Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Why are we just talking about fingerprints, aren't there other kinds of biometrics? I'm glad you asked me that. Iris recognition is potentially a simpler recognition job, and the NPR humorously (?) observes that fraudsters tend to be more reluctant to mess with their eyes than their fingerprints (slightly useless factoid: "over 1 in 1,000 fingers are missing or have no fingerprint", but only 1 in 10,000 lack a usable iris for recognition purposes).

There have been no widespread deployments of iris scanning systems, and there are difficulties associated with broad deployment of enrollment and reading systems. Current systems require careful alignment and good lighting conditions, and enrollment systems will be more costly to operate and will have a poorer throughput than for fingerprints. And we can perhaps entertain unworthy thoughts about how the police might best achieve optimum conditions with mobile iris recognition systems after dark - slam suspect up against wall, shine bright light in their eyes...

Facial recognition meanwhile is rejected entirely by the NPL study. It quotes one study as finding a false match rate of 1 in 1,000 with a false non-match rate of 1 in 10, but points out that a longer time lapse between enrollment and check, and less optimum lighting conditions would produce a false non match rate of 6 in 10 at a false match rate of 1 in 1,000. The best you can say is it's not ready for prime time, but it might have an application as a supporting biometric to reduce false matches from the primary one.

NPL's observations about the lower possibility of people trying to falsify their eyeballs does however raise the possibilitiy of fingerprint falsification. David Westcott reminds us about the use of gummy false prints. The feasibility of these means some degree of observation of the hand will be necessary when it's placed on the reader, and that the use of fingerprint recognition in unattended security scenarios is of dubious value.

What about DNA? Pete Austin rightly corrects me for another unwarranted assumption:

Actually, if my DNA is found at the scene of a crime, it only means that my DNA is there. But DNA is easy to aquire. For example, like most people, I don't guard my wheely bin to stop criminals nicking vacuum cleaner dust, much of it hair and skin cells brimming with my DNA, to scatter at any crime scene of their choice.

Quite right, Pete. But as you, the container of the vast majority of your DNA, are likely to be present at an ID check, we don't necessarily need to be talking forensic worries here. They can just watch you, er, leak into a handy receptacle, or something. Kristoffer Winther Sørensen suggests that it actually is currently possible to do on-site DNA fingerprinting:

In the biomedical industri and academia we use a device called a PCR lightcycler to basically copy/clone DNA. As far as I know this technique was developed by the US military to facilitate the identification of possible biological agents used in biological warfare. The device is small enough to be carried on the back of a soldier and costs around $15.000. So I don't think there is a technical problem to "on-site" DNA fingerprinting.

Is there no end to the US Army's specialist hardware collection? Kristoffer however points out that DNA fingerprinting can give rise to false positives, "even if the material is of superb quality."

From memory, the methods used in Denmark will give a positive in 1 out of 100.000 persons. So if all danes were in a DNA register, on average 52 persons (population of 5.2 million) would match a crime-scene DNA-profile. That's a lot of suspects.

And we've had many more emails on the subject. We've skipped the ones saying what David Blunkett is (true, people, but this is established), and we've skipped the one claiming authorship of a system "paying 2.5 million people a month using fingerprint technology." We couldn't help noticing that in the country in question there seems to have been some debate about the effectiveness of this system, so we'll just have to call it 'jury still out.'

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
ePassport to Transnistria: NEXTIFYING the Nation State with BONG
Hey the Man, you can't geoblock distributed democracy
Red Bull does NOT give you wings, $13.5m lawsuit says so
Website letting consumers claim $10 cash back crashes after stampede
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Trolls have DARK TETRAD of personality defects, say trickcyclists
Think psychopathy and BDSM dungeons, not desktops
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.