Feeds

Collar the lot of us! The biometric delusion

Optimism beats evidence in the drive to fingerprint the world

  • alert
  • submit to reddit

The Power of One Infographic

Following 9/11, the newly established US Department of Homeland Security (DHS) designed US-VISIT, a biometrics-based scheme to protect the US border from infiltration by malevolent aliens. NIST conducted a computer-based trial of flat print fingerprinting to predict the success of US-VISIT. They estimated that the technology would successfully verify identity 99.5 per cent of the time. That is equivalent to a false non-match rate of 0.5 per cent, well within IPS’s one per cent limit.

It may not be immediately obvious how outrageous NIST's forecast is. In the 2004 international fingerprint verification competition, FVC2004, the best algorithm achieved a false non-match rate of 6.21 per cent at a false match rate of approximately zero per cent. Even with a false match rate of one per cent, the best false non-match rate was 2.54 per cent, and IBM promptly formed a partnership with the winning company, Bioscrypt, Inc. No-one in 2004 had ever seen a flat print fingerprint algorithm capable of IPS's one per cent false non-match rate, let alone NIST's 0.5 per cent, and they still haven't.

In December 2004, the US Office of the Inspector General (OIG) reviewed the statistics for the first year of operation of US-VISIT. On average, 118,000 people a day presented themselves to primary inspection at the borders. Primary inspection is largely a biometrics check. If the false non-match rate is 0.5 per cent, you would expect 590 of them to fail and to be referred to secondary inspection by human beings. The actual figure was 22,350 failures or 19 per cent. Just like in the UKPS biometrics enrolment trial.

Round up more fingers

NIST had argued that a true accept rate of 99.5 per cent could be achieved using only two fingerprints. Once US-VISIT had demonstrated that the figure was more like 81 per cent, they teamed up with the US Department of Justice to lobby DHS and the State Department to use 10 fingerprints instead of two.

Would that help? It sounds as though it should but, as Tony Mansfield will tell you, increasing the number of fingers sampled will not lead to an exponential improvement in reliability. Your fingers are not independent events, there are correlations, and if the minutiae on your index fingers are poorly defined they are likely to be poorly defined on your other fingers, too.

Some researchers note that it is hardly worth printing ring fingers and little fingers. NIST found that right index fingers are inexplicably "better" than left index fingers (para.3.1.1).

Moving from two prints to 10 may not help much after all.

NIST provides no support for IPS and the idea that the methodology used in their May 2004 report is a reliable way of forecasting the outcome in the field is thoroughly discredited.*

* Messrs Mansfield and Rejman-Greene note in their report that there are exceptional problems with flat print fingerprinting (Appendix B, p.34). It is obviously hard to enrol people onto the population register if they are missing fingers and/or entire hands. It can also be hard to register older people, they say, manual labourers, East Asians and – that other unimportant minority group – women.

IPS have never explained what alternative arrangements will be made for these cases and the NIST report doesn't consider them. We remain in the dark, therefore, but IPS can't stay silent on the issue forever and when they do propose their alternative arrangements, the question will arise why we can't all use those alternatives and forget about biometrics altogether.

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.