Biometric Myths: Six Of The Best
by Russ Davis - CEO of ISL Biometrics - Tuesday, 13 July 2004.
Myth number five on the list relates to the belief that fingerprint information captured by a commercial fingerprint system could somehow be used in a criminal investigation. This myth stems from a misunderstanding of how a biometric system typically works in a commercial environment.

Almost none of the available commercial fingerprint-based systems store the entire image of a fingerprint. Rather they extract information from that fingerprint to create a mathematical representation or template. This template, which is often encrypted, is designed so that it cannot be reverse engineered to reconstruct the original fingerprint image, and so is useless information to the police, or indeed a hacker. (The feeding of identical template data to a fingerprint systemís matching engine by a hacker will normally fail, as this is almost a sure indication that the data has been stolen and that a replay attack is underway.)

In a non-commercial biometric system, such as the recently announced US-VISIT system, which is being installed to monitor the comings and goings of foreign nationals in the USA, the situation is different, with full fingerprint and facial images being acquired and stored. This information can and has led to the arrest of more than 500 people since January 2004.

The silver bullet?

The final myth number six is perhaps the most important. So often biometrics are touted as the silver bullet that will rid the world of evil. Again this is to over-estimate and misunderstand the abilities of biometric technology.

For instance, contrary to common belief, biometric systems are not able to confirm with any level certainty the true identity of a person. Rather, they are able to confirm whether this is the same person that initially enrolled into the system. The personís true identity is irrelevant to the biometric system. Confirming a personís true identity is far more a question of checking the validity of an individualís official identification documents, such as birth certificates or driving licenses.

Biometric technologies are also unable to perform miracles. If a government doesnít have a quality photograph of a known terrorist suspect, then the chances of stopping that person at a checkpoint using facial recognition are slim.

All that said, biometrics can play a valuable assisting role in the fight against organized crime and terrorism, but it must be part of a holistic approach, which uses many different strands of information.

From myth to reality

While there are many other myths plaguing the biometric industry, the good news is that the technology has been able to rise above them to claim its place at the security top table. The benefits of the technology have just been too attractive to let unfounded myths get in the way.

Some of todayís best biometric systems are saving organizations time and money, while helping to raise the security bar to new heights. For example, ďdoor-to-desktopĒ systems are now appearing, which merge an organizationís physical access control system at the front desk with its network of computer terminals around the building. This enables an employee to replace cumbersome tokens and passwords with their fingerprint, turning the premises into a truly smart environment.

In the past, pundits have talked about mainstream biometric adoption being years away. Today, with smart passports just around the corner, and adoption rapidly increasing in places such as hospitals, schools and airports, new estimates are being measured in months. The myth that biometrics will never become a mainstream technology is truly being smashed.

A brief history of biometrics

Biometrics go back a lot further than their futuristic image might suggest. Even the architects of the Great Pyramids in Egypt recognized the benefits of identifying their labourers using previously noted bodily characteristics.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th