Personal Identification - Biometrics: The New ID Recognition Technology That Could Relegate PIN-based Security To History.

Fingers, hands, eyes, voice, even personal mannerisms can be used to verify your identity. It's very personal, which is probably why biometrics is being received with mixed feelings world-wide - but it just might be a blessing in disguise.

One might expect consumers to resist any institution's request that they offer up part of their anatomy for review, especially if this was a prerequisite to gaining access to what is rightfully theirs. Fingerprinting, for instance, carries Orwellian, if not downright, criminal connotations. Banks and others who have tested biometrics-based security on their clientele, however, say consumers overwhelmingly have a pragmatic response to the technology. Anything that saves the information-overloaded citizen from having to remember another password or personal identification number comes as a welcome respite. Adding a statistical footing to this anecdotal evidence, a nation-wide survey by Columbia University reported that 83% of people approve of the use of finger imaging, and don't feel it treats people as criminals.

There are, of course, cultural nuances to which institutions must be sensitive. As Ben Miller, publisher of the Personal Identification Newsletter and biometrics consultant, puts it, "I think the Feds love it, they think its cool, whereas if you tried to impose biometrics in a creative workplace, like Apple Computer, they might see it as Big Brother." Another surprise is that the United States is a late adopter of biometrics - a term which describes automated methods of establishing someone's identity from their unique physiological or behavioural characteristic(s).

Biometrics Comes To Washington By David Franke
Please, don't even whisper the words "Big Brother" in their presence. It gives these gentle folk heart-burn. They're the officers of the International Biometrics Industry Association (IBIA), a spanking-new Washington, D.C.-based trade association. They held a press conference to let you know they exist, and to assure you they've got your best interests -- your convenience, your privacy - at heart. Biometrics are all those new technologies that make sure you are who you say you are, by scanning the iris of your eye (no poking allowed), reading your palm (I see an FBI checkpoint in your future), or listening to your voice (now tell it to the judge). If you watch "The X-Files," you know what I'm talking about.

As the new kids on the technology block, they don't want to end up like the nuclear power industry. Let's face it, you meet a nuclear plant technician today and all your eye sees is Homer Simpson. These IBIA guys want some respect. That's why their first public campaign is a PR blitz announcing their "IBIA Privacy Principles." It reads like the Boy Scout oath, and it's vague enough and has enough loopholes so even Bill Clinton could sign off on it.

Example - IBIA Privacy Principle No. 3: "In the public sector, IBIA believes that clear legal standards should be developed to carefully define and limit the conditions under which agencies of national security and law enforcement may acquire, access, store, and use biometrics data."

Bill Clinton: "But until those legal standards are developed, I'm going to make sure that Janet Reno knows more about you than your Mom."

You can see the problem these IBIA guys face. Their technologies may be every bit as wonderful as they say they are, but those technologies are not being bought by saints in a monastery, but by government agencies and big businessmen. We live in an era when the head of the government is a congenital liar, and his business friends tell us not to worry that the Red Chinese now have the missile technology to destroy us - they got a good deal, after all, and what's good for Promiscuous Missile Technology, Inc., is good for America.

Their Side of the Story ...
OK, I've had my fun, and these IBIA guys are used to smart-aleck journalists like me who resort to scare headlines (oops!) or irreverently poke fun at them (double oops!). But they do have some serious points to make, and we should consider their arguments, always keeping in mind the obvious self-interest involved. If history teaches us anything (a doubtful premise, I admit), it's the difficulty - really, the impossibility - of keeping new technology bottled up in a Mason jar under the kitchen sink. Sooner or later, we have to face up to the nitty-gritty problems posed by the new technology, and that's when the heavy negotiations start.

To begin with, the IBIA sees biometrics technologies as less invasive of your privacy than what we've got now - and a lot more convenient and safe. The core of your "identity" today is probably your driver's license, your Social Security number, and your credit cards and credit records. Your Social Security number is probably implanted in your memory by now, but the license and cards are in your billfold or purse. They go where you go, and if you want to participate in the joys of modern life you have to present them a number of times every day. Moreover, they're rather easily stolen by someone who doesn't have your best interests at heart. If you think you have any privacy left today, with all those numbers in circulation, hire a private eye to get the dirt on someone you really hate.

The overwhelming majority of biometrics applications, on the other hand, are site specific - they don't follow you around. You look into the iris scanner, or put your hand palm-down on the machine, or speak your name, and if you are who you say you are, you're allowed to get through the security checkpoint, or to access your financial records, or to enter the members-only site on the Internet.

Since every iris, every palm, every voice is unique, you've drastically reduced the chance of someone stealing your identity. No more pin numbers, no more passwords and user words to remember - a big convenience.

Most importantly, the biometrics device and technique you're utilising is limited to storing just enough digitised data on you to prove your identity so you can do what you want to do - whether it's performing your job, checking your bank records, or accessing your favourite adults-only electronic site. The biometrics device cannot take a picture of you, it cannot "network" by sharing information about you with other people in other locations, and the device cannot be reconstructed, decrypted, or reverse engineered to do any of those things.

"Used this way," says IBIA, "biometrics can be thought of as a very secure key, but one that cannot be passed on to someone else. Unless this biometrics gate is unlocked by the proper bearer, no one can gain access to that person's information. Compared to other methods of establishing who you are - producing a driver's license, showing a birth certificate, or revealing one's family history - biometrics are the only tools that can enhance personal privacy and still deliver effective solutions in situations that require confirmation of identity."

"We also see our role as working with the privacy organisations," IBIA executive director Richard E. Norton told me. "This doesn't have to be confrontational." The first person listed on the trade group's "Independent Advisory Committee" is Simon Davies, director of Privacy International and visiting fellow at the London School of Economics. He's described as a "leading advocate of privacy in biometrics."

So far, so good - at least according to the gospel as presented by IBIA (and I will be the first to admit that, at this point in time, my knowledge of biometrics is limited to what I've seen on "The X-Files"). So What's the Problem? Remember that the types of biometrics uses I've presented above represent the "overwhelming majority" of applications expected in the future. But not all. Combine the site-specific technology with a database, and it can be an entirely different ball game.

"What happens if one of your members breaks your rules?" the IBIA officers were asked at their press conference. "These things are exceedingly difficult to enforce," admitted IBIA Vice Chairman John E. Siedlarz, who also is president and CEO of IriScan, Inc. "Once our technology is in the hands of other parties, there's no way we can control them."
"And remember," he added, "we're a very young trade group. We haven't set up an oversight committee yet."

William W. Wilson, chairman of IBIA and managing director of Recognition Systems, Inc., added his bit: "When somebody wants to join us, we will require them to look at our principles and agree to them." That should keep the scoundrels out.

Joseph J. Atick, IBIA's secretary as well as president and CEO of Visionics Corporation, responded to my suspicion that some people in government might not play by the Boy Scout rules presented by IBIA: "Biometrics technology by itself - apart from databases - doesn't give you a means of invading someone's privacy. And existing law prevents the government from building databases of law-abiding citizens." Well, that certainly took care of my concerns. The government flouts our motherboard - the U.S. Constitution - every day of the year, but it wouldn't dare violate that law. And certainly not with watchdogs Bill Clinton and Janet Reno at the helm!

In an odd sort of way, the most comforting thing about the IBIA is how very typical it is of business trade associations generically. Get too close to a trade group's spokesman and he'll have his right hand resting over his heart as he recites the Pledge to Free Enterprise - and his left hand in your pocket.

Thus on page 4 of IBIA's "Prospectus for Charter Members" we have this paean to free trade: "Members are committed to the principles of free trade and open competition in the world-wide biometrics marketplace."

Then, on the very next page, we read: "IBIA will undertake to persuade governments to expand tax incentives, grants, and subsidies routinely available to other high-tech industries ... "

They're not after your privacy - just your tax dollars! Whew, what a relief.

New Low-Cost Biometrics Fingerprint Readers Funded By Government. Privacy Loss Feared.* By Julie Foster

Scenes of doors opening with voiceprint-coded locks, high-tech security systems accessed by a retinal scan and computers positively identifying their users by a thumbprint are no longer limited to the silver screen or the super rich. Developers of a new biometrics fingerprint reader hope to make those scenes a reality in the everyday lives of people around the world. And the government helped fund the project.

The DSR 300 reader was revealed to the public at the Comdex fall technology show in Las Vegas Nov. 16. Motorola and Identicator Technology joined forces in the development of what is believed to be the smallest and lightest optical reader, as well as the world's least expensive.

With a suggested resale price of under $20 in 10,000 unit quantities, a price nearly $80 cheaper per unit than previously released low-cost readers, the technology will soon see aggressive pricing pressure making the readers even more affordable and increasing their demand, according to Grant Evans, vice president and general manager for Identicator, the information technology division of Identix Corp.

"As early adopters, [information technology] markets are employing the ultimate in security - positive user authentication - to spearhead what is likely to be the next omnipresent technology," said Roger Janikowski, business development manager of Digital Imaging at Motorola. "The DFR 300 uses Motorola's DigitalDNA technology to redefine the face of simple functions, such as unlocking your car, logging on to your computer, making transactions on-line or operating your cell phone."

Suzanne Matick, spokesperson for Identicator, told WorldNetDaily that the break-though reader has already been shipped to buyers who will begin marketing the device for notebook computers. Simply put, users will now be able to insert the reader into a universal port in their laptops which can be programmed to allow only certain biometrically verified users to operate the computer. Such a device will protect both hardware and software, according to Matick, since stolen computers will be rendered useless.

Commercial availability of such technology has boomed, according to Matick, increasing the number and variety of players in the biometrics field. Prior to the last few years, the primary buyer of biometrics technology has been government entities - a fact that is unsettling for critics of the science.

Scott McDonald maintains a web site dedicated to informing the public about the risks associated with biometrics technology. He worries about hackers stealing fingerprints, and therefore user identity. As McDonald explains, a fingerprint is not like a personal identification number which, once stolen, can be deactivated and replaced with a new number. Fingerprints are unique and cannot be replaced. Although Identicator's new security system, which uses encrypted fingerprint "minutiae" rather than an actual fingerprint, makes it virtually impossible for hackers to duplicate users' identities, the company's general manager admits that some will try. "We know of some groups who have called to test our software - they're hackers," said Evans.

Best known as the father who sued the government because his twin sons were denied their driver licenses as a result of having no social security numbers, McDonald foresees government inserting itself into the world of e-commerce as the third party authenticator of patron identification.

Third party identity verification for Internet and email transactions already exists through "pretty good privacy" programs that generate a certificate of authenticity from a third server in order to guarantee sender identity. McDonald believes a similar program will be used by the federal government beginning with all e-commerce transactions, using biometrics as the primary method of identifying users. He may be right. It is well known in technology circles that the government has been developing a pubic key infrastructure - a database containing identity-verifying biometrics of Americans.

McDonald claims that though "Americans bill themselves as the land of the free and the home of the brave," continued government involvement with biometrics "will destroy that freedom."

"The fear is the level of absolute control," he continued.

However, not everyone agrees with McDonald's prediction. Evans said the government is "absolutely" creating the database, but believes the odds of officials using it in conjunction with e-commerce is "zero," leaving people to wonder what a government database containing biometrics information on its citizens will be used for.

Julie Malone of the Free Congress Foundation, a Washington-based conservative think tank, believes "this is just one of a number of examples of how our privacy is being eroded."
She noted that Data Image, an information technology company in New Hampshire, was funded by the Secret Service "to basically set up a tax fraud data base that would allow [the government] to determine your identity when you make a purchase." As soon as the project was uncovered by a media outlet, the project slowed down because "people started paying attention," according to Malone who questions government motives for using the technology.

"What exactly do they plan to do with this?" she asks. "Are they going to track us?"
Evans shrugs off such notions and believes only those who break the law should fear the government monitoring their actions.

"I don't believe it," he said. "Besides, I don't care if the government has my fingerprint. They already have it. I'm not committing crimes, so I've got nothing to worry about. What are they going to do with it?"

"People may think the government will know everything about you. If those people think government already doesn't know everything about you, they're naïve. A fingerprint doesn't matter," he continued.

"[The government] helped us develop our product and funded it. It's so benefiting for them," added Evans, who sees a future where citizens will be forced to submit themselves to biometrics technology as it is integrated into society.

"The market has accepted this technology. The consumer is going to get it because infrastructure is going to tell them that it's better," said Evans. "It's like water - you don't want to pay for it, but the infrastructure says that's the way it is."

Identicator, whose largest customer has been the U.S. government, stands to make huge profits as a result of a biometrically-dependent society. In fact, all of the top ten personal computer manufacturers including Dell, Compaq, Hewlett Packard, IBM, Sony and NEC will ship biometrics features by June of 2000, according to Evans. The information technology executive believes digital cell phones, which allow wireless email and Internet access, will be the next big market for the now-affordable technology - cell phone providers lose 18 percent of their billing to fraud each year - followed by on-line banking.

As the Internet explosion continues, so does the race to secure on-line transactions. But many question the ramifications of "total security solutions." "It comes down to the question of how much privacy you are willing to give up to fight crime," said Malone. "Americans need to take a stand and just simply refuse to co-operate. They need to say this is too personal for me to just hand over."

* © 1999


"Until those legal standards are developed, I'm going to make sure that Janet Reno knows
more about you than your Mom."

Bill Clinton: "They're not after your privacy, just your tax dollars!

Scott McDonald: "The fear is the level of absolute control"

Free Freebooter Newsletter

  • Click your mouse inside the input box, to set the cursor.
  • Enter your email address and click on the button labeled Subscribe.
  • We will not share your email address with anybody, period.

security banner