Dear Colleagues

Recently a motorist had his finger chopped off so that thieves could steal his expensive car. He was using biometric based fingerprint identification for the car. In applying biosecurity technologies, my concern and experience has been the slowness of the technology in identifying an individual. Not so much how reliable the technology is. But indeed, this reliability issue is perhaps its greatest weakness in terms of identifying all humans uniquely.

Why bother to read further ? Well; security is increasingly a critical element of all engineering installations and biometric security is being increasingly talked about as the panacea to all our problems in this area. Sadly not so, as I will discuss in the following. The myth (at least amongst the gullible public) that biometric means of identifying criminals and terrorists is completely foolproof, is false and has led to billions of dollars misspent in providing security that doesn’t exist.

Authentication of a person normally revolves around one or more of three elements:
1. Something that you know – e.g. a password
2. Something that you possess – e.g. a key or token (perhaps, the most common)
3. Something about you that makes you a ‘unique human being’ – e.g. fingerprints, iris of your eye.

Biometric authentication is based on the third element and is very convenient as there is nothing to forget or lose.

A few immediate problems with biometric security are that screening can be done on innocent people without their knowledge (but this can be useful in identifying criminals); it can invite violence (a motorist had his finger chopped off to steal his expensive car which used fingerprint identification); and we leave our biological features scattered around for others less well meaning, to use (such as fingerprints).

On a historical basis, biometric screening has been around a long time. Handprints were used in cave paintings many millennia ago and fingerprints have been used since the 1800’s.

The approach to biometric screening revolves around two issues: Identification of the person against a database and verification against some measured biological characteristics. The best form of biometric identification is in using the iris of the eye. However this is expensive (and it can be slow). Palm prints are cheap and increasingly popular, but sadly – not the most reliable, especially as evidenced when the FBI incorrectly (supposedly “100% verified’) identified a Muslim US lawyer as responsible for the Madrid train bombings.

Unlike other forms of security assessment, which provide a ‘yes/no’ answer (e.g. a password), biometric solutions only generate probabilistic results where the error in identification can be reduced but can never be entirely eliminated. And the associated sensors and instrumentation have numerous problems with humidity, temperature and varying degrees of lighting as well as aging and calibration. And naturally, the usual problems with bugs in software and interoperability between different security and administrative systems.

So what can you do about this ?

* Ensure that any (security) technology you apply is well researched as to its real level of security
* Read about and research the different security techniques
* Contribute to work in this area by identifying what makes each of us unique in a biological sense and coming up with engineering solutions
* Identify opportunities in providing solutions in this area

At this stage, the experts feel that biometric recognition is in urgent need of further research on what makes us as humans unique and thus needs considerable further work to make it a reliable security technology.

Perhaps Helen Keller is correct about security; when she remarks:

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.

Thanks to The Economist and Biometric Recognition:Challenges and Opportunities published by the National Research Council in Washington, DC, for a great dissertation on the subject.

Yours in engineering learning