While some of the myths, claims and counterclaims of biometrics are, no doubt, based on an element of historical or scientific truth, some are now so out of date or inaccurate that they are almost laughable. Here are my top six …
Myth Number One: It’s modern
The first myth that needs to be dispelled is that biometrics is a modern-day idea. Despite its high-tech glitzy image, the principles behind the technology can actually be traced right back to Egyptian times, when workers building the great pyramids were not only identified by their name, but also their physical size, face shape, comple-xion and other noticeable features, such as scars.
It may have taken the next four-and-a-half thousand years to really get going (see panel “A brief history of biometrics”, right), but the technology is now experiencing a ‘hockey stick’ adoption curve with governments, hospitals, schools, airports, retail outlets and modern offices all successfully using this remarkably straightforward empowering technology.
The problem with such a rapidly emerging industry is that many people are elevated to the position of “expert” almost overnight. This can be a particularly dangerous situation – especially when the expert used to be the company salesman or marketing executive.
This scenario has led to some of the industry’s best technological fallacies, which can either be put down to pure ignorance, or worse, the stirring up of malicious rumours in order to gain competitive advantage. Take for instance:
Myth Number Two: It’s invasive
Iris recognition devices use lasers to scan your eyes. This damaging rumour is completely without substance, although the confusion is understandable given that the first company to produce such a system called itself IrisScan (now renamed as Iridian Technologies).
In fact an iris recognition camera takes a black and white picture from up to 24 inches away and uses non-invasive, near-infrared illumination (similar to a TV remote control) that is barely visible and very safe.
Myth Number Three: Stolen body parts!
This is also a classic, and has been seized upon by many a Hollywood director, who are not known for letting the true facts cloud a good storyline.
With most biometric devices there is an element of liveness detection, which can measure many variables, from a finger pulse to a pupil response. This would normally be enough to prevent the system from working once the body part had been removed. However, other factors quickly come into play. For example, an extracted (or enucleated) eyeball quickly begins to decompose, with the cornea clouding over and obscuring the iris. A severed finger also dies rapidly – typically becoming useless after around 10 minutes.
So now … new myths:
Myth Number Four: Faint fingerprints
Fingerprint technology also gives us number four on the list of myths. This relates to the inability of the technology to enrol or verify the identity of some children or women due to small fingers with faint fingerprints. This myth is relatively new, because until a few years ago it was a reasonable criticism of the technology. However, recent advances in imaging have led to far greater resolutions being achieved by fingerprint sensors, so boosting a biometric system’s ability to extract the pertinent information required to create a biometric template of that person.
Children, in particular, seem to hold no fear of the technology, believing it to be “cool”. It may be surprising to learn that at least 1,300 primary schools in the UK are using fingerprint technology to replace old-fashioned password-based systems in their libraries. The interesting spin off benefit here is that so many children want to use the technology that the number of books taken out increases dramatically.
Myth Number Five: A police record
Number five on the list relates to the belief that fingerprint information captured by a commercial fingerprint system could somehow be used in a criminal investigation. This myth stems from a misunderstanding of how a biometric system typically works in a commercial environment.
Almost none of the available commercial fingerprint-based systems store the entire image of a fingerprint. Rather, they extract information from that fingerprint to create a mathematical representation or template. This template, which is often encrypted, is designed so that it cannot be reverse engineered to reconstruct the original fingerprint image, and so is useless information to the police, or indeed a hacker. (The feeding of identical template data to a fingerprint system’s matching engine by a hacker will normally fail, as this is almost a sure indication that the data has been stolen and that a replay attack is underway.)
In a non-commercial biometric system, such as the recently announced US-VISIT system, which is being installed to monitor the comings and goings of foreign nationals in the USA, the situation is different, with full fingerprint and facial images being acquired and stored. This information can and has led to the arrest of more than 500 people since January 2004.
Myth Number Six: The ‘silver bullet’
The final myth is perhaps the most important. So often, biometrics are touted as the silver bullet that will rid the world of evil. Again, this is to over-estimate and misunderstand the abilities of biometric technology.
For instance, contrary to common belief, biometric systems are not able to confirm with any level certainty the true identity of a person. Rather, they are able to confirm whether this is the same person that initially enrolled into the system. The person’s true identity is irrelevant to the biometric system. Confirming a person’s true identity is far more a question of checking the validity of an individual’s official identification documents, such as birth certificates or driving licences.
Biometric technologies are also unable to perform miracles. If a government doesn’t have a quality photograph of a known terrorist suspect, then the chances of stopping that person at a checkpoint using facial recognition are slim.
All that said, biometrics can play a valuable assisting role in the fight against organised crime and terrorism, but it must be part of a holistic approach, which uses many different strands of information.
From myth to reality
While there are many other myths plaguing the biometric industry, the good news is that the technology has been able to rise above them to claim its place at the security top table. The benefits of the technology have just been too attractive to let unfounded myths get in the way.
Some of today’s best biometric systems are saving organisations time and money, while helping to raise the security bar to new heights. For example, ‘door-to-desktop’ systems are now appearing, which merge an organisation’s physical access control system at the front desk with its network of computer terminals around the building. This enables an employee to replace cumbersome tokens and passwords with their fingerprint, turning the premises into a truly smart environment.
In the past, pundits have talked about mainstream biometric adoption being years away. Today, with smart passports just around the corner, and adoption rapidly increasing in places such as hospitals, schools and airports, new estimates are being measured in months. The myth that biometrics will never become a mainstream technology is truly being smashed.
About ISL Biometrics
ISL Biometrics is a market leader in the design and manufacture of biometric security middleware and software appliques.
ISL has developed a range of quality, easy-to-install, easy-to-support biometric security solutions. SentriNET is a biometric-based user authentication scheme for Windows or Novell Netware operating systems, Web or ODBC compliant applications, providing biometric authentication and verification techniques with options for smart card or USB token authentication (with/without PIN) for workstations, networks, applications, data as well as physical access control. ISL Biometrics supplies to both government and private sector organisations through our worldwide channel partners.
