Overview

This note looks at biometrics, technologies for recognising - and thereby authenticating or screening - people on the basis of innate physical characteristics such as fingerprints, iris pattern, DNA or gait. It provides background information, discusses particular technologies and applications, points to emerging standards and explores issues of particular concern.

It supplements the discussion of security, privacy, passports, identity theft and other matters elsewhere on this site.

    this note

The note comprises -

• this overview - considering the nature of biometrics, three major uses and major publications
• history - the history of biometrics (from bertillonage and dactyloscopy to iris scanning, DNA analysis and beyond)
• issues - privacy, effectiveness, discrimination, repudiation and other issues
• industry and standards - the biometrics 'government-industrial complex' and standards
• faces - retina and iris scanning, thermal imaging, and earlobe and facial geometry biometrics
• hands - fingerprint, palm and other 'hand' biometrics
• kinetics - dynamic signature verification, keystroke, gait, voice and other kinetic or 'behavioural' biometrics
• chemistries - DNA and more esoteric biometrics such as skin reflectance, body salinity, blood chemistry, neural activity and body odour
• comparison - comparisons of the major technologies
• registers and responses - fingerprint databases, DNA registers and civil society responses
• culture - biometrics in popular culture.

    introduction

Biometrics technologies and applications have attracted increasing attention over the past two decades (in particular since the events of '9/11') because of -

• advances in computation and imaging
• the receptiveness of decision-makers in government and business to solutions, substantive or otherwise, for perimeter control, the identification of criminals, reduced identity theft or forgery and enhanced security in electronic transactions
• media coverage that has reflected both claims made by vendors (or those seeking research/commercialisation funding) and utopian/dystopian visions in science fiction
• access to public and private capital for biometrics research and development, fuelling recurrent biometrics booms

Biometrics establish identity by recognising an individual's physiological characteristics, in particular those - such as fingerprints - that are innate to the person, are unique and do not change over time. Early biometric technologies were based on manual recording and referencing of data but data collection, analysis and matching is increasingly automated. Digital biometric schemes centre on pattern recognition based on acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing that set against a template in one or more databases.

In principle any physiological or behavioural characteristic can form the basis of a biometrics scheme if it satisfies the following requirements -

• universality - every individual should have the characteristic (eg fingerprints)
• distinctiveness - any two individuals should be sufficiently different in terms of the characteristic
• persistence - the characteristic should remain sufficiently unchanged over a life (in practice, unchanged during adulthood)
• collectability - it should be feasible to readily determine and quantify the characteristic

Outside the laboratory a biometric scheme should satisfy other requirements -

• acceptability - individuals should accept use of a specific biometric identifier
• performance - encompassing factors such as accuracy, speed (including time preparing people for encounters with the technology) and the resources required to achieve the desired recognition
• scalability - the scheme should encompass more than one individual, in some circumstances involving millions of individuals
• non-invasiveness - allowing capture of information without damaging an individual's physical integrity and ideally without special preparation by/of an individual
• robustness - it should accommodate environmental and operational variation (eg the technology copes with noise, humidity, individuals whose occupations obscure particular identifiers)
• cirumvention - the scheme should be similarly resistant to deliberate manipulation by those seeking to evade or delay recognition (ideally harder to circumvent than systems that it replaces/supplements).

Biometrics schemes have thus encompassed recognition on the basis of fingerprint, voice, retina and iris, patterns, facial geometry, earlobe patterns, thermal imaging of body parts (head, torso, hand), gait (walking style), antibody signatures, subcutaneous bloodvessel patterns, typing/writing style, DNA, blood chemistry, heart rhythm and even body odour.

In practice no biometric measure fully has all the ideal properties. As discussed later in this note identifiers change over time (or merely become harder to identify as people age), not all individuals have all characteristics, 'acceptability' is in the mind of the user, some identifiers are not readily captured (or captured with the desired accuracy) and there are substantial similarities between individuals.

    three uses of biometrics

Biometrics has three broad uses -

• verification, ie confirming another identifier such as a password, PIN or photograph
• identification, providing a discrete identifier (or identifiers) that are independent of what the individual knows/remembers (eg a password) or what the individual carries (eg an identity document or card)
• screening, enabling surveillance and sorting of groups of people (eg finding a person in a crowd or selecting travellers for detailed examination of passports)

Enthusiasts have sometimes characterised biometrics as an exact science, with no (or very low) scope for faulty identification and thus a low-cost replacement for existing administrative protocols or a silver bullet solution for some of the more pressing authentication challenges of a networked economy. It is claimed to produce quick, objective, documented, reliable and non-invasive results ranging from protection of an individual laptop to management of an electronic border traversed by millions of people.

Critics have assailed it as necessarily sinister - a tool of Big Brother or even Satan - or as a blunt instrument overly susceptible to misuse. Others have succinctly dismissed it as an answer in search of a question.

In practice, many of the technologies have been oversold, may not emerge from laboratories and are best used in conjunction with solutions rather than as a problem-free replacement. There is significant potential for misuse and, more subtly, for waste through a concentration on a technological fix without due consideration of its social, legal and economic context.

Julian Ashbourn, author of Practical Biometrics: From Aspiration to Implementation (Berlin: Springer 2004), comments that

We must be especially wary of attaching too much significance to the word 'biometrics'. ... Biometrics do not prove that you are who you say you are. Biometrics will not defeat terrorism. Biometrics do not enhance privacy. Biometrics will not rid the world of organised crime. Biometrics will not prevent identity theft. Biometrics will not solve the issue of large scale economic migration. Biometrics will do none of these things. Intelligently conceived policies and good government will go a long way to achieving such worthy goals, but it is the intelligently conceived policies and good government which will make the difference – not the biometrics. A biometric is simply a useful aid with which to facilitate personal identity verification, itself a small component of a larger raft of measures and processes which, together, form an intelligent security, border control and provision of social services policy. Any single initiative must stand on its own merits, without using the word 'biometrics' as a crutch.

    orientations

There are few published overviews of significance; most of the literature is narrowly technical and devoted to specialities such as retina scanning or offerings from individual vendors.

Recommended introductions are -

• Guide to Biometrics (Berlin: Springer Verlag 2004) by Ruud Bolle,
• Biometrics: Advanced Identity Verification: The Complete Guide (Berlin: Springer Verlag 2000) by Julian Ashbourn,
• Biometrics (Emeryville: McGraw-Hill/Osborne 2003) by John Woodward
• Biometrics: Personal Identification in Networked Society (New York: Kluwer 1999) edited by Anil Jain, Ruud Bolle & Sharath Pankanti
• Biometric Systems: Technology, Design and Performance Evaluation (Berlin: Springer Verlag 2005) by James Wayman, Anil Jain, Davide Maltoni & Dario Maio
• Dirk Scheuermann, Scarlet Schwiderski-Grosche & Bruno Struif's 2000 Usability of Biometrics in Relation to Electronic Signatures (PDF)
• Jonathan Cave's 2004 Economic Aspects of Biometrics (PDF).

Major government overviews include

2004 European Commission Joint Research Centre report Biometrics at the Frontiers: Assessing the Impact on Society For the European Parliament Committee on Citizens' Freedoms & Rights, Justice Home Affairs (LIBE) (PDF)

2001 RAND Army Biometric Applications: Identifying and Addressing Sociocultural Concerns study by John Woodward, Katharine Webb, Elaine Newton, Melissa Bradley & David Rubenson

2002 US National Academies IDs - Not That Easy: Questions About Nationwide Identity Systems report edited by Stephen Kent & Lynette Millett

For privacy aspects see in particular the Ontario Privacy Commissioner's 1999 discussion paper Consumer Biometric Applications.

The following pages of this note include pointers to academic, government and other studies regarding particular biometric technologies and issues.

   next part  (history)