On September 24, the United States’ National Research Council released a report entitled “Biometric Recognition: Challenges and Opportunities” Copies can be obtained here. The summary of the report, and consequently, the media coverage – including newspapers, blogs, TV – focus on both technical and systemic deficiencies that enterprises or government agencies will encounter if they plan to use biometric traits to identify (i.e. recognize) specific individuals among a broader group of people.
It takes 175 pages for the authors to provide background on their project and to say, essentially, that biometric-based recognition systems don’t work as they have been depicted in the movies (like Minority Report). This report has been like red meat to the hungry set of wolves among international wire services. If you enter “biometrics inherently fallible” in your choice of Web-based search boxes, you’ll find near identical articles in Reuters, UPI, USA Today, ITportal and even FederalNewsRadio.com.
At base, the report is just stating the obvious: the effectiveness of any technology for authentication, identification or “recognition” is only as strong as its application context. Hence the “inherent fallibility”. As the authors explain in the course of evaluation:
well-articulated processes for verification, mitigation of undesired outcomes, and remediation (for misrecognitions) are needed, and presumptions and burdens of proof should be designed conservatively, with due attention to the system’s inevitable uncertainties.
Sounds like a systems integrator’s dream technology… “Runs good, needs some work.” One thing’s for sure, it’s turning out to be a dream for the authors who obtained funding from DARPA and others starting in 2003 to hold workshops evaluating a broad spectrum of issues surrounding biometric recognition.
The primary weakness I perceive is the conflation of “identification” and “authentication” (or “verification”). It is true to say, as the report’s authors assert, that biometric recognition is “complex” to deploy and an “inherently probabilistic endeavor.” That just means that – as with alternative authentication or verification technologies – it would benefit a company or government agency to build applications and application environments that deal with uncertainty.
It is not news that almost any system out there can be hacked. But to draft a headline that singles out biometrics as “inherently fallible” (implying that other modes or methods are not) smacks of sensationalism and, is detrimental to the community of solutions providers that have tailored their platforms, enrollment methodologies and workflows to do the very tasks that the report writer’s prescribe: mitigate undesired outcomes and remediate for misrecognitions.
It’s hard to say this is a set back for the community of voice biometric-based solutions providers. In the introduction to the report, the author observes that “biometric technologies appear poised for broader use”, and that remains true. I now think of it as a call to arms for solutions providers to prove that biometrics – in conjunction with other factors, well-designed application software and hooks into existing risk management and security infrastructure – will overcome its inherent, but known and documented, fallibility to play a big role in areas like mobile user authentication, transaction authorization and speaker identification and verification.
Categories: Articles