Time is ripe for biometrics

Other than some successful though narrow applications such as law enforcement fingerprint databases or securing access to sensitive government facilities, biometrics has not taken root across a broad swath of government. The reason has been fairly simple: In most cases the need for the technology has not justified its cost.

Less expensive methods for authenticating a person's identity, namely passwords and personal identification numbers, were usually sufficient given the low level of risk associated with most applications.

However, this calculation has begun to shift quite dramatically in the past two years, due to changes on both sides of the cost/benefit equation.

Of course, most significant on the benefits, or needs, side were the Sept. 11, 2001, terrorist attacks and the security weaknesses they exposed on several fronts, including transportation safety and immigration controls.

Less spectacular but further reaching has been the ever-growing volume of government-sponsored online activity, from internal agency operations to citizen and company-focused e-government applications. Biometrics can make a valuable contribution to all those situations.

Meanwhile, the cost of acquiring and managing biometric technology has fallen steadily. Product software and equipment such as scanners and cameras are cheaper. It is now less expensive to deploy biometrics into existing information technology environments and, thanks to standards taking hold, to get basic interoperability among different vendors' products.

Also, the technology's performance has improved in terms of scalability and accuracy, which is reducing the costs associated with workarounds or accepting some identification errors.

The business case for biometrics has never been better. Some experts believe government may become the biggest market for biometrics products. For those agency decision-makers mulling the use of biometrics, there are a few important points to keep in mind:

n Some applications will need to use more than one type of biometric technology, especially those in which large numbers of people have to be enrolled. Although the technology has improved, it is not perfect, and a small but significant portion of a population will have problems being recognized by certain biometric identifiers.

n Biometrics will not replace the need for other types of security systems, such as public-key infrastructures, smart cards or identity management solutions. Each layer of security has a role and all will ideally work together in an integrated fashion.

n Product standards are critical. Although industry leaders have made progress in developing and supporting standards for things such as data formats and exchange methods, they still have a long way to go before product interoperability isn't an issue.

n Policy-makers have to be careful about the use and potential misuse of biometric data by not unnecessarily linking personal information online.

n Biometric tools do not solve every problem associated with verifying a person's identity. A thief who has stolen personal information could fraudulently obtain an identification card with his own biometric identifier on it, fooling the system and creating a big hassle for the victim of such a theft.

In this report, we take a closer look at the strengths and weaknesses of leading biometric technologies and the primary government applications in which they will be used. We hope that by reading the report you will gain a deeper understanding of the technical and policy issues that surround this increasingly important technology.