Report finds biometrics ‘fallible’, but SIA disagrees

‘In the security world, biometrics are accepted as a viable solution for authorization and identification’
Tuesday, November 23, 2010

WASHINGTON—When the National Research Council released a report criticizing the use of biometric technology, many in the security industry took notice. The 2010 report, Biometric Recognition: Challenges and Opportunities found that “human recognition systems are inherently probabilistic and hence inherently fallible; the chance of error can be made small but not eliminated. System designers and operators should anticipate and plan for the occurrence of errors, even if errors are expected to be infrequent.”

This is not new information, said Mark Visbal, director of research and technology for Security Industry Association. “There’s nothing that’s definite in security. There are always going to be problems and loopholes with any security system you use,” he said. That’s why it’s so critical for security professionals to maintain a layered approach to securing assets. Utilizing multiple forms of credentials and identification components is critical. For example, requiring an identification card, coupled with a Personal Identification Number as well as a biometric component, helps to ensure that that individual is who they claim to be. And, the biometric component to this layered system is the only piece that often can’t be easily falsified. “You might be able to steal a card and beat the number out of someone, but biometrics are going to be hard to replicate,” he said. “The more layers, the better. Everything in security is about layers and redundancy.” 

Visbal and SIA took issue with NRC report, saying it was based on outdated data. Visbal said the usage of and reliance on biometric technology continues to grow strong. “In the security world, biometrics are accepted as a viable solution for authorization and identification,” he said. “Biometrics are a game changer, it really is, because it irrefutably ties the embedder of a biometric to that identity. Are there problems? Yes. But, will it get better? Yes, and it is on a monthly basis,” he said.

But one of the biggest challenges for biometrics involves the development and implementation of standards. “You can’t have one overarching standard because of the different kinds of biometrics and different technologies used to read those biometrics,” he said. For example, there must be different standards for fingerprint readers and vein readers, facial recognition systems and iris scanners. One of the most critical standards that must be developed relates to the way these biometric systems communicate to each other. For example, it’s critical that a credential issued by one vendor also be able to be read by a different vendor, allowing for the seamless transmission of biometric information. The better the technology gets and the more widely adopted the standards become, the better biometrics will be as an identification verification tool, Visbal said.



I'm confused by the comments regarding biometrics in a security application. The NRC report states very simply that biometrics of any sort are not 100% infallible, which is undoubtedly correct. If there's anyone out there that can guarantee 100% infallibility, I'm interested. That system does not exist; biometrics, analytics, thermal imaging, etc. all have a part to play in the security business and may well get us to 99.9%. Getting worked up over a report that states something is not perfect doesn't accomplish much.