A better approach to biometrics

Troy Potter, vice president of identity solutions at Unisys Federal Systems, previously served as deputy assistant director for identity services for the Homeland Security Department’s U.S. Visitor and Immigrant Status Indicator Technology program. Terry Hartmann is vice president of global security and identity solutions at Unisys.

For years, U.S. defense, law enforcement and civilian agencies have been implementing large-scale biometric solutions to identify criminals, enhance national security, and authenticate the identities of government personnel, contractors and citizens. The technology has now matured to the point where the federal government relies on it to mitigate the risks associated with personal identification.

But as the benefits of biometrics have become clear and the solutions more widespread, the government’s development and deployment of those solutions have become less efficient. Biometric solutions have typically been designed and implemented to meet the specific needs of a particular organization, purpose or even use case. That approach has resulted in a lack of flexibility that limits the potential value of the solutions and greatly increases the initial investment and the cost of future adoption.

Given today’s austere budgetary landscape, the government can no longer afford to build biometric solutions from scratch to address its broad range of current and future requirements.

The problem can’t be solved by consolidating solutions into one mega-system because that would inevitably compromise the solution’s ability to address particular use cases and business needs. Rather, it is most effective to start with a robust, reusable baseline solution as a foundation and customize it to meet specific needs, resulting in a more reliable and faster implementation phase.

Although the government has yet to take full advantage of it, the process of developing those biometric solutions has evolved internationally and commercially to apply a vendor-independent, scalable and repeatable service-oriented architecture (SOA) based on industry standards. The approach has several virtues: easier functional upgrades over time, adaptability for differing mission requirements, the ability to scale up as biometric enrollments increase, and the ability to interoperate and integrate with other national or international biometric systems — all while requiring less upfront investment.

For example, the government of Angola recently implemented a national identification system using fingerprint and face biometrics largely based on a solution already in place in other countries. It was developed using a library of distinct software modules that cover the entire identity management life cycle: biometric collection, enrollment, identification, verification, storage, expert examination, results, document production and document authentication.

Subsequently, Mexico deployed a vendor-neutral citizen ID solution based largely on those deployed in South Africa and Angola and paid roughly two-thirds less for its solution than it would have paid to build a system from the ground up. In addition, Mexico was able to field the system in well under a year, compared to the two years typically needed when using more traditional approaches.

Likewise, the U.S. government could reduce investment and maintenance costs by perhaps 50 percent while significantly reducing the time it takes to field solutions by reusing proven SOA-based solutions instead of following current approaches that reinvent the wheel to meet changing requirements.

The main barrier to the new approach is the mind-set that the unique nature of the applications of biometric solutions in the federal government — whether for national security, identity management or other uses — precludes the reuse of existing solutions from non-government programs.

Our experience has proven that the overwhelming majority of typical system requirements for biometric solutions can indeed be met by taking a commercial approach and reusing scalable, open architectures that adhere to industry standards. At a time when government is looking for ways to cut costs while continuing to address critical security needs, federal agencies should consider an approach that has already been proven elsewhere to achieve both objectives.