To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/government/0,39024677,39120120,00.htm

Cheat Sheet: Biometrics
Think you know what it is, but can't quite put your finger on it? Then read on...

By Will Sturgeon

Published: Tuesday 20 April 2004

Biometrics? Go on, explain what it is then...
Think fingerprints, think iris scanning - as the name suggests, it relates to specific biological features which can be measured, recorded and then used as a form of identification. Fingerprints and iris scanning are just the two most commonly discussed.

Iris scanning, that all sounds very Minority Report?
It does and indeed it raises some of the same issues - such as fears of an all-seeing invasive government and media industry but, in truth, it's far less sensational than that.

So if this isn't going to be used to track our every move, how will it be used?
The financial sector is looking at biometrics as a way of verifying your identity and adding a further layer of security, such as at cash points or point of sale equipment where a biometric 'signature' would be needed to complete a transaction. Also governments are looking at biometrics as a way of increasing the security of passport control and stamping out benefit fraud and illegal immigration - creating a more complex verification process for determining whether you are who you say you are.

Similarly private companies - as diverse as banks and football clubs - who have concerns over access and the physical security of their premises are considering biometrics as an alternative to swipe cards or combination lock/PIN.

So it will make us safer and more secure in our every day lives?
That's the idea...

It sounds like you're about to say 'But...'
Not really, though there are some concerns about whether biometrics may create serious problems relating to identity theft.

Tell me we're not talking about people stealing other people's eyes and fingers...
Fortunately we're not - but that is a common misconception.

So you can't use a 'dead-man's finger'?
You shouldn't be able to but there was one instance of a pickled finger being used to fraudulently claim a pension in South Africa some years ago when such technologies were still very new.

Some unscrupulous criminals had cut off a poor pensioner's finger?
After a fashion. It was actually a relative who removed his grandfather's finger posthumously and used it to cheat the country's pension system for as long as he got away with it. He obviously considered it his inheritance and kept it in a jar on the mantelpiece. However, such fraud required collusion at the 'official' end, as in most instances there should be somebody present to check a live, attached and genuine finger is being used.

Nowadays advanced systems will have 'liveness' tests - which means they will detect whether the finger is genuine living tissue (as long as somebody tells the muggers - who may still try it on anyway) - so basically a fingerprint isn't much use without being attached to the finger of its rightful owner. However, that's not to say all systems will be as advanced as they should be or even that it is impossible to steal a fingerprint. If a fingerprint is taken and used successfully, the potential for users to fall victim to the system is considerable - but these are very big 'ifs'.

So it's largely foolproof then?
Not entirely. David Taylor, technology consultant at Barclaycard, wasn't happy with the results of his own company's fingerprint trials and for now they are very much on the back burner.

What went wrong?
It wasn't so much security - more usability - that scuppered things. In a nutshell - they don't always work. Some Asian women on Barclaycard's trial had skin so fine it couldn't reliably be used to record or verify a fingerprint. Then at the other end of the scale there were people whose skin was too hard and calloused to be used reliably. Added to that, there are anomalies caused by hand creams (honestly, I'm not making this up), cuts and blemishes which all meant Barclaycard for one was not overwhelmed by the success of fingerprinting.

So iris scanning it is then?
Iris scanning is far more reliable and less invasive but - funnily enough - some people are loathe to let people scan their eyeballs with a laser.

Seems reasonable.
It's more a case of understandable rather than reasonable. In truth, Taylor believes concerns owe a lot to misinformation. The laser poses about as much threat to the eyeball as a candle flame 20 feet away.

So when can we expect to see biometrics being widely used?
Government rollouts will likely be the first major deployment of biometrics in the form of ID cards and biometric passports in the next couple of years.

Biometric passports?
This is being lead by the US, though some European countries are also trialling them. In Amsterdam, Dutch officials were trialling iris scanning for air passengers as long ago as 2001.

Biometric data on passports add another layer of authentication and a more reliable means of proving that somebody is exactly who they say they are - which is no bad thing - though it will likely add considerably to the cost and lifespan of a passport and make the application process more long-winded but the general message is 'get used to them' because biometrics will happen and they will be everywhere.