As institutions seek to enhance their identification programs, many benchmarks are set. Typically they include a digitized photo ID integrated with their meal plan, security, banking and stored value. Ultimately many institutions seek ways to get more from their card program and turn toward the latest technologies. There is something relativelty new on the horizon, not necessarily a replacement for existing technologies but at least initially a compliment to them. Welcome biometrics!
The FBI has been taking and storing fingerprints since the 1920’s. The science of biometric ID has come a long way from using hand writing analysis and fingerprints (often referred to as “finger imaging”) and now includes voice, hand geometry, retina, vein, facial recognition, and DNA matching. As in many applications, the proliferation of these technologies has been in direct correlation to the advancement of technology, and also to the public’s willingness to accept them. The events of last September have had far greater impact on both the development and the acceptance of biometrics. Since then the public debate has centered more on the balance of privacy and security rather than a wholesale rejection of the concept of biometrics.
Biometric identification is the latest of three conventional forms of identification in use today. The first and oldest historically is ‘something you have’, such as a key or an identification card. The second form is ‘something you know’, such as a PIN or password. And the third is ‘something you are,’ such as the unique pattern in your fingerprint, hand geometry, retina and vein pattern, or something you do such as your voice or handwriting style. The first two can be compromised with relative ease, but when a physical token such as a card is combined with a biometric form of identification the result is extremely difficult to defeat.
In January 2000, The MIT Technology Review named biometrics as one of the “top ten emerging technologies that will change the world.”
An appropriate question is, “what makes this relevant to my card program?” Biometric ID may serve many purposes in the ID card environment, although one stands out above the rest: the replacement of a PIN in certain instances and the near elimination of fraudulent use of the ID card. Each biometric technology employs different methods though the concepts are relatively consistent. Here we will highlight one such method involving finger imaging.
Finger imaging is one of the most accuratebiometric technologies available, and is the most broadly used in both a manual and digital manner. In the digital environment a copy of the person’s fingerprint is pixilized, and then software extracts points of interest called minutia. Minutia in this instance is defined as the central core of the finger image and the points where individual ridges branch apart or end. These points are referred to as bifurcation (see Figure 1). An algorithm is then used to analyze this data and convert it to a digital representation, or template, which can be stored in a computer, or in a chip on an ID card.
Examples of this and other biometric technologies can be found in a wide variety of secure applications and facilities. Airport and airline personnel are screened as a means of pre-employment verification. Access control to secure facilities in public, private, and higher education venues, and even major sporting events are being guarded with biometrics-based security. The 2001 SuperBowl in Tampa, Florida saw the use of facial recognition biometrics to screen the crowd for known criminals and terrorists.
Do I hear Big Brother knocking?
Some would argue that this isn’t just Big Brother knocking, but more like kicking the door in. Conversely, law enforcement and service providers including state and federal governments as well as financial institutions argue that the cost of fraud outweighs this particular infringement on personal privacy. To date they have been proven correct. The legality of the use of biometric identification has been at the center of the debate concerning the technology’s propriety, but claims of abuse have so far proven unfounded. In fact, one recent survey suggests that the public is willing to sacrifice some privacy to combat terrorism and abuse of government and financial services.
In a poll conducted by Harris Interactive in late September 2001, 4 out of 5 Americans surveyed stated that they would be willing to have their fingerprints scanned, using biometric fingerprint authentication technology, for increased airport security. This trade-off of convenience and sense of security versus loss of privacy is not a new concept, a variety of marketers have long leveraged purchasing and consumption patterns for targeted marketing. The most common example is the use of marketing databases by credit card companies.
And while the events of September 11 have cast a far different light on this sensitive debate, balance in the formation of policyis even more crucial. “Citizens should be concerned about the information that the government collects and archives,” said panelist Robert Freeman, executive director of the Committee on Open Government in the New York Department of State, speaking at a meeting sponsored by the Institute of Electrical and Electronics Engineers (IEEE) in October 2001.
“Everybody has a different personal line of demarcation between what they consider to be offensive, as opposed to innocuous,” he said. “Government and citizens must balance protection and privacy when deciding how easy it should be for the world at large to access information.”
As ID card program managers contemplate “next-steps” to implementing technology, biometric identification may seem like a distant concept. However, the ever increasing speed with which these technologies are developed and accepted coupled with the convergence of interests from both government and private sectors ensures that the many programs will have to address these concepts in the not-to-distant future.
Further, those that are in a position of responsibility for identification technology on campus should be aware of the maturation of biometric technologies and the issues pertaining to their potential use. As always, a well-thought-out plan of migration and future uses of technology will pay tremendous dividends.
As for privacy concerns, biometric ID adds yet another dimension to an already immense responsibility that trustees of sensitive information bear. Undoubtedly the stakes will be raised, and it will continue to be the charge of each responsible party to educate the users as to the benefits of such technology and to continue to earn their trust.