Democrats: BELIEVE in biometric Social Security cards
03 May, 2010
category: Biometrics, Government, Library
There are varying reports on whether immigration reform will be discussed in Congress in 2010, but if it is addressed one aspect that will likely be included is a biometric Social Security card for employment verification. Dubbed Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment, or BELIEVE, the card would be required to verify permanent residence when starting a new job.
The Democrat-sponsored proposal would have the Social Security Administration issuing biometric cards 18 months after the law is passed. “These cards will be fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer,” states the conceptual proposal for immigration reform.
The biometric information would be stored in template form on the card and not in any databases. When verifying employment eligibility the card would be inserted into a reader, the cardholder would present the biometric for matching against the template stored on the card and it would either match or not match. The proposal doesn’t specify which biometric technology would be used with the system.
The card would replace Homeland Security’s E-Verify system, which is used to verify employment eligibility now, says Walter Hamilton, chairman of the board at the International Biometric Industry Association. With the E-Verify system a prospective employee presents a Social Security number and the system tells the employer if it’s valid. It doesn’t actually check to make sure the number is associated with that individual. A biometric Social Security card would change that, linking the individual to the card.
The federal government would be required to use the system as the sole employment verification system within three years after enactment and federal contractors will be required to use the system within four years after the date of enactment. Within five years, the card would serve as the sole acceptable document to be produced by an employee to an employer for employment verification purposes.
The card would only be used to verify employment status and to verify Social Security benefits and would not be able to be used for any other purpose.
Prior to issuing a new card, the Social Security Administration would be required to verify the individual’s identity and employment eligibility by asking for various breeder documents. SSA would also be required to engage in background screening verification techniques to confirm identities.
While the system will match the biometric on the card to the individual locally, information will still be sent to the federal government for confirmation. The system will respond to each inquiry to confirm that the card is genuine. The proposal says digital certificates would also be stored on the card to prevent counterfeiting.
In order to pay for implementation of the BELIEVE System, funding will be obtained in whole or in part by collecting various fees and fines, however, the proposal states that U.S. citizens would not be charged for the card.
Analysis: What biometric will be on the card?
The proposal for a biometric Social Security card provides some specifics on how the new credential would work, but there is no indication as to the biometric modality to be used.
Fingerprint seems the obvious choice. It has a track record of being used in government identification schemes and is the oldest biometric technology. It’s also cheaper than many other biometric technologies.
“There are a number of commercially available low-cost fingerprint sensor devices that can attach to a standard Windows PC through a USB interface,” says Walter Hamilton, chairman of the board at the International Biometric Industry Association. “There has been extensive independent testing of fingerprint sensor hardware and fingerprint template generation and matching algorithms. So fingerprint is clearly the most mature of the biometric modalities that might be considered.”
But fingerprints have a negative stigma from long-term use by law enforcement to identify criminals. The proposal is already being called a national ID card, which is not a popular idea in the U.S., and using fingerprints could make it more difficult to gain public acceptance.
Iris would be next on the list and has gained in popularity. The modality has been touted as being just as accurate as fingerprints, but without the negative stigma. It doesn’t require a user to touch anything but instead just look at a camera, Hamilton says.
The downside of iris is its cost, with cameras being much more expensive than fingerprint scanners. Additionally it can be difficult to enroll some individuals, Hamilton says. “It can be a challenge for some individuals to submit a good quality iris image because of occlusion, motion, pose or illumination issues,” he says.
One issue for iris is the lack of standards around the storage of the iris template. “There is an international standard for storing compact iris images (rather than templates),” Hamilton says. “According to NIST, standard iris image records with sizes around 3 KB can be produced that are suitable for one-to-one authentication applications. Given that today’s smart cards can hold 128K or more of memory, the larger data record size associated with compact iris images–compared with 1K for fingerprint templates–should not be a significant issue.”
The other option is vein pattern recognition, which has been popular with ATMs in Japan, Hamilton says. “The vein pattern can be measured at the finger, back of hand or palm area depending on the vendor and the design of the sensor device,” he says. “Vein pattern recognition is considered to be more privacy enhancing than fingerprint or iris since the vein pattern cannot be observed in ordinary light. In addition, there is no artifact left on surfaces–as is the case with latent fingerprints–which could be copied. So it would be virtually impossible for someone to make a fake finger to spoof a vein pattern reader device.”
Vein pattern is also considered a hygienic biometric since it doesn’t requires direct contact with a surface, Hamilton says. Initial testing has also shown the technology as accurate as iris and fingerprint with the cost of reader being slightly more expensive than fingerprint readers.
Standards, however, are also an issue with vein pattern. There are efforts underway but data size may be an issue if standardized vein pattern images were used for storage on the smart card instead of the proprietary vein pattern templates that are available now.