<$BlogRSDUrl$>

Friday, December 19, 2003

The false promise of biometrics 

Ever since I first heard whathisname at the Homeland Security Dept stand up and praise as biometrics as a technology that would have prevented two of the 9/11 hijackers from the United States, I have been a thorough opponent of the planned system, and not just because I will have spend extra time in line waiting to clear the immigration lines at JFK (an extra minute per passenger according to sources). Not because of privacy issues either.

Let's see, those two guys would have been prevented from entering the U.S. because the biometric scan would have shown them up as suspects. My question is if the U.S. did in fact have evidence against them, what were they doing issuing visas to these gents? Worse still, such a biometric system would have done nothing (besides providing data on irises and fingerprints of dead terrorists) to stop the other 17 because they came in on their own names and passports. My fear is that valuable resources are being used in invested in technology that has a dodgy record when other tactics may work better (just plain spook work, for example).

The Economist's Technology Quarterly is carrying a long-ish report on biometrics and pretty much makes the case for why it might not live up to its promise. But first a brief introduction.

Biometrics can be used in two ways. The first is identification (“who is this person?”), in which a subject's identity is determined by comparing a measured biometric against a database of stored records—a one-to-many comparison. The second is verification (“is this person who he claims to be?”), which involves a one-to-one comparison between a measured biometric and one known to come from a particular person. All biometrics can be used for verification, but different kinds of biometric vary in the extent to which they can be used for identification.

There are two key measures of how good a biometric system is: the false match rate, and the false non-match rate. These two can be balanced against each other. Tune the system to be tolerant, so that everything matches, and you have a false non-match rate of zero, but a very high false match rate; conversely, in a system that is so strict that it allows no matches, the false match rate is zero, but the false non-match rate is 100%.

In an identification system, particularly one that has to search a large database of millions of templates, the task is much harder. Even a false match rate of one in 10,000 would produce thousands of false matches. And if you are trying to spot members of a small group of known terrorists, even the best of today's biometric systems produce hundreds of false matches for every correct match with a terrorist. The result is that the system is flooded with false alarms, which are routinely ignored, providing almost no additional security. As a result, the new border-control systems now being implemented at American border posts are merely verification systems.

Spending the billions of dollars that the GAO estimates will be necessary to implement biometric systems at border-crossing points—$1.4 billion to $2.9 billion initially, and $700m to $1.5 billion annually thereafter—may mean there is less to spend on other areas of security. America has long land-borders with Canada and Mexico, and tens of thousands of miles of coastline. Using biometrics at airports does little to reduce the level of illegal immigration, since most such entries do not occur at airports, but over the far more porous land and sea borders. The new system will, however, be ideally suited for spotting tourists or students who overstay on their visas, but that is a trivial issue.