Biometric systems — designed to automatically recognize individuals based on biological and behavioral traits such as fingerprints, palm prints, or voice or face recognition — are “inherently fallible,” says a new report by the National Research Council, and no single trait has been identified that is stable and distinctive across all groups. To strengthen the science and improve system effectiveness, additional research is needed at virtually all levels of design and operation.
“For nearly 50 years, the promise of biometrics has outpaced the application of the technology,” said Joseph N. Pato, chair of the committee that wrote the report and distinguished technologist at Hewlett-Packard’s HP Laboratories, Palo Alto, Calif. “While some biometric systems can be effective for specific tasks, they are not nearly as infallible as their depiction in popular culture might suggest. Bolstering the science is essential to gain a complete understanding of the strengths and limitations of these systems.”
Biometric systems are increasingly used to regulate access to facilities, information, and other rights or benefits, but questions persist about their effectiveness as security or surveillance mechanisms. The systems provide “probabilistic results,” meaning that confidence in results must be tempered by an understanding of the inherent uncertainty in any given system, the report says. It notes that when the likelihood of an imposter is rare, even systems with very accurate sensors and matching capabilities can have a high false-alarm rate. This could become costly or even dangerous in systems designed to provide heightened security; for example, operators could become lax about dealing with potential threats.
The report identifies numerous sources of uncertainty in the systems that need to be considered in system design and operation. For example, biometric characteristics may vary over an individual’s lifetime due to age, stress, disease, or other factors. Technical issues regarding calibration of sensors, degradation of data, and security breaches also contribute to variability in these systems.
Biometric systems need to be designed and evaluated relative to their specific intended purposes and the contexts in which they are being used, the report says. Systems-level considerations are critical to the successful deployment of biometric technologies. Effectiveness depends as much on factors such as the competence of human operators as it does on the underlying technology, engineering, and testing regimes. Well-articulated processes for managing and correcting problems should be in place.
The report notes that careful consideration is needed when using biometric recognition as a component of an overall security system. The merits and risks of biometric recognition relative to other identification and authentication technologies should be considered. Any biometric system selected for security purposes should undergo thorough threat assessments to determine its vulnerabilities to deliberate attacks. Trustworthiness of the biometric recognition process cannot rely on secrecy of data, since an individual’s biometric traits can be publicly known or accessed. In addition, secondary screening procedures that are used in the event of a system failure should be just as well-designed as primary systems, the report says.
The report identifies several features that a biometric system should contain. Systems should be designed to anticipate and plan for errors, even if they are expected to be infrequent. Additional research is needed in all aspects of design and operation, from studying the distribution of biometric traits in given populations to understanding how people interact with the technologies. In addition, social, legal, and cultural factors can affect whether these systems are effective and accepted, the report says.
The study was funded by the Defense Advanced Research Projects Agency, the Central Intelligence Agency, and the U.S. Department of Homeland Security, with assistance from the National Science Foundation. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, nonprofit institutions that provide science, technology, and health policy advice under a congressional charter. The Research Council is the principal operating agency of the National Academy of Sciences and the National Academy of Engineering. A committee roster follows.
Copies of Biometric Recognition: Challenges and Opportunities are available from the National Academies Press; tel. 202-334-3313 or 1-800-624-6242 or on the Internet at http://www.nap.edu. Reporters may obtain a copy from the Office of News and Public Information (contacts listed above).
Contacts: Molly Galvin, Senior Media Relations Officer
Christopher White, Media Relations Assistant
Office of News and Public Information
202-334-2138; e-mail <[email protected]>
[ This news release and report are available at http://national-academies.org ]
NATIONAL RESEARCH COUNCIL
Division on Engineering and Physical Sciences
Computer Science and Telecommunications Board
Whither Biometrics Committee
Joseph N. Pato (chair)
Vice President and Research Director
Burton Group Identity and Privacy Strategies
Research Staff Member
IBM Research, Almaden
San Jose, CA.
Joseph P. Campbell
Senior Member of Technical Staff
Information Systems Technology Group
MIT Lincoln Laboratory
George T. Duncan
Professor of Statistics, Emeritus
H. John Heinz III College
Carnegie Mellon University
George R. Fisher
George Fisher Advisors LLC
Steven P. Goldberg*
James and Catherine Denny Professor of Law
Georgetown University Law Center
Peter T. Higgins
Higgins & Associates, International
Peter B. Imrey
Department of Quantitative Health Sciences
Professor of Medicine
Cleveland Clinic Lerner College of Medicine of Case Western Reserve University
Anil K. Jain
University Distinguished Professor
Department of Computer Science and Engineering
Michigan State University
East Lansing, MI
Design and Engineering
Walt Disney World
Lake Buena Vista, Fla.
Lawrence D. Nadel
Falls Church, Va.
Office of Graduate Studies and Research
San Jose State University
Pebble Beach, Calif.