one in 20
attempts to claim benefits twice
would be successful. Given the
paltry sums being given to each
refugee, it is not clear that the
cost of deploying this anti-fraud
system was justified. However, the
UNHCR points out that it may have
had a useful deterrent effect.
Other biometrics include voice
recognition, which is cheap, but
not terribly reliable; gait
recognition, which attempts to
recognise people from the way they
walk; dynamic
signature-recognition, based on
analysis of the shape of a
signature and the way the pen
moves while it is being written;
and thermal imaging, which seeks
to identify people by the pattern
of heat which their bodies emit.
But none of these technologies is
taken seriously enough for use in
a passport.
Given all the limitations of
individual biometrics, the best
way forward in the long run,
according to a forthcoming paper
by Anil Jain, a biometrics expert
at Michigan State University, will
be the use of “multibiometric”
systems. These combine several
different biometrics in a single
security system with almost
universal coverage. For even if
someone's fingerprints cannot be
read, it is likely that his irises
can be, and vice versa.
Furthermore, Dr Jain points out
that combining several different
systems can lead to substantial
improvements in error rates. |
And the winner is...
So it is only logical to expect
biometric passports and visas to
take a multibiometric approach.
America has decided on a
combination of finger scanning and
face recognition, and Europe seems
to be leaning towards the same
combination. Oman and the United
Arab Emirates will issue biometric
identity cards based on
finger-scanning technology, to
which Britain plans to add iris
scans. All of these plans accord
with the recommendation of the
International Civil Aviation
Organisation, which recently
proposed that finger scanning
should be adopted as an
international standard, chiefly
because fingerprint readers are
much cheaper than iris scanners.
However, America is also adopting
face recognition because, say
officials, they do not have the
fingerprints of many terrorists,
but they do have pictures. While
this sounds like a logical
explanation, Mr Higgins notes
that, given the high error rates
of facial-recognition systems, in
relying on such a system, “you
would really be exposing
yourself.”
|
The other critical choice, driven
by the limitations of biometric
technology, is that these
biometrics will be used for
verification, not identification.
That is because identification is
simply not feasible with databases
containing millions of users.
There are two key measures of how
good a biometric system is: the
false match rate, and the false
non-match rate. These two can be
balanced against each other. Tune
the system to be tolerant, so that
everything matches, and you have a
false non-match rate of zero, but
a very high false match rate;
conversely, in a system that is so
strict that it allows no matches,
the false match rate is zero, but
the false non-match rate is 100%
In an identification system,
particularly one that has to
search a large database of
millions of templates, the task is
much harder. Even a false match
rate of one in 10,000 would
produce thousands of false
matches. And if you are trying to
spot members of a small group of
known terrorists, even the best of
today's biometric systems produce
hundreds of false matches for
every correct match with a
terrorist. The result is that the
system is flooded with false
alarms, which are routinely
ignored, providing almost no
additional security. As a result,
the new border-control systems now
being implemented at American
border posts are merely
verification systems. |
 |
Now for the catch
The trouble is, it is not clear
that these identity-verification
systems are worth the cost and
trouble of introducing them. All
19 of the September 11th hijackers
entered the United States using
valid visas, on their own
passports, for example. Verifying
their identities using biometric
visas would have made no
difference.
Worse, spending the billions of
dollars that the GAO estimates
will be necessary to implement
biometric systems at
border-crossing points—$1.4
billion to $2.9 billion initially,
and $700m to $1.5 billion annually
thereafter—may mean there is less
to spend on other areas of
security. America has long
land-borders with Canada and
Mexico, and tens of thousands of
miles of coastline. Using
biometrics at airports does little
to reduce the level of illegal
immigration, since most such
entries do not occur at airports,
but over the far more porous land
and sea borders. The new system
will, however, be ideally suited
for spotting tourists or students
who overstay on their visas, but
that is a trivial issue.
The cost of the new system will
not just be financial. All visas
will now have to be issued face to
face, so that scanning can take
place. This will put a huge
administrative load on America's
consulates around the world, which
currently issue two-fifths of
visas by post.
Given the limitations of current
biometric technology, the Big
Brotherish concerns raised by
privacy advocates are largely
misplaced, at least for the time
being. Other technologies, such as
internet wiretapping and the
ability to track the location of
mobile phones, will arguably make
much more substantial
encroachments on privacy over the
next few years.
However, in the long term,
biometrics, by their very nature,
will compromise privacy in a deep
and thorough fashion. If and when
face-recognition technology
improves to the point where
surreptitious cameras can
routinely recognise individuals,
privacy, as it has existed in the
public sphere, will in effect be
wiped out. No doubt there will be
some benefits: fraud, in
particular the persistent and
increasingly annoying problem of
identity theft, might be
substantially reduced if
biometric-identification systems,
introduced in the form of
passports, visas and identity
cards, become widespread. But
privacy advocates argue that such
benefits are not worth the risk of
“function creep”—that once
biometric passes have been issued
by governments, it will be
tempting to use them for all sorts
of things, from buspasses to
logging on to your office PC.
Spurred by the misplaced
enthusiasm of governments around
the world, biometrics seem headed
for dramatic growth in the next
few years. But calm, public
discussion of their benefits and
drawbacks has been lamentably
lacking. Such discussion is
necessary both to prevent the
waste of public money in the short
term—for the most part, the
private sector has been wiser in
its adoption of biometrics—but
also to regulate what will
eventually have the potential to
become a powerful mechanism for
social control. |
|
News
