Facing facts

A facial-recognition system tested at a Palm Beach, Fla., airport last spring failed to match airport employees with their digital photos 53 percent of the time. Legislation to require the states to adopt standardized driver's licenses with biometric identifiers has stalled. As of now, there are no biometric "trusted traveler" cards to whisk registered travelers through airports.

The Defense Department is issuing 4 million new smart identification cards — all without digital fingerprints, iris scans or other biometric identifiers. The State Department's new high-tech ID cards being distributed this month also lack biometrics.

Biometric identification technology seemed like a sure and swift solution to homeland security problems in the aftermath of last year's Sept. 11 terrorist attacks, but today it seems less sure and a lot less immediate.

"After Sept. 11, people were desperately searching for a solution to terrorism and they fixed on biometrics," said John Woodward Jr., a policy analyst at the think tank Rand Corp. and a member of its biometrics team. But since then, it has become evident that the path to usable biometrics is blocked by a dense tangle of operational, technical and political challenges, he said.

Tests have revealed that some biometric technologies, such as facial recognition, are not as accurate as hoped — and that accuracy itself is not so simple a concept. Choosing among different versions of the same technology, such as biometric smart cards with the user's fingerprint template on the card or in a central database, has proven complicated. And scaling biometric projects from the laboratory to government deployment is daunting.

"There was a lot of hype about biometrics," Woodward said. During the past year, it has become clearer that "it's emerging technology, but it's not fully emerged."

For Bruce Mehlman, whose job at the Commerce Department is to promote greater use of technology, the absence of biometric identification systems is striking.

Last winter it seemed that "biometrics' time had arrived," said Mehlman, Commerce's assistant secretary for technology policy.

"Experts anticipated rapid deployment and usage of biometrics-based security solutions by businesses and governments," he told a gathering of scientists and vendors during a government-sponsored biometrics conference Sept. 23.

But today, "we see few biometrics devices at high-security locations. Few companies have overhauled their security systems to incorporate biometrics. There's not a fingerprint pad on every computer keyboard or a retina scanner at every ATM, nor have there been major advances in the reliability or effectiveness of new biometrics technologies," he said.

Whether that picture will change remains "to be determined," Mehlman said in an interview. "Systems have to work, they have to be scalable, they've got to be easy to use, they've got to be reliable." And so far, the jury is still out on all that.

A variety of "bio-trials" are under way at Commerce's National Institute of Standards and Technology, the Defense and Justice departments and other federal agencies to see just how well various biometric technologies work.

DOD, for example, is "evaluating various alternatives" for biometric identifiers that it may add to its smart card IDs "sometime in the next year," said Lt. Col. James Cassella, an Army spokesman.

Even Congress, which has passed several laws requiring the use of biometric IDs, has adopted a more cautious approach. This summer, lawmakers halted spending on a Transportation Security Administration program to issue biometric ID cards to airport and airline employees until the agency develops a system that won't impede the movement of employees or divert security screeners' attention away from screening passengers.

"There's lots of good promise," but so far, not much else, Mehlman said.

Delays in the deployment of biometric systems by the federal government aren't that surprising, said Frances Zelazny, director of corporate communications at Identix Inc., which makes fingerprint and facial-recognition technology. "On the federal level, the applications are massive critical infrastructure projects that don't materialize overnight."

Scaling Up

Size alone vastly complicates government biometric projects.

Attorney General John Ashcroft wants Justice to build an electronic entry/exit system to keep track of virtually all foreign visitors to the United States. That's about 35 million people each year.

Last month, Ashcroft launched a miniature version of the system that is designed to photograph and fingerprint 100,000 foreign visitors a year as they arrive in the United States.

Beefing that system up to process 35 million visitors will not be easy or cheap, Woodward said. In addition to a complex new computer infrastructure, such a system will incur substantial additional costs, such as a large number of employees to process applications and operate equipment, and even more waiting rooms for visa applicants during what will be a longer application process.

And there is bound to be diplomatic fallout. The fingerprinting requirement is sure to prompt protests from countries that do not require fingerprints from traveling Americans, Woodward said.

The scale of systems poses an equally tough problem for TSA. The huge number of people streaming through major airports means that even a small false match rate by biometric ID systems would result in hundreds or thousands of passengers being wrongly singled out as suspected terrorists or not being recognized as trusted travelers, said biometrics consultant Peter Higgins.

At an airport like New Jersey's Newark Liberty International Airport, which handles 5,000 travelers per hour, trusted traveler ID systems might fail to properly identify as many as 3,500 passengers in a 14-hour period, said Higgins, who is a former chief of the FBI's Integrated Automated Fingerprint Identification System, a system for electronically searching fingerprints.

The error rate for facial-recognition systems is even worse. One analysis concludes that a system scanning 300 passengers about to board a jumbo jet is likely to identify seven as possible matches to photos of terrorists, Higgins said.

It is easy to see that such systems would be extraordinarily disruptive with so many "people being asked to step aside to prove they're not someone on a watch list," he said.

The performance of facial-recognition systems and other biometric systems depends heavily on the conditions in which they are used. When used to control access to buildings, for example, facial-recognition systems compare faces in their databases with the faces of people seeking admission to buildings.

In such a case, conditions such as lighting, position of the face and quality of the photos in the database can be carefully controlled and the systems work well. In public settings, such as airports or streets, conditions such as lighting are variable, the quality of photographs of criminals and terrorists may be inferior, and thus system performance degenerates.

Because of their high error rate in adverse conditions, facial-recognition systems are doomed to the same fate as car alarms, predicts Jeff Johnson of Computer Professionals for Social Responsibility. Because car alarms can be set off by a passing bus, a gust of wind or some other benign stimulus, they have come to be widely ignored.

When facial-recognition systems begin producing too many false matches, they will simply be adjusted to produce fewer matches, which means they will also produce more false negatives.

Facial-recognition systems make two kinds of mistakes, Johnson explained. They accuse people who aren't terrorists of being terrorists — false positives — or they fail to recognize people who really are terrorists — false negatives. "You can't lower both error rates simultaneously."

Solutions and Problems

Identix had to confront that problem while testing facial-recognition systems at the Palm Beach International Airport, Zelazny said.

One goal of the company's test was to minimize the number of false positives in a busy airport setting, she said. The facial-recognition equipment was calibrated so the number of false positives was almost zero. But that pushed the false negative rate up so that 53 percent of the time, the system did not match employees with their photos in the system database.

Identix conducted a similar test in Dallas, during which the facial-recognition equipment recognized subjects correctly 94 percent of the time, Zelazny said. However, achieving greater accuracy in recognition pushed the false positive rate to about 4 percent, which is too high for a busy airport. At airports such as Tampa International Airport, Fla., or Portland International Jetport, Ore., which handle about a million passengers a month, that false positive rate would mean that 40,000 passengers would falsely match terrorists' photos.

One way to cope with the false positive and false negative rates is to increase the sensitivity of facial-recognition systems during periods of high threat and lower it when the threat is less imminent, Zelazny said.

Another solution to the accuracy problem is to just wait a while, advises Christopher Baum, vice president and research area director of Gartner Inc.'s public sector. "The technology will get better," he said.

Besides, he said, when biometric ID systems make mistakes, "they're not going to shoot people, they're just going to ask them some additional questions." As long as acceptable protocols are followed, the traveling public should suffer little more than mild inconvenience from less-than-perfect biometric systems, he said.

Inconvenience is a minor concern for Johnson. What really worries him is that biometric technology set up to detect terrorists can easily be adapted to other uses, including keeping an eye on the everyday activities of ordinary people.

Facial-recognition systems, for example, can be and have been used for surveillance. Fingerprint, hand geometry, iris scans and other biometric systems can be used to create a detailed electronic trail of travel, purchases and other transactions. Much of that information is already collected when purchases are made with credit cards, highway tolls are paid with an electronic pass or money is withdrawn from an ATM, Johnson said. But today, "this information is available only in bits and scraps and various places. It is not all available centrally to be combined, compared and matched."

With wider use of biometric identification systems, much more information would pour into databases, where it could be sifted through and mined to trace patterns of individuals' activities, he said.

Analysts at the Electronic Frontier Foundation share Johnson's concern.

"By far, the most significant negative aspect of biometric ID systems is their potential to locate and track people physically," wrote William Abernathy and Lee Tien of the foundation. "A society in which everyone's actions are tracked is not, in principle, free. It may be a liveable society, but would not be our society."

They present a long list of potential ills, from loss of privacy and greater opportunities for blackmail to more wrongful convictions due to greater collection of circumstantial evidence.

Rand's Woodward is not as worried.

Although it would be possible to use biometric identification systems to track individuals, "the government hasn't got the kind of incentive" to do so as a matter of routine, he said. "It seems to me it's the private sector that has the incentive."

"People are right to worry about privacy," Commerce's Mehlman said. And the federal government should take an active role in setting policies and standards that ensure high levels of security and protection of privacy, he said.

Wait and See

The private sector has shown some interest in biometric technologies, but is not yet ready to embrace them.

Grocery chains Kroger Co. in Texas and Thriftway Stores in Seattle have experimented with biometric ID systems that permit customers to pay for groceries with a fingerprint. In such systems, the fingerprint is linked to a credit or debit account and works just like a signature.

For consumers, one lure is convenience. "It's hard to leave home and forget your fingerprint," Mehlman said. But to win public acceptance, "the most critical question is whether these systems can be designed to increase security. I'm optimistic that they can be — and if they do, they will be wildly successful."

Earlier this year, fast-food giant McDonald's Corp. tested a fingerprint payment system in a restaurant in Fresno, Calif., but was unimpressed with the results. After a brief experiment, the technology has been dropped, a McDonald's spokeswoman said.

Disney uses a finger geometry system to identify its season pass holders for its theme parks. The system prevents passes from being lent to friends and relatives. And at the Children's Hospital Inc. in Columbus, Ohio, fingerprint identification technology is being used to authenticate doctors who order tests and prescribe drugs.

Identix's Zelazny said successful use of biometric ID systems by the government might be the key to their adoption by the private sector.

If TSA can reduce travel delays without creating other problems, consumers might want similar systems to reduce the waits in checkout lines. And if the Immigration and Naturalization Service, for example, can reduce immigration fraud with biometric visas and passports, the public might trust biometrics to reduce credit card fraud.

But that's going to take time. As of Oct. 1, INS requires biometric visas only from Mexican citizens attempting to enter the United States along the U.S./Mexican border. Other biometric visas aren't required until late 2004.

At TSA, the trusted traveler card is stalled in its early planning stages. Adm. James Loy, undersecretary of transportation for security, said Congress' spending freeze on the Transportation Worker Identification Credential system has also halted work on the trusted traveler card.

Holding Back

Despite an aggressive launch last winter, there has been little real progress toward adopting biometric driver's licenses.

A House bill that would make $315 million available to the states to develop biometric licenses stalled in a subcommittee. A Senate version has not been introduced yet.

"There's a lack of political will," said Jason King, spokesman for the American Association of Motor Vehicle Administrators, which issued an urgent plea for creating biometric driver's licenses last January.

Unable to motivate Congress, AAMVA has turned to the National Governors Association to press for uniform driver's licenses with biometric identifiers. "It's going to take legislation at the state level, and it's going to require funding," King said. And getting either is expected to take time.

Meanwhile, King conceded, AAMVA has not yet decided which biometric identifier should be used on driver's licenses.

It all has a familiar ring to Ken Gregory, U.S. project manager for a Swedish company named Precise Biometrics.

Every year for the past six years, Gregory said he and his colleagues have assured one another that "this is the year" biometric technology would take off. Each year, they have been wrong.

But this year, Gregory said he was convinced this really was going to be the year that biometrics boomed.

Market conditions never looked better. After the terrorist attacks, the U.S. government seemed eager to use biometric technologies to improve security at airports, government buildings, border crossings and ports of entry.

Entire departments were being created to focus on improving homeland security. Laws were being debated and occasionally passed requiring the use of biometrics. Equipment costs were dropping and capabilities were improving.

But 2002 is down to its final quarter now, and the biometric business has yet to boom.

Instead of unbridled buying, "you're seeing a lot of pilot projects," Gregory said. Some results are expected to begin trickling in this month and next. But others, such as a TSA program to test security technology in airports, won't get started until December and won't end until next August.

Maybe next year will be the year for biometrics.

***

Checking for prints

Prices have dropped dramatically and the reliability of biometric identification systems has improved in recent years, but not all biometric systems are ready for widespread use, according to the General Accounting Office.

In an April report to Congress, here's how GAO rated various biometric systems:

Technology ... Reliability ... Performance factors

Fingerprint scan ... Reliable ... Dirty, dry or worn may degrade performance

Hand geometry ... Fewer unique characteristics ... Injuries, jewelry may reduce accuracy

Retina scan ... Highly accurate ... Hard to use

Iris scan ... Highly accurate ... Poor lighting, movement may degrade peformance

Facial recognition Variable... Requires proper lighting, face positioning and undated photo database to work well