Identity crisis

After September 11, many have been touting biometric systems as the panacea for global security – but experts doubt if they’re really up to the job. Andrew Lee reports.

The UK government is urging the industrialised world to deploy biometric technologies in the fight against fraud, international terrorism and illegal immigration.

Biometric systems use a unique human characteristic such as a face, voice or iris pattern to authenticate identity, and are viewed by ministers as an answer to a host of seemingly insoluble problems. The Home Office plans to introduce passports that carry biometric information by 2005. However, the technology has many critics who point to a number of serious flaws including new opportunities for criminals to steal another person’s identity with devastating effect.

Although the government is still reviewing the results of its own consultation on the subject, the biometrics bandwagon is now rolling. Last month, home secretary David Blunkett won the agreement of other G8 members to consider its introduction. But as yet his department has failed to answer any of the questions posed over the technology’s reliability and its ability to cope with the sheer scale of mass deployment.

Scarcely a week has passed in 2003 without a headline-grabbing announcement of a new initiative to improve the security of the public, the business community or the state. Technology has been touted as the key to, among other things, curbing illegal immigration, cutting credit card fraud, stopping terrorists in their tracks and exposing false benefits claimants.

UK passports, driving licences and social security ‘entitlement cards’ could all contain biometric elements within a few years. And last month, the US Department of Homeland Security announced it had decided to begin implementing biometric technology at border control points by the end of next year. The specifics of the scheme have yet to be finalised, but officials have indicated that fingerprint and facial-recognition equipment would be installed at some points of entry including airports, seaports and border crossings.

Biometrics first sprang to wider attention following September 11, when it was seen as a possible quick fix for the security nightmare of the global aviation industry. The emerging biometrics industry is well aware of the expectation – some could say hype – surrounding its products. It is always helpful to a field of technology when a momentum builds up behind it, but some experts are counselling extreme caution.

Joe Grand, an electronics engineer with long experience in security technologies, said placing too much faith in biometrics would be a mistake. ‘Like all technologies these systems have their strengths and weaknesses,’ said Grand, who has carried out work for the US government, military and the National Security Agency. ‘When you are applying a technology, specifically security, I think you have to be extra cautious and even a bit paranoid over what you are getting.’

According to Grand, the biometrics industry is more than happy to bask in the limelight created by current world security tensions, in a few cases employing what he labelled ‘scare tactics’ to hasten adoption of their systems.

‘I see a lot of companies really going all out to push this technology. They’re trying to create a market, which is understandable. But if you just trust what a manufacturer tells you, you could open yourself up to all sorts of security weaknesses.’

The problem, according to Grand and other ‘friendly sceptics’ of biometrics, is that many of the systems currently available are simply not as secure as many would like to believe. ‘There are known methods to bypass many of them,’ he said, listing holes in the security of supposedly foolproof technologies exposed by enterprising and mischievous researchers.

In one of the more celebrated recent examples, Japanese engineering professor Tsutomu Matsumoto last year created ‘fake fingers’ from gelatine in a bid to fool fingerprint scanners. According to Matsumoto, his dummy digits baffled the biometric scanners 80 per cent of the time – a failure rate that goes beyond poor and into the realms of disastrous.

Even more alarmingly, Matsumoto and his team did not need to rely on access to actual fingers to work their trickery. The researchers used a combination of digital photography, graphics software and copper etching to lift people’s fingerprints left on glass and create fake fingers with exactly the same ability to fool the biometric scanners.

According to Grand, this ability to purloin the crucial element of the entire biometric system – the human characteristic itself – is one of the more worrying prospects if biometrics are to be applied on a mass scale. Once that key indicator is lost, stolen or otherwise compromised the situation may be irretrievable for the individual concerned (see sidebar). In a potential future in which biometrics control access to many everyday services, that would be nothing short of a disaster.

Some of those most closely involved in the field of biometrics technology are open about the limitations of the systems if attempts are made to apply them on a national or even global scale. Bob Carter, formerly an R&D specialist at international security printing giant De La Rue, is now chair of IST44, a group that aims to bring together industry, academia and the government to represent the UK and establish formal international biometric standards.

Carter said a biometrics-based national identity scheme would be extremely hard to establish owing to natural factors occurring within populations. ‘There’s nowt so queer as folk, and folk have a habit of screwing up the most advanced system,’ said Carter, who gave one of the lesser known quirks of human physiology as an example.

‘Around one in 70,000 people don’t have an iris and some others only have part of one, though this doesn’t affect their vision. Though iris recognition is very accurate, it therefore doesn’t suit a scheme that seeks to identify the entire population,’ he said. ‘I also have yet to see a system that can identify a face within a database of 2.5 million images. The system becomes less accurate as the numbers go up.’

According to Carter, the small but significant flaws in each strand of biometrics make their use in isolation more risky, even allowing for the fact that they must also respond quickly enough to be practical in mass-screening applications. ‘Basically, a biometric system based on one technology won’t work,’ said Carter. ‘Anything that will be used on people queuing at ports and the like must have a response time of three to four seconds.’

This argument leads to what many see as the nub of the issue: if relying on one biometric indicator is suspect, then two, three or even more will have to be used. A combination of fingerprint, iris, voice and face, for example, would surely be beyond foolproof in establishing identity.

Such multi-layered systems, however, would take biometric deployment into new realms of complexity and cost. This inevitably begs more questions over whether they could work on a mass scale and if the monetary price would be worth paying.

Kush Wadhwa, European director of International Biometric Group, a consulting and integration specialist in biometric technologies, said the performance of the systems has come a long way in the past decade, but claimed they would still struggle tofulfil some of the more ambitious expectations being heaped on them.

The hardware elements of bio-metric systems have certainly improved,he said. ‘As recently as five years ago we would carry out testing ondevices that would instantly fail. One actually caught fire during the testing process.’

Also, as biometrics have matured as a distinct strand of technology, said Wadhwa, systems have become more robust. Successful matches have increased, error rates have dropped. Wadhwa pointed out that the most venerable biometric technology of them all – fingerprint identification – accounts for about half of the current biometric systems in use around the world.

The other 50 per cent is made up of the systems causing all the current stir such as voice, iris or facial recognition. ‘These are relatively new, and with these technologies it is important to think about what specific job you want them to do.’

According to Wadhwa, current biometric systems are quite capable of carrying out everyday functions such as controlling access to an office. What is less clear is their ability to fulfil the gigantic, society-wide security operations they are currently beinglined up for.

‘When you are talking about dealing with tens of millions of people, there is actually no evidence that they will be able to scale up to fulfil the types of applications being talked about,’ said Wadhwa. ‘On the other hand, there is no evidence against them. At that sort of scale we just don’t know.’

At the level being talked about by some biometrics evangelists, said Wadhwa, cost also becomes an issue. ‘One fingerprint access control system for one door to a laboratory could cost as little as $500 (£300),’ said Wadhwa. ‘Deployment to millions of people is another matter. Even though the cost of individual devices for biometric systems is coming down, when you scale up deployment to that extent the total cost of ownership is the important thing.’

Wadhwa believes ‘cost of ownership’ – the money that has to be spent to deploy biometric technologies on a large scale – will need to be given careful thought if they are to be widely implemented in the public sector.

For the private sector, the return on investment may be easier to calculate. For governments or individual state agencies, the equation becomes more complicated.A spokesman for the Home Office said biometrics will be increasingly used in the UK, particularly to improve the effectiveness of immigration controls. With regard to the proposed national identity or entitlement card, he said the government would need to be satisfied that the technology was sufficiently mature and reliable, could beimplemented at a cost which justified the benefits, and was acceptable to the public.

Biometrics may be held out internationally as a way of protecting the public. But if the taxpayers of the UK and other countries see the costs spiralling – as government-led technology projects have a habit of doing – they will expect the systems they are paying for to be as good as foolproof. At that stage, some of the more hysterical claims made for biometric technologies may start to look rather ill-advised.

Sidebar: A hacker’s paradise: not enough work has been done to make the systems failsafe

by Helen Knight

The use of biometric information as a security measure could provide criminals with easy access to personal bank accounts, a specialist in the technology has warned.

In the personal finance sector demand for biometric technology is being driven by consumers dislike of memorising PIN numbers, said Dr. Alan Brett, technical services director at Stockport-based Image Metrics, which develops software for use in biometric systems. But criminals could hack into a database and change the identity attached to a person’s biometric details, or steal that information, giving them access to the victim’s bank account funds, he warned.

If fingerprints are used in place of a PIN number to provide access to personal accounts over the internet, criminals would simply need to steal a person’s biometric template, he said. ‘Rather than putting a finger on the keypad, the criminal could simply steal your biometric template and send that down the wire as identification.’

While a person’s PIN number can be easily changed should a criminal get hold of the number and cash card, changing biometric information is not possible, said Brett. ‘If I’m using a PIN number, and I find someone is hacking into my account, I can change the PIN and start again. But I can’t change my fingerprint – you can’t just wipe somebody’s biometric data and start again, because it’s part of them.’

Transport for London’s congestion charging initiative is facing a similar problem, with some people replacing the number plates on their cars with one from a vehicle of the same make, model and colour, he said. ‘It’s then very hard to prove that it’s not me that’s going in and out of that controlled area, because the camera shows that it’s the same make, model and colour of car, with my number plate on it. And you only find out when the fine arrives through the post. As with any other kind of identity theft problem, you end up with the burden of proof on the person who’s identity has been stolen.’

Secure building access systems based on biometric technology such as iris scanning could also be defeated by determined terrorists or thieves. Hackers could gain access to the system’s database and swap their biometric details for those of someone cleared for entry.

The security industry has begun to wake up to the threat of ‘spoofing’, where photographs are held up to facial recognition cameras or rubber moulds of fingers are used with fingerprint systems, and is beginning to come up with solutions. But as yet the issue of hacking into databases to alter identities has not been addressed, said Brett. Not only will the database itself need to be protected to ensure hackers cannot gain access to personal details, but the process of moving biometric information such as fingerprint codes around the network will also need to be extremely secure.

Sidebar:Public acceptance will come in three to four years

In defence of biometrics, Clive Reedman, chairman of the Association for Biometrics (AfB), said it is users not the systems that are to blame when things go wrong.’There is a tendency among critics to lump all technologies together,’ he said. ‘They may have a common aim, but they are quite diverse and are all at different stages of development. There isn’t a single system that will fit all applications, but if something goes wrong everything tends to be tarred with the same brush. It all comes down to project management and picking the right technology for the job.’

The AfB was originally set up by the DTI in the 1980s to encourage the development of biometrics in the UK, but later became a non-governmental organisation. Reedman said that widespread public use and acceptance would come to the UK in as little as three to four years, once the public accepted that a biometric scan was more convenient and secure than password use.

‘Government use of systems for passports, ID cards and driving licences will make the public aware, but the mass market boom will also spread from the Far East,’ he said. ‘The cost of biometric sensors is falling and companies are now incorporating them in goods such as laptops, with PDAs and mobiles following soon. Microsoft’s newly-released Windows 2003 supports biometrics as well. Replacing passwords with a whizzy system will sell the idea on convenience, as well as a realisation that people are protecting themselves from phone theft and reuse. Identity fraud is also on the rise, but if a biometric confirmation were required by banks and the like people would know their safety was being protected.’

Schemes such as Florida’s Face in a Crowd system – where facial recognition was used for crowd control without prior public consultation, causing outcry – may have led to mistrust. But, according to Reedman, the UK’s experience has shown that these systems can be popular. ‘The London Borough of Newham consulted the public on installing facial recognition-enabled CCTV and residents are now calling for the system’s expansion,’ he said. ‘Making sure that the system wasn’t installed in a Big Brother manner worked.’

Meanwhile, flaws in the system have been exaggerated. ‘People get hung up on the idea that a plastic finger can break biometric measures,’ said Reedman. ‘In the real world making something like this would take a lot of effort and require the collusion of the victim. If this type of attack was a risk, the company should use a multimodal system as part of a layered approach. As for attacks on an ATM, isn’t it more likely that a mugger will simply attack after money has been withdrawn rather than go to the trouble of removing someone’s hand or eye, which will be foiled by the live-scan aspect of the technology anyway?’