Spam and cyberterrorism legislation are common topics on Capitol Hill, but another, less public debate continues in Congress, one that could affect the physical security of many institutions, and possibly the nation. That debate centers around the standardization of biometrics.
No other technology was more affected by the events of September 11 than biometrics. Biometrics is a technology that uses physical characteristics to prove identity. Because many of the September 11 terrorists used falsified identity documents, the need for more advanced credentials is obvious.
According to Prianka Chopra, Frost & Sullivan's senior industry analyst of biometrics, there have been, since September 11, three pieces of legislation that specifically mention the need for biometrics: the USA Patriot Act, the Aviation and Transportation Security Act, and the Enhanced Border Security and Visa Entry Reform Act.
According to Chopra, this has created a lot of momentum in the biometrics industry. "Now government is the focus of the industry; previously it was the private sector," she said. "Government is the one with the money and the one that feels the need for security." And it is not just a U.S. initiative.
Biometric systems have been instituted in London's Heathrow International Airport and in airports in the Netherlands. Facial recognition programs are being used in Heathrow to scan the crowds for potential terrorists and criminals. In the Netherlands, a "trusted traveler" program has been instituted; travelers provide their iris data and a background check ahead of time, then are sped through security checkpoints with an iris scan.
But while the need for biometrics to physically secure airports and more sensitive institutions is unquestioned, the actual type of biometric data that should be used is the subject of debate and, for the industry, it is a momentous debate. Almost as important as implementing more secure identity credentials is coming up with a standard that can be used across the country and, possibly, the world. "The standard would have to be internationally accepted to be fully effective," Chopra said.
The leading candidates for use as biometric credentials are facial recognition, fingerprint scanning and iris scanning. The large existing databases of fingerprints and ID card photos would seem to put facial recognition and fingerprint scanning in the lead. But iris scanning is considered a contender because of its high level of accuracy, Chopra said.
This all puts the biometrics industry at a crossroads. According to Chopra, the industry is dealing with performance issues and less than 100% accuracy, while the government is demanding real-world applicability. An account of an infamous fingerprint scanner failure was published last year, detailing the duping of the device with a gummy bear candy. So, while vendors work to improve accuracy, they also work to add liveness testing to any new technology. Other concerns about biometric technology center on the possible large scale of deployment, upgradeable technology and ways to avoid vendor monopolies.
While Chopra believes that the federal government is urgently investigating biometrics options, Bruce Heiman, executive director of Washington-based Preston Gates Ellis & Rouvelas Meeds LLP, believes that biometrics technology is still in the discussion phase. "There are no solid biometrics plans," said Heiman at the recent RSA Security Conference.
FOR MORE INFORMATION:
FEEDBACK: What would spur your company to bring in biometrics for authentication?
Send your feedback to the SearchSecurity.com news team.