Biometrics: Eyes, ears, face or voice?

Trials of a biometric ID card for the UK have propelled biometrics beyond the realm of pure sci-fi but, asks Andy McCue, what are the viable biometric technologies out in the market and what value do they hold for both the public and private sector in the future?

Plans for a national ID card in the UK that will use either iris or fingerprint scans for verification have once again brought biometric technologies into the spotlight and authorities worldwide looking increasingly at biometric data as an extra security measure to tackle crime and terrorism. But is a Minority Report style biometric future of billboards that scan your eyes and deliver personalised advertising and robot spiders that use biometric scans to catch criminals just science fiction or are those advances being made today?

Certainly the analysts seem to think that a biometric boom is in the not too distant future. According to figures from IDC, European sales of biometric technologies will grow from $1bn in 2003 to $3bn in 2006, with fingerprint scanning, voice recognition and facial scanning the three dominant form factors.

It’s also the private sector and not just the governments looking at implementing biometrics. Nationwide is widely acknowledged as something of a pioneer in the field having trialled a cash machine at its Swindon headquarters that scanned the iris instead of using a PIN number, although it said the cost of rolling out such a system across the country is not yet commercially viable. British Airways is also looking at iris scanning and its future potential for automatic check-in and boarding.

But what biometric technologies are currently out in the market? Aside from the obvious ones of fingerprint, iris and facial biometrics there’s some surprises.

There’s voice recognition, which Lloyds TSB adopted for some of its telephone services. But Alwin Gruenwald, marketing manager at NEC, which is working on biometric trials for the UK's ID card, said that while voice is very user-friendly, it can also change over the years and is easy to manipulate, limiting its use to low-security applications.

David Porter, head of security and risk at security consultancy Detica, said more unusual ones in the marketplace today are vein prints from the veins on the back of the wrist, bones in the finger, facial thermograms and the bones in the inner ear.

“If you ping a sound it will reverberate around and the inner ear is unique. It could be used for things like telephone banking.”

An NEC white paper on biometrics maintains these methods are still in the realms of fantasy though. “None of these methods are considered to be reliable options at the present time,” it says. Yet the mainstream biometrics also still have challenges ahead. Iris scans still have very high costs; fingerprint readings can be easily affected by dirt on the fingertips, worn skin, or very thin skin, while facial recognition is also still costly.

Martin Gates, marketing director at facial recognition firm OmniPerception, admitted that, as with any new technology, the cost is always high to begin with. But he said current facial biometric projects the company is working on are producing just a one per cent error rate and that mass identification will be possible using the face in the future.

“The real holy grail for biometrics is identification and identification at a distance, for things like covert surveillance. On a small scale with a database of known people we have that working with high reliability with a range of 300 to 10,000 faces.”

He said the firm is working with a number of CCTV players and camera companies to improve this.

Biometric implementations like that on a national scale if they ever happen are likely to throw up all sorts of privacy and data protection issues, and Detica’s Porter sees this as the main battle that biometric technology has to win. “Biometric technology is here now. It is just the social acceptance.”

It is something that the biometrics firms acknowledge. NEC says: “One essential prerequisite for the widespread social acceptance of biometric methods is a clear definition of how these personal data will be utilised. This is not an issue relating to the ‘functional’ acceptance of biometrics as a technology, but relating to its controllability.”

Porter also believes that the wider use of biometrics, such as with a national ID card, will open up opportunities for the commercial sector.

“The cost will come down. If you had one card with your biometrics and used it for absolutely everything that would bring the cost down,” he said. “But do you want government and commercial applications residing on the same card?”

And trials are underway – one such project due to start in the New Year is a pilot scheme involving several European internet banks using facial recognition to verify home users from their PCs. Customers will have a facial biometric on a smart card which will be read by a reader on their computer, which then checks their face using a web cam.

The trials are being run by Omni Perception, and despite the seemingly clunky nature of such a procedure, Gates says that because there is no physical contact for the scan users don’t feel threatened by it. “Face has the ability to be as fast and convenient as the iris or finger,” he said.

But biometrics as a strategic IT tool are still some way off because of the cost, integration issues and standards, according to John Madelin, business development director at RSA Security.

"There is a lot of buzz about biometrics but this seems to originate from the sci-fi implications and vivid images conjured up by the fusion of biological with technological, rather than from the practical business benefit and enhanced authentication implications," he said. "I believe we will continue to see selected physical access pilots, the most visible being border control and passport related, but that commercial access projects as well as the all important logical access will defer to other simpler methods for the foreseeable future."

For the UK government then it is full steam ahead for biometrics to be introduced into passports and driving licences, before becoming a defacto ID card within a decade. For businesses the Minority Report example is still very much for the big screen and the road is not quite so clear. One final piece of advice from NEC’s Gruenwald is that any biometric technology used should be appropriate for its intended purpose. “It depends on what you want to secure,” he says.