Report questions biometric technologies

Oct 05, 2010 By Dan Vergano

Television cop shows love "biometric" technologies -- fingerprints, eye scans and so on -- but a blue-ribbon panel report calls for caution on widespread use of biological identification.

Released by the National Research Council, the "Biometric Recognition: Challenges and Opportunities" report, headed by HP Labs distinguished technologist Joseph Pato, concludes all biometric are "inherently fallible."

"A lot of things possible on a TV series just don't work that way in real life," says panel member Bob Blakley of Gartner, a computer in Stamford, Conn. "While there are lots of good uses for biometric recognition, there are lots of ways to create systems that waste time, cost too much and don't work very well."

Fingerprints are the best-known example of biometric recognition markers -- physical traits that can serve to identify people reliably, such as facial features, voice, signature and even walk.

"Biometric recognition has been applied to identification of criminals, patient tracking in medical informatics and the personalization of social services, among other things," notes the report, released Sept. 24.

Federal agencies such as the FBI and the Department of Homeland Security are funding research in improved biometric screening, but the report cautions they're not doing basic research into whether the physical characteristics involved are truly reliable or how they change with aging, disease, stress or other factors. None look stable across all situations, the report says.

Deployment of biometric screening devices at airports, borders or elsewhere without understanding the biology or the population being screened will lead to long lines, false positives and missed opportunities to catch criminals or terrorists, the report says.

"No system is infallible. There is no silver bullet," says Marc Rotenberg of the Information Center in Washington, D.C. "We have to test our security strategies carefully, or there will be a lot of taxpayer money wasted on systems that disappoint us."

Brandon Mayfield, a 44-year-old attorney from Oregon, is an example of the problem. A partial fingerprint from the 2004 Madrid subway bombing that killed 191 people was said by the FBI to match Mayfield's, which led to his arrest.

A judge later found the fingerprint match was only a slight one and for the wrong finger, ordering Mayfield released. The FBI apologized for the arrest, and Mayfield won $2 million in damages.

The FBI's nationwide fingerprint system has generally worked very well, leading to the arrests of fugitives, the report says. "But the key message is that even a very accurate technology can yield bad results if it is turned to the wrong problem," Blakley says, such as using time-consuming technologies to screen large numbers of people.

For that reason, the report calls for open and independent testing of biometric screening technologies before they are placed into widespread use. Cultural factors such as how long people are willing to wait in line for screening, as much as raw accuracy, will determine whether a particular kind of biometric recognition system will work.

"Too many false positives, and guards will just stop believing in the system and let the wrong people through," Blakley says.

Explore further: Security CTO to detail Android Fake ID flaw at Black Hat

5 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Fingerprints replace keys

Jan 31, 2005

The Finnish company Deltabit Oy is creating awareness of access-control systems that are replacing traditional keys. A fingerprint already opens the door to keep-fit rooms at Tampere, Finland. Deltabit Oy has been developing sys ...

Fingerprints and faces can be faked, but not brain patterns

Feb 05, 2009

(PhysOrg.com) -- Sensors able to identify individuals’ brain patterns and heart rhythms could become part of security systems which also use more traditional forms of biometric recognition, thanks to pioneering work being ...

Biometric science seeks to avert identity crisis

Feb 20, 2006

Two things are certain about biometrics: It is the hot buzzword in identity management for convenience and protection from terrorists and identity thieves – and it's not foolproof.

Recommended for you

Security CTO to detail Android Fake ID flaw at Black Hat

12 hours ago

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

User comments : 0