AUTOMATED BIOMETRIC RECOGNITION TECHNOLOGIES 'INHERENTLY FALLIBLE,' BETTER SCIENCE BASE NEEDED
Sept. 24, 2010 — Biometric systems -- designed to automatically recognize individuals based on biological and behavioral traits such as fingerprints, palm prints, or voice or face recognition -- are "inherently fallible," says a new report by the National Research Council, and no single trait has been identified that is stable and distinctive across all groups. To strengthen the science and improve system effectiveness, additional research is needed at virtually all levels of design and operation. (See Full Report)
"For nearly 50 years, the promise of biometrics has outpaced the application of the technology," said Joseph N. Pato, chair of the committee that wrote the report and distinguished technologist at Hewlett-Packard's HP Laboratories,
Biometric systems are increasingly used to regulate access to facilities, information, and other rights or benefits, but questions persist about their effectiveness as security or surveillance mechanisms. The systems provide "probabilistic results," meaning that confidence in results must be tempered by an understanding of the inherent uncertainty in any given system, the report says. It notes that when the likelihood of an imposter is rare, even systems with very accurate sensors and matching capabilities can have a high false-alarm rate. This could become costly or even dangerous in systems designed to provide heightened security; for example, operators could become lax about dealing with potential threats.
The report identifies numerous sources of uncertainty in the systems that need to be considered in system design and operation. For example, biometric characteristics may vary over an individual's lifetime due to age, stress, disease, or other factors. Technical issues regarding calibration of sensors, degradation of data, and security breaches also contribute to variability in these systems.
Biometric systems need to be designed and evaluated relative to their specific intended purposes and the contexts in which they are being used, the report says. Systems-level considerations are critical to the successful deployment of biometric technologies. Effectiveness depends as much on factors such as the competence of human operators as it does on the underlying technology, engineering, and testing regimes. Well-articulated processes for managing and correcting problems should be in place.
The report notes that careful consideration is needed when using biometric recognition as a component of an overall security system. The merits and risks of biometric recognition relative to other identification and authentication technologies should be considered. Any biometric system selected for security purposes should undergo thorough threat assessments to determine its vulnerabilities to deliberate attacks. Trustworthiness of the biometric recognition process cannot rely on secrecy of data, since an individual's biometric traits can be publicly known or accessed. In addition, secondary screening procedures that are used in the event of a system failure should be just as well-designed as primary systems, the report says.
The report identifies several features that a biometric system should contain. Systems should be designed to anticipate and plan for errors, even if they are expected to be infrequent. Additional research is needed in all aspects of design and operation, from studying the distribution of biometric traits in given populations to understanding how people interact with the technologies. In addition, social, legal, and cultural factors can affect whether these systems are effective and accepted, the report says.
The study was funded by the Defense Advanced Research Projects Agency, the Central Intelligence Agency, and the U.S. Department of Homeland Security, with assistance from the National Science Foundation. The National Academy of Sciences, National Academy of Engineering,
_______________________________________________________________________
Copies of Biometric Recognition: Challenges and Opportunities are available from the National Academies Press; tel. 202-334-3313 or 1-800-624-6242 or on the Internet at http://www.nap.edu. Reporters may obtain a copy from the Office of News and Public Information (contacts listed below).
Contacts: Molly Galvin, Senior Media Relations Officer
Christopher White, Media Relations Assistant
Office of News and Public Information
202-334-2138; e-mail <news@nas.edu>
# # #
[ This news release and report are available at http://national-academies.org ]
NATIONAL RESEARCH COUNCIL
Division on Engineering and Physical Sciences
Computer Science and Telecommunications Board
Whither Biometrics Committee
Joseph N. Pato (chair)
Distinguished Technologist
Hewlett-Packard Laboratories
Bob Blakley
Vice President and Research Director
Burton Group Identity and Privacy Strategies
Gartner
Jeanette Blomberg
Research Staff Member
IBM Research, Almaden
Joseph P. Campbell
Senior Member of Technical Staff
Information Systems Technology Group
MIT
George T. Duncan
Professor of Statistics, Emeritus
H.
George R. Fisher
Principal
George Fisher Advisors LLC
Steven P. Goldberg*
James and Catherine Denny Professor of Law
Peter T. Higgins
Founder
Higgins & Associates, International
Peter B. Imrey
Department of Quantitative Health Sciences
Professor of Medicine
Anil K. Jain
University Distinguished Professor
Department of Computer Science and Engineering
Gordon Levin
Staff Engineer
Design and Engineering
Walt Disney World
Lawrence D. Nadel
Fellow
Noblis
James Wayman
Research Administrator
Office of Graduate Studies and Research
STAFF
Lynette Millett
Study Director
* Deceased