The International Biometrics & Identification Association (IBIA) has responded to a recent report that described biometric systems to identify individuals as “inherently fallible.” In a press release issued today, the trade association writes:
On September 24, the National Research Council (NRC) released a report entitled Biometric Recognition: Challenges and Opportunities. In IBIA’s view, the NRC release statement, report summary, and subsequent negative press coverage create the inaccurate impression that biometrics is fundamentally flawed and not ready for general use.
To the contrary, experience over the past decade has shown that biometric technology significantly enhances the effectiveness of many identity-based systems and constitutes an important tool in protecting our borders, reducing entitlement fraud, enforcing our laws, securing networks and facilities and protecting personal information from unauthorized access.
The press release headline “Automated Biometric Recognition Technologies Inherently Fallible,” has been seized on by the media and has generated the perception that biometrics are simply not ready for “prime time.” The gist of the argument is the inherently “probabilistic” nature of biometric matches, which the report’s press release and summary highlight as a key weakness of biometric systems.
The report is correct to say that the outcome of an automated match between two biometric records is based on similarity scores that represent “probabilistic” results. However, similar uncertainties exist in other automated identification mechanisms like PINs, passwords, or tokens that can be lost, stolen, guessed, hacked or loaned to another person. Probabilistic results are nothing new in our world because there is no such thing as 100% certainty. For example, prescription medications carry a certain probability of health risks, but the overall benefit to society far outweighs these risks. IBIA believes that for many useful applications, biometric technology is appropriate, effective, accurate and reliable and is being widely deployed today. Here are three examples:
- Tens of millions of notebook computers shipped in the U.S. now include biometric sensors as an embedded feature to protect the owner’s sensitive files and personal information from unauthorized access. Similarly, biometrically-enabled smart phones and other mobile devices that provide biometric data protection are now being introduced in the U.S. after achieving widespread acceptance in international markets like Asia.
- According to a recent news release from the Department of Homeland Security (DHS), the Secure Communities initiative, which uses biometric information and services to identify and remove criminal aliens in state prisons and local jails, has resulted in the arrest of more than 59,000 convicted criminal aliens this year alone, including more than 21,000 convicted of major violent offenses like murder, rape, and the sexual abuse of children. We can thank biometrics for the fact that these criminal aliens are no longer walking around freely in our society.
- Department of Defense (DoD) directive 8521.01E issued in 2008 states that “Biometrics is an important enabler that shall be fully integrated into the conduct of DoD activities to support the full range of military operations.” Biometric technology is being used more and more by the military to protect our bases from unauthorized entry by evil-doers carrying fake credentials – as was the case in the Ft. Dix terrorist attack plot in 2007. In addition, our combat troops rely on biometric technology to help identify insurgents and combatants in places like Afghanistan where the enemy wears no uniform and blends into the population. Biometric technology is protecting our soldiers who are in harm’s way.
If one reads beyond the release and summary into the body of the report itself, the authors clearly recognize that “Biometric systems perform well in many existing applications” and that “biometric technologies appear poised for broader use.” “There is no question that biometrics in the real world contributes significantly to effective identity systems,” said Walter Hamilton, IBIA’s Chairman and President.
IBIA appreciates the work and dedication of the writing committee and those that provided input to the work effort including experts from the biometrics industry. We agree with many of the findings in the body of the report and believe that the content provides useful guidance on designing and implementing effective identity systems based on biometric technology. We also support the report’s recommendations for further research into biometric technology and systems that will continue to advance the state of the art of biometric technology. We do note, however, that the bulk of the committee’s fact-finding took place between 2004 and 2006; and there have been significant advancements in the technology, testing processes and standards for biometrics since that time.
IBIA believes that the report would have been more useful as a reference document to guide future biometric implementation and research if the press release and summary had framed its analysis in a real world context. Since “biometric technologies are poised for broader use,” a more balanced approach, outlining the benefits and challenges of biometrics, would have been more constructive for the identification technology industry and for a society that increasingly relies on biometrics for its security.
Okay, the biometric sensor on my notebook has never worked, despite replacement. I don’t care what people “believe” and am, I think, properly skeptical in accepting the “experience” of those who have a vested commercial interest in a product. The probabilistic nature of the matches is, indeed, cause for concern, and comparing two four-digit sequences is nowhere near as complex or fraught with error risk than comparing two biometric measures.
Our country has leapt into some security or identity measures, full tilt boogie, before it has adequately looked. While companies try to sell us that their neuroscientific protocols can detect truth or state of mind, while others run around claiming that they are going to screen airline passengers based on behavior (which presumes a science of behavior that is far advanced of our actual current scientific knowledge), and while others make claims about what “science” supposedly supports, let’s be a lot more skeptical and critical in examining the data and error risks. Although a Type II error (failure to detect) could have grave security consequences for society, a Type I error also can have grave consequences for the individual incorrectly identified.