Biometric Imaging Faces a Reality Check

Growing international attention has been brought to biometric imaging as security concerns have grown in recent years. When Advanced Imaging visited this sector for roundtable discussion soon after 9/11, the questions concerned ramping up the technology's capability in the face of that urgent sense of interest in the technology. This year, reality checking of these types of systems were implemented — and questions asked about effectiveness. It is time for a fresh discussion.

Selling — and Overselling
Advanced Imaging: Have biometric imaging systems been oversold, with too many promises made? What are the most convincing arguments for adoption now?

Jim Carlson, Lockheed Martin: Biometric imaging comes in many varieties, and exists to meet a broad set of needs. In general, with the advent of quality specifications created by organizations like the FBI and NIST, biometric imaging has matured to useful levels. As the front-end for nearly all biometric identification systems, imaging plays a critical role. Clean precise information must be gathered for these sophisticated solutions to properly function. Lockheed Martin relies on suppliers of certified biometric imaging products to deliver our integrated biometric solutions.

Peter Kalocsai, Pelco: Face recognition, for instance, had definitely been oversold in the past, but probably not today; there seems to be a lot more understanding now of what various biometrics can and cannot do. Rigorous, unbiased testing is one way to find out what a system is capable of doing. The U.S. government — more precisely, NIST — had been testing face recognition systems since 1993, voice systems since 1996, fingerprint recognition since 2000 and the first iris challenge just started in August.

This year, NIST challenged the face recognition community to show a magnitude of improvement (10 times better results) compared with the latest test results in 2002. It seems that several vendors are close to meeting that requirement. In general, it appears that biometric technologies approached a level today where it is hard to doubt their usefulness.

Bill Willis, ImageWare Systems: The ability for identity management applications to use biometrics as part of the solution has now reached a mainstream adoption point. The challenge is for everyone to realize that the correct biometric and/or biometrics must be used to solve the identity question at the transaction time. If you are a doctor and your face and hands are covered, the iris is the best solution. If you are providing background checks, then fingerprints are the obvious choice. If you are attempting to find someone's family tree — then DNA does a great job.

Mike Scholten, DRS Infrared: Biometric recognition, in general, had been oversold, particularly after the events of 9/11. In the understandable rush to improve security, a perception was generated that these technologies could somehow identify and protect us from potential threats. Although many of these myths and misperceptions have been exposed, biometric recognition is still considered the most promising means for positive identity assurance. When correctly implemented specifically, biometrics provide tremendous value when implemented as the front end of the security architecture accompanied by system threat countermeasures that are designed to defeat techniques attempted on the biometrics system or logic.

Mohamed Lazzouni, Viisage: There was a period of time, post-September 11th, when biometrics was hyped. For instance, in 2001 it was widely believed that face recognition (FR) technology could be used in a surveillance application to accurately identify an individual. Today, 3-D FR promises to be a forensic tool in a similar way that fingerprint is today. Research and development on 3-D FR promises the future ability to take a partial image from a video and construct the entire face off that partial image, allowing for accurate identification.

Successful Implementations
Advanced Imaging: In what sectors or types of implementations have implementations been particularly successful?

Jim Carlson, Lockheed Martin: Transportation and security are just two sectors in which implementations have been particularly successful. Lockheed Martin has implemented systems for customers ranging from the FBI, to the Department of Defense, to the Florida Department of Education, all of which rely on accurate biometric imaging. Our recent work for Verified ID's "Clear" traveler program demonstrates the use of biometric technology in everyday life. The key to success with biometrics on all of these programs is a clear understanding of how to properly implement biometric technologies. All implementations for our customers have been successful and demonstrate the power of the biometrics tool.

Peter Kalocsai, Pelco: After many years of disappointments at various airport installations, face recognition is finally having some success stories, both domestically and abroad. You will also find today that law enforcement agencies and correctional facilities across the country are deploying biometric applications (booking systems, mobile identification systems, "spycam" surveillance systems, etc.) with considerable success. The industry is also receiving a sizable boost from the biometric national ID and passport (e-passport, digital passport) programs of ever-increasing number of countries. And biometrics is also a prime candidate tool for fighting identity theft, which is the fastest growing crime in the U.S., claiming 10 million victims yearly.

Bill Willis, ImageWare Systems: The Mexican government has selected ImageWare to develop a multi-biometric identification system that is used to help identify missing and deceased Mexican citizens. Leveraging ImageWare's Biometric Engine, the system incorporates four biometrics — face, finger, signature and DNA — that allows for a higher accuracy rate. Also, specific demographic details can also be entered such as hair, clothing, height, dental history, etc. Access control into buildings has been particularly successful, focused on specific needs and problems with great results, using the correct identity components to solve the problem.

Mike Scholten, DRS Infrared: Biometric programs have had a successful and visible history in the sectors of forensic analysis and criminal prosecutions. They have been successfully implemented in enterprise security designs when these systems occur where robust enterprise security architectures are deployed within a well-controlled user population. In these cases, success is ensured through proper countermeasure design, architecture deployment and commonsense security management operations that employ tools like user registration, certificate and credential management, and — most importantly — system attack countermeasures.

Mohamed Lazzouni, Viisage: The real success of face recognition has been in controlled environments where customers are managing large databases of images. In U.S. departments of motor vehicles, if a citizen would like to obtain a driver's license, our nation's most widely accepted identity credential, that person must pose for a photo. The DMV conditions provide a perfect scenario for comparing images in the database to find potential matches and duplicates. Trying to find identity theft and fraud in a database would have been near impossible before given the time it would take for operators to review the millions of images. Now we are able to mine these image databases, find duplicates recorded under different names and demographics, and begin to investigate suspected identity theft and fraud. The same is true for other identity credentials and large image databases around the world, including those for passports, visas and national IDs.

Are Standards On the Horizon?
Advanced Imaging: How important are standards for biometrics, in terms of acceptance and successful implementation — and what areas still need to standardize?

Jim Carlson, Lockheed Martin: Standards are critically important for the expanding use of biometrics, and are addressed domestically and internationally. Multi-mode biometrics is where the most focus is needed today. The goal of these efforts is to ensure commonality and interoperability across systems and between programs. This goal has been achieved for some applications, as can be seen with fingerprints in the law enforcement community. Private Sector Known Traveler, for example, requires the solution to comply to a host of standards with the goal of achieving interoperability, regardless of the specific implementation or location.

Peter Kalocsai, Pelco: It is very important, but fortunately we have come a long way already. Thanks to international (ISO), national (ANSI/INCITS) and even informal organizations (BioAPI Consortium, JFC, The Biometric Consortium, OASIS), the standardization of biometric image data and its exchange is nearly completed. Another important element is ensuring software interoperability; the proliferation of biometric companies and solutions necessitates the standardization there. It also protects customers of biometric products against vendor lock-in. The BioAPI — now in its second version — was developed to address these issues. It not only distinguishes biometric service providers, but also biometric function (sensor, archive, processing, matching) providers focusing on a specific part of a biometric application.

Bill Willis, ImageWare Systems: Without question, the emergence of the current standards have been a great help and guidance to the biometric industry to ensure that uniformity and consistency, as well as interoperability are intact.

Mike Scholten, DRS Infrared: I think standards are incredibly important if biometric systems are going to deliver on their promise. The present standards for measuring biometric system performance are both misleading and inadequate. Single values of False Match Rate (FMR), False Non-Match Rate (FNMR), Equal Error Rates (EER), etc. provide no indication of system performance over time, vulnerability to compromise or protection of individual privacy. Successful implementation of a biometric recognition system must address all of these metrics.

Mohamed Lazzouni, Viisage: Standards for biometrics are extremely important for the overall success of the biometrics industry. Standards will bring order to the chaos through three standards areas: compliance, operations and technology. Compliance manifests itself in legislation, such as the REAL ID Act and HSPD 12 in the U.S. The government takes an active role in these scenarios, governing the use of biometrics in a manner that protects personal privacy and sets the foundation for standards in operations. Operational compliance comes through standards setting bodies such as ICAO and is particularly critical for successful implementations. Finally, technical compliance will be important for the end-users of biometrics, allowing these customers to incorporate several biometrics seamlessly, even when provided by multiple vendors.