Biometrics are Fallible

Laura Spadanuta

01 January 2011

Print Issue: January 2011

CONTRARY TO what police procedural shows like CSI would have you believe, biometric systems are inherently fallible, according to a multiyear study recently released by the National Research Council (NRC). Due to the uncertainty surrounding variations in our personal traits (for example, the question of how characteristics change with age), the variability in biometric sensors, the use of certain features such as minutiae points on fingers, and other factors, biometric systems can never be error free.

These systems generate probabilities that a biometric being presented is the same as the one in their database, but they cannot say definitively that it is a unique match. In contrast, for a password or PIN system, the password entered is either right or wrong.

The NRC report, Biometric Recognition: Challenges and Opportunities, compares the truth of biometrics with the public perceptions of it from various popular culture representations, such as TV crime shows in which biometrics are precise and nearly foolproof. Joseph Pato, a distinguished technologist at Hewlett-Packard’s HP Labs and an editor of the report, says it’s important to mention the cultural representations of biometrics because they influence how biometrics are perceived and used.

“Biometrics are both the biological traits that are expressed physically [and] behavioral characteristics in the population that are your data subjects. So their perception of how the system works will color their interaction with the system. And this applies in a variety of ways…. It can lead them to interact with the biometric systems in a way that makes them less effective, and it could raise social objections to the deployment of biometric systems for completely innocuous purposes,” says Pato.

A problem with biometrics occurs when users have not anticipated false positives or false negatives, particularly on the large scale. In reality, every now and then, there will be a false positive, where someone with access to an area might be flagged. And when the operators see that the flagging was false, they might then assume that all flags are wrong, unless they are properly educated about the technology. That would open the danger of a true outsider getting in because agents don’t believe the flags are worth caring about.

Some in the biometrics industry have criticized the report. Tom Bush, former assistant director of the FBI’s criminal justice information services and strategic advisor to biometrics company BIO-Key International, says the researchers used old data.

“It goes back five years, and I think that it does a disservice to biometrics as a whole [because it’s not how biometrics are being used] by society or the public and private sector today. I just think those views are out of date and inaccurate,” he says.