KISS helps winnow biometric technologies
the flesh and blood individual with an electronic projection of that individual in a national registry, a credential, or on the Internet. This is called authentication — “Are you who you say you are?”
The four main biometrics in use today are:
- Face — most likely captured by a device, but with difficulty the face can be rendered manually with a pencil and paper. Visual inspection and matching is possible even for an untrained individual.
- Fingerprints — are easily and cheaply collected. They can be collected manually or electronically and matching methods have been developed to a degree of confidence both visually and electronically. A high proportion of the global population have fingerprints that can be scanned.
- Iris — scan collection is more costly but there is no reason to believe that scanners will not drop in price through quantity manufacturing. Matching can also be achieved to varying degrees of success. It is likely, however, that there will always be the need for some powered device to scan and match.
- DNA — collection is by far the most accurate and is very easy to collect. Matching DNA, however, is still a lengthy process and will probably always require some processing power.
So should we take a breather and standardize?
Other biometrics such as voice recognition, vein recognition, etc. are not yet considered as mainstream in this article and generally fail most, if not all, of the KISS tests. There are nine KISS (“Keep It Seriously Simple”) factors that may drive the success of any biometric standard:
- Ease of collection
- Cost of collection
- Ease of matching
- Speed of matching (Real-time)
- Accuracy of matching
- Ease of falsification
- Population coverage/inclusion
- Ease of storage
- Power out/off usage
A comparison when traveling between Amsterdam Schiphol Airport and London Heathrow Airport can illustrate this KISS test. In Amsterdam, the “Previum” system has operational for many years. This is an iris-authenticated trusted traveler service. For about $200 per year, one can enroll in a scheme which stores a signed copy of your iris on a smartcard. Special gates, express security clearance, and multiple perks (such as the incredible private Privium executive lounge together with dedicated passport control) provide a great experience with minimal queuing even at peak times, and an authentication delay of less than five seconds. It is a one-to-one match (that is, it checks your iris to that signed copy on your smartcard) and rarely returns false negatives. Privacy laws prohibit the iris records being stored centrally (I do not propose to discuss privacy issues here).
In comparison, at the other end of the short flight to London Heathrow, the IRIS scheme still requires previous enrollment but because there is a central database, it does not require a smartcard. It can often take well over one minute to search and compare your iris across the entire database in search of a match and very often cannot return any match at all. There are almost always long queues (even when the machines have not broken down) and the general level of user and staff satisfaction is very low. It often takes far longer to use IRIS than to go through a manual passport inspection. The one-to-many search used provides many false negatives and sometimes just gives up after a time. The match tolerance (how close is the match to announce a positive) is more critical time-wise in this database search than with one-to-one matching used by Privium. Recently I suspect it has been “de-tuned” to improve throughput and performance. The result is that the IRIS scheme is faltering and one U.S. scheme has recently closed down completely, but Privium is going from strength to strength.
Which of the biometrics, then, will last the test of time?
- Fingerprints pass the KISS tests. They are hard to forge, and as such will predominate in the short to medium term as the primary form of identification.
- Face Recognition, although passing most of the KISS tests, is easily fooled when not using very sophisticated analytics.
- Iris Scans do not pass the KISS tests so while they have value, they may be restricted mainly to fixed, public sector applications.
- DNA biometrics do not pass the KISS tests yet are really very easy to collect and are very accurate.
For these reasons fingerprints still appear to have the edge and are consequently being embedded in the standards driven out of U.S. Federal and international initiatives. Standardization drives down prices and increases choice of vendors, but it reduces the variety of metrics and the languages by which they are described.
Which brings us back to GATTACA: if the movie is accurate in its predictions that DNA will eventually be able to pass KISS, then I expect fingerprint biometrics only to continue as the de facto standard until that Hollywood image becomes reality.
Jon Shamah is Principal Consultant at EJ Consultants Ltd.
