Biometric Myths: Six Of The Best
by Russ Davis - CEO of ISL Biometrics - Tuesday, 13 July 2004.
It is probably the hottest sector in the security field today. Yet the biometrics industry, which produces human-based identification systems, is weighed down with claims and counterclaims, fallacies and myths. While some of the myths are no doubt based on an element of historical or scientific truth, some are now so out of date or inaccurate that they are almost laughable.

Myth number one - The first myth that needs to be dispelled is that biometrics is a modern-day idea. Despite its high-tech glitzy image, the principles behind the technology can actually be traced right back to Egyptian times, when workers building the great pyramids were not only identified by their name, but also their physical size, face shape, complexion and other noticeable features, such as scars.

It may have taken the next four-and-a-half thousand years to really get going, but the technology is now experiencing a “hockey stick” adoption curve with governments, hospitals, schools, airports, retail outlets and modern offices all successfully using this remarkably straightforward empowering technology.

Technology truths

The problem with such a rapidly emerging industry is that many people are elevated to the position of “expert”, almost overnight. This can be a particularly dangerous situation – especially when the expert used to be the company salesman or marketing executive.

This scenario has led to some of the industry’s best technological fallacies, which can either be put down to pure ignorance, or worse, the stirring up of malicious rumors in order to gain competitive advantage.

Take for instance myth number two – iris recognition devices use lasers to scan your eyes. This damaging rumor is completely without substance, although the confusion is understandable given that the first company to produce such a system called itself IrisScan (now renamed as Iridian Technologies).

In fact an iris recognition camera takes a black and white picture from up to 24 inches away and uses non-invasive, near-infrared illumination (similar to a TV remote control) that is barely visible and very safe.

Myth number three – stolen body parts – is also a classic, and has been seized upon by many a Hollywood director, who are not known for letting the true facts cloud a good storyline.

With most biometric devices there is an element of liveness detection, which can measure many variables, from a finger pulse to a pupil response. This would normally be enough to prevent the system from working once the body part had been removed. However, other factors quickly come into play. For example, an extracted (or enucleated) eyeball quickly begins to decompose, with the cornea clouding over and obscuring the iris. A severed finger also dies rapidly – typically becoming useless after around 10 minutes.

New myths

Fingerprint technology also gives us myth number four. This relates to the inability of the technology to enrol or verify the identity of children, or women of Asian descent. This myth is relatively new, because until a few years ago it was a reasonable criticism of the technology, given the challenge of acquiring small fingers with “faint” fingerprints.

However, recent advances in imaging have led to far greater resolutions being achieved by fingerprint sensors, so boosting a biometric system’s ability to extract the pertinent information required to create a biometric template of that person.

Children, in particular, seem to hold no fear of the technology, believing it to be “cool”. It may be surprising to learn that at least 1,300 primary schools in the UK are using fingerprint technology to replace old-fashioned password-based systems in their libraries. The interesting spin off benefit here is that so many children want to use the technology that the number of books taken out increases dramatically.

Police protection


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th