Anyone who saw the movie Minority Report remembers actor Tom Cruise's eyes. In the world of 2054, hidden devices scan his eyes, match his identity, and bombard him with hologram advertisements that address him by name. Ultimately, Cruise undergoes surgery to replace his eyes so he can hide from the law — but keeps his old eyeballs in a plastic bag so he can scan them to gain access to his former workplace.
The technology behind the movie's eye scan is called biometrics. It uses unique biological markers, such as fingerprints or the patterns of a hand, face or iris, to identify individuals. Unlike a password, personal identification number (PIN) or swipe card, biometrics cannot be lost, stolen, forgotten or easily forged. It is part of a person.
Biometrics is far from science fiction. It is rapidly emerging as a major part of security systems around military bases, nuclear facilities, airports and borders around the world. The federal government plans to use it to track foreign workers and visitors inside the United States. Overseas, the United Arab Emirates employs it to keep expelled foreigners from reentering its borders. Every day, biometrics enables tens of thousands of people to enter buildings and log onto computers.
The technology is advancing so fast, some parts of Minority Report may soon look outdated. Many biometric systems, for example, now distinguish between living and cadaver fingers, irises and eyes. Even Tom Cruise would have a hard time entering a building today with a set of eyeballs in a plastic bag.
The movie depicts a future where intrusive biometric readers have eroded privacy. This is far from a reality today. Yet emerging technologies, such as facial recognition, promise covert monitoring and identification in the near future. Moreover, a growing emphasis on standards will make it easier to exchange biometric data in the future. This may help identify terrorists, but it also raises privacy issues for ordinary citizens.
Biometrics have been science fact rather than fiction since 1901, when Scotland Yard and the New York Civil Service Commission began using fingerprints for identification. In 1930, the FBI set up its first national fingerprint file. Fingerprints have been associated with criminal identification ever since.
Biometrics might never have outgrown its role in criminal justice without modern electronics. Starting in the early 1980s, companies began digitizing fingerprints as mathematical formulas, or algorithms. Turning pictures into algorithms made it possible for computers to match fingerprints faster, cheaper and easier than humans could ever do.
Digitization was quickly adapted for use with other biometric technologies, which are also based on unique physiological characteristics. Hand geometry readers, for example, compare three-dimensional hand shadows; iris recognition systems, more than 250 distinct features.
As prices began to fall for electronics — scanners for fingerprints and hand geometry, digital cameras for iris and facial recognition, processor chips to analyze and compare current samples with database templates — biometrics began to penetrate the mainstream.
Biometrics are generally used one of two ways, for identification or for verification. Government agencies often use biometrics for identification, or one-to-many matching. Identification systems attempt to match a biometric sample against a large database in order to establish a person's identity. The federal government plans to use this type of system to track foreign workers and visitors inside the United States.
Strength and speed are important in identification systems. Strength refers to the degree to which a biometric is unique. Most experts agree that fingerprints and irises are both unique, while hand geometry is somewhat weaker. Facial recognition is weaker still because systems have a hard time matching changes due to facial hair and aging.
Speed counts when matching biometrics against millions of database templates. Damon Wright, who heads investor relations for biometric vendor Identix Inc., claims his company's facial recognition system requires less than 1 minute to search a database of 10 million driver's license photos. Running a fingerprint through the FBI's Integrated Automated Fingerprint Identification System (IAFIS), which has fingerprints of 43 million people, typically identifies 80 percent of its queries in fewer than 40 minutes, but some searches may last for 2 hours.
Verification, or one-to-one matching, is used to authenticate a person's identity against a login name, PIN, identification card or local database. Verification systems typically control access to buildings, computers and secure environments. Workers at American Express Co., for example, must provide a fingerprint to enter corporate headquarters. Mc-Donalds uses hand geometry to track worker time and attendance. Because its databases are much smaller than identification, verification usually takes no more than a second or two.
No biometric system works perfectly. Often, problems arise with the quality of the biometric. Fingerprints, for example, may never change, but dry skin, wet skin, dirt and cuts can obscure features. Poor illumination or thick bifocal eyeglasses may prevent full capture of iris information. A swollen eye or beard may foil a facial recognition device. These problems occur during enrollment, when technicians record a population's biometric data on database templates, and when individuals later use the system.
In the real world, then, using biometrics involves scoring how closely the current scan matches a database template. Systems are usually set up to verify an identity if the match exceeds a certain threshold score.
Picking this threshold often causes problems with false rejects and false accepts. A false reject occurs when the system denies access to someone it should allow to enter. A false accept occurs when the system incorrectly accepts a biometric.
"In order to keep the bad guys out, you want a sensitive system that has a low false accept rate," explains Bill Spence, marketing director for hand geometry developer Recognition Systems Inc. (Campbell, Calif.). "The problem is that the more sensitive you make the system, the more likely it will falsely reject people who do belong in a building.
"In a normal system, there are a lot more good guys than bad guys walking through. When the good guys don't get in on their first try, it causes problems. So security people begin adjusting the system to let them through. This can compromise security procedures and actually make it easier for a bad guy to slip past," says Spence.
The key, he says, is to find the right biometric with the best balance of sensitivity and reliability.
Fingerprints, which capture the fingertip's swirling ridges, are the most widely known and used biometric. They are strong identifiers and the optical and electronic scanners used to capture them are the least expensive of any biometric sensor. As a result, fingerprint systems are small and cheap enough to put on doors and PCs. Developers are even working on small sensors for cell phones and personal digital assistants (PDAs).
Fingerprints can be digitized in one of two ways. Originally, algorithms used in forensic databases described the location and distance between minutia, the points where fingertip ridges break apart or end. Because minutia have fine details, they must be captured by sensors with resolutions of at least 500 dots per inch (dpi), similar to the output of a good office laser printer.
Over the past decade, developers have sought to analyze the patterns of larger portions of the finger. They typically break the finger into a grid and looking for easily imaged features. "We don't look at fine features, which can be obscured by cuts or dirt," says Colin Soutar, chief technology officer of Bioscrypt Inc. "We look for larger patterns in the overall image. Our algorithm is based on imaging those features at 200 dpi." Bioscrypt's low-resolution sensors cost less than 500 dpi sensors. Moreover, in recent tests, some pattern-based systems outscored those based on minutia.
Yet fingerprints pose several problems. A small percentage of people have fingers that are too dry or worn by aging or corrosive chemicals to make a good template. Security experts worry that criminals could use photos of dusted fingerprints to pass through scanner. Others associate fingerprints with criminality. They fear their fingerprints could find their way into the FBI database or be used to track their activities.
Vendors are dealing with these issues. They note almost everyone has at least one good finger from which to take a print. Moreover, new software looks for telltale signs of moisture and other attributes of living tissue in order to weed out fakes. Finally, they note that no one can generate actual fingerprint samples from algorithms, and that most organizations have privacy rules that prohibit the sharing of biometric information.
Accuracy has improved dramatically over the past few years. An early Government Accounting Office (GAO) test found that although most fingerprint systems had a very low false accept rates, some scanning devices produced false reject rates of nearly 50 percent. A recent National Institute of Science and Technology (NIST) test found the best systems — by NEC, SAGEM and Cogent — were more than 99 percent accurate even when false accept rates were held to 0.01 percent.
One reason fingerprints are prone to false rejects is that they must measure very small features, something that is hard to do accurately. The beauty of hand geometry, says Spence, is that hands are very large targets whose image is easily and repeatably acquired. "These systems make a good decision every time," he says. A 1991 test by Sandia National Laboratories concurred: it found Recognition Systems' hand geometry readers had false acceptance and false rejection rates of less than 0.1 percent.
This has made hand geometry the most widely use biometric after fingerprints. The technology relies on more than 90 measurements of finger length, width and height, distance between joints, and knuckle shape. They are usually measured by positioning hands on a platen containing a series of pins.
The resulting biometric contains only 10-20 bytes of information (compared to 250 bytes for minutia and 1,000 bytes for pattern-based fingerprints). Such small records make hand geometry databases very, very fast to sort for matches. As a result, hand geometry systems excel at processing many people in short periods of time.
Hand geometry systems are used for access to San Francisco International Airport, Scott Air Force Base and the Port of Rotterdam. Mc-Donald's and Krispy Kreme use them to track time and attendance. Their low false accept/ reject rates make them part of the security system in 98 of 103 nuclear power plants.
Yet hand geometry is not the only biometric used in most nuclear power plants, and this underscores a weakness in the technology. "Hand geometry is not considered as strong as some other biometrics," says Larry Hornak, director of the National Science Foundation's Center for Identification Technology Research (CITeR) at West Virginia University in Morgantown.
Hands simply do not contain as much distinguishing information as fingerprints. They could not be used for one-to-many identification. Still, it is hard to fake the three-dimensional image of a hand. When used in combination with a PIN or identification card, it provides enough security for a very broad range of uses. More importantly, it keeps false rejects to a minimum, so security personnel have no incentive to "retune" their procedures.
Iris scans, which combine the best attributes of fingerprint and hand geometry technologies, work for both verification and identification. The technology is based on analysis of patterns in the iris, the ring of flecked colors that surrounds the pupil of the eye. Inexpensive blackand-white digital cameras measure more than 250 distinctive iris characteristics, such as striations, rings, furrows, corona and freckles.
Iris features remain stable throughout an individual's life. They provide larger targets than fingerprints, and digital cameras can acquire a precise image every time. Because they contain so many different characteristics, database searches are likely to return a precise match.
"Iris technology is scalable for databases with millions or tens of millions of templates," says Frank Fitzsimmons, president/CEO of iris technology vendor Iridian Technologies Inc. "This is due to the natural feature richness of the iris. With fingerprints, there are 70 points of differentiation. The iris has 240 points in each eye. What this means is that if you try to identify a fingerprint in a large database, it will come back with several candidates for review. Iris technology will come back with the answer. The chances of us being wrong are just 1 in 1.2 million."
This has made iris recognition the system of choice for monitoring the movements of large populations. The United Arab Emirates (UAE), for example, uses Iridian's iris technology to keep expelled foreigners from returning.
Over the past 18 months, says Fitzsimmons, UAE has asked about 450,000 people to leave. Before they go, the government scans their irises. When they return home, many change their name, date of birth and address, then apply for new UAE visas and work permits. Before they reenter, through, they must pass a 2-3-second iris screen. "In the past 18 months, UAE has caught 10,000 people trying to reenter illegally," says Fitzsimmons. "They even caught one guy who was booted out in the morning and flew back the same night."
Like other biometric technologies, iris technology continues to improve. Security cameras, which once cost $40,000 to $50,000, are now cheap enough to put on hotel doors. Colored or bifocal contact lenses are rarely an impediment, and even most people with glaucoma or cataracts can enroll in the system. Only about 1 to 2 percent of a population can't enroll, says Fitzsimmons. Glare, however, remains an issue, and users cannot mount cameras facing the sun.
Facial recognition technology tries to distinguish people by analyzing such facial features as eye socket outlines and the sides of the mouth. This is something people typically do much better than machines, though recent developments are closing the gap.
Tests of the US Dept. of Defense Counterdrug Technology Development Program's Face Recognition Technology (FERET) database found typical facial systems could match frontal photos with templates taken on the same day about 95 percent of the time. For templates taken with different cameras and lighting, recognition drops to 80 percent. For photos taken 1 year earlier, accuracy is about 50 percent.
This is clearly a technology that needs work. Yet facial recognition promises something other biometric technologies do not: covert surveillance. When perfected, it will be able to search thousands of people moving through an airport, railroad station, or tunnel for potential terrorists.
"I don't know how many fingerprints of terrorists we have, but we do have a lot of photographs," says Identix's Wright. "There are over 1 billion photographs out there, from watch lists to drivers' licenses to passports." Those databases could vastly expand our ability to monitor high-traffic areas for terrorists.
The problem is that, unlike fingerprints, irises or hands, faces are always moving. Systems must successfully recognize faces in a variety of different positions (front, side, tilted) and expressions (frowning, smiling), under a broad range of lighting conditions. They must take into account both new facial features, such as beards and haircuts, as well as aging.
Still, the technology is advanced enough to do some jobs very well. In Colorado, for example, Identix uses facial recognition to scan the state's drivers' licenses for duplicates used by drivers who pass fraudulent checks. Because all license portraits are well-lit and face-forward, the system has relatively few errors. Wright says it matches each new photo against 10 million templates in less than 1 minute, and typically matches two or three people every day.
Speaker recognition, another biometric technology, dates back 40 years. Many vendors sell systems as part of voice processing, control and switching systems. Voiceprints vary with the receiving system and use large templates that are slow to search.
Spoofing and Security
Criminals have found ways to spoof, or defeat, most systems. They have, for example, used photographs of fingerprints to pass security scanners. Vendors responded by developing software that looks for signs of perspiration on ordinary fingerprint scans. "That's not easily spoofable with a picture or a cadaver finger," says Hornak. "It's very easy to implement and comes down to cost."
New advances lead to new spoofs. High-resolution photos fooled early iris systems. When vendors began looking for the shimmer of a live pupil, a researcher poked a hole in the center of an iris picture, held it up to his eyes, and defeated the system. Vendors say they have countered this spoof but refuse to talk about it.
This cat-and-mouse game will go on as long as security systems exist. "Criminal activity a balance between motive and opportunity," says Spence. "The ease of faking a biometric defines the opportunity. That's why high-security is never a single system. Criminals can't deceive just one device and get in. If solve one problem, they then have to figure a way around another and another. High security means lots of redundancy."
Instead of spoofing sensors, criminals and terrorists may attack databases and the procedures for securing them. Currently, biometric information resides on either an identity card or a computer.
"There is a raging debate going on about the best way to store data," says Cathy Tilton, vice president of standards and technology for Saflink Corp. (Bellevue, Wash.), a company that develops integrated biometric security systems. Some people argue that a computer that sits behind a security firewall is more secure, while opponents claim even secure computers can be hacked by insider.
Those who support card-based systems like the fact that the encrypted biometric never leaves the card. Critics note that encrypted cards are not necessarily tamper-resistant. Anyone who manages to forge a card can easily enter a secure site.
While there are federal standards for tamper-resistant encryption, Tilton also favors security systems that combine different identification factors, such as biometrics and PINs. The more barriers an intruder faces, the more likely he or she will stumble.
Biometric technologies continue to develop at a rapid rate. Systems are growing smaller, faster, cheaper and easier-to-use, says Hornak. Vendors are increasingly developing plug-and-play devices and software that make it easier to upgrade capabilities while reusing existing databases. As a result, most experts expect rapid growth in verification systems for secure facilities.
National and international identification databases are likely to take longer to develop because nations have to first agree upon standards to ensure interoperability. It will take years before governments fully approve and implement them. When they do, biometric systems will be able to rapidly identify people around the globe.
That raises privacy concerns. "People are concerned that biometric identifiers are used only for the purpose for which they are gathered and not subject to some sort of information creep," says Lisa Nelson, a professor at University of Pittsburgh's Graduate School of Public and International Affairs.
Banks, says Nelson, may soon require a thumbprint for an ATM withdrawal. "The bank may ask your consent to use it for the transaction, but what if it then uses it to compare with a criminal database or transfers the information to another agency for marketing purposes," she asks. As shown by the case of the Oregon lawyer whose misidentified fingerprints made him a suspect in the terrorist bombing in Spain, widespread dissemination of biometrics can lead to misuse.
Texas has already passed a law controlling the use of biometric information, and New Jersey is considering similar legislation. Yet questions about privacy are likely to grow as biometrics become ubiquitous.
Despite privacy concerns, biometric technology is making the leap into the mainstream because it has become cheaper, faster and more reliable just as security concerns have grown. In terms of technology, we are well on our way to creating the world of Minority Report. But the discussion about where and how we use this technology has only just begun.
For More Information
Biometrics Security Technical Implementation Guide was written by the Defense Information Systems Agency and is an excellent introduction to security procedures for biometric systems. It is at csrc.nist.gov/pcig/STIGs/Biometrics-STIGV1R1.pdf.
Biometrics Resource Center is run by NIST, the government's lead biometrics agency, and covers biometrics issues. It is at www.itl.nist.gov/div893/biometrics. Its fingerprint evaluation is at fpvte.nist.gov.
Border Security: Challenges in Implementing Border Technology by the General Accounting Office (GAO) has an excellent review of biometric technologies. FindBiometrics.com is another excellent information resource at www.findbiometrics.com.
The International Biometric Industry Association is the trade group for biometric developers at www.ibia.org.