It’s a dreary March morning in Massachusetts, and I’m sitting in my car in an anonymous office park an hour outside of Boston trying to understand what just happened. I’m here because I wanted to get a better grasp on biometric identification, specifically what it’s like for a person like you or me, who hasn’t committed a crime but, at some point in the near future, will use some part of our bodies to confirm a credit card purchase or enter a foreign country. I’m trying to square what just took place inside with what I had secretly hoped would happen.
Biometric identification has a faint whiff of the future about it, though what that future looks like depends entirely on your perspective. It could be a dystopian world, often seen in movies, novels, and comic books where Big Brother haunts our heroes, monitoring them through iris scans or facial recognition. Or it could be a sleek and polished future, where speaking an authorization code grants you control of a vehicle or glancing at a camera opens a locked door with a hushed hiss.
But what I had just experienced was neither. Inside at Aware, Inc., a Bedford, Mass., company that makes software for biometric systems, Sarah Fischer, a programmer, had walked me through the process of scanning my fingerprints. She had me place my right fingers on the scanner, then my left, then both thumbs. The software would let her know if my prints were successfully captured.
I failed at first, if you can fail at such a thing. Press harder, Sarah had said. That seemed to do the trick, but my second attempt still took longer than it should have—38 seconds to scan all ten fingerprints. According to guidelines issued by the federal government, the process should take 20 seconds or less.
Despite the hiccup, my first experience with biometrics was neither flashy nor frightening. In fact, it was kind of boring (no offense to Sarah), which is actually kind of exciting—biometrics are sufficiently advanced to be almost unremarkable. Just in time, too. Soon, our smartphones and tablets will employ some form of biometric identification to keep our personal data private. Before long, physical driver’s licenses will be obsolete and credit card purchases won’t require signatures, just a wave of our hands over a sensor. And it won’t take dozens of seconds like my fingerprinting, but one or two.
As I pull out of Aware’s nondescript parking lot, I’m starting to believe what all those scientists and researchers have been telling me these past few weeks. Biometrics are the future of identification, and the future is almost here.
A Need to ID
Since the earliest days of human history, we’ve needed to verify who the people around us are. In more recent times, as the human population has surged into the billions, that need has only intensified. Are you part of the tribe or are you an outsider? According to research by Robin Dunbar, an anthropologist at Oxford University, the average person can only recognize about 1,500 faces. That’s a pretty astonishing number, but it pales in comparison to the numbers of people we come into contact with over a month or even a day.
Today, our identities are verified almost exclusively by one of two methods—things that you carry with you and things you remember. Driver’s licenses and passports are examples of the former, passwords and PINs the latter. But physical identification is easy to fake, and passwords are easily cracked by hackers, who then have nearly unfettered access to our credit cards, bank accounts, and personal data. Something needs to change.
Biometrics could be that change. They are a fundamental shift in the way we are identified. Unlike traditional identification which you must either remember or carry with you, biometrics are you. Fingerprints, voice analysis, iris patterns, vein matching, gait analysis, and so on. Such traits are unique to an individual and often, though not always, incredibly difficult to fake.
Some concepts behind biometrics are old, dating back to the late 1800s. Sir William Herschel, a British magistrate in India, looked into fingerprints as a unique identifier for individuals, and later Sir Francis Galton, Charles Darwin’s cousin, developed a method for classifying fingerprints. The technology was quickly applied to criminal investigations, and to this day, suspects around the world are fingerprinted after their arrest.
For more than 100 years, that was about the extent of it. It wasn’t until the 1990s that computers and scanners had become sufficiently advanced to support true biometric identification. But even then, their use was limited primarily to law enforcement.
Then 9/11 happened. Suddenly, the U.S. government became acutely aware that it didn’t know exactly who was passing in and out of the country. “After 9/11, the U.S. Congress decided we must have some way of securing our borders,” says Anil Jain, a computer scientist at the University of Michigan. The terrorist attack, he says, was a “major watershed.”
The use of biometrics has spread rapidly. “In the past 12 years since 9/11, the amount of biometrics collected in the United States has increased exponentially,” says Jennifer Lynch, an attorney with the Electronic Frontier Foundation.
That’s in part because the U.S. government has poured money into research, development, and acquisition of biometric identification systems. The Department of Homeland Security has spent over $133 million on biometrics since 2003, and the Defense Department is predicted to spend $3.5 billion on the technology between 2007–2015. The FBI has rapidly expanded its fingerprint database and is currently developing a more sophisticated system that will add iris scans, palm scans, and facial recognition to the mix. The U.S. Department of Homeland Security has its own system called US-VISIT, for which non-U.S. passport holders are required to submit all 10 fingerprints and a digital photograph before leaving for the U.S. When they enter the country, their biometrics are collected again and compared against a database of many possible matches to verify their identity.
The U.S. military, too, uses biometrics extensively. Its first widespread applications were in Iraq and Afghanistan. In an attempt to weed out insurgents from the general public, the U.S. military has collected fingerprints, iris scans, and facial images from millions of Iraqis and Afghans.
Other countries are rolling out biometric identification systems for their own citizens. India’s is the largest to date. Introduced in 2010, it has over 200 million people currently enrolled. Unlike many other biometric databases, which are aimed at finding criminals, India’s system will eventually encompass everyone in the country. India’s millions of poor often lack official identification, complicating the allocation of aid and other social services. Biometrics will serve as a form of national ID that can’t be lost or misplaced.
Keeping Your Prints Private
But just because they can’t be lost or misplaced doesn’t mean they can’t be misused. Privacy concerns loom large with biometrics. A biometric by itself isn’t threatening, though they are easily linked to other, potentially sensitive information, and that’s when people grow uneasy.
Some of the anxiety stems from the fact that biometrics are a part of who we are—they’re not an internet username that can be easily discarded or created anew. Biometrics will likely persist in government and private databases, accreting information whether we like it or not.
“I think the biggest problem with biometric collection is that once the government has your biometric, it becomes incredibly useful for a whole host of purposes, and the government tends not to want to delete it,” Lynch says. Until recently, the only people who were fingerprinted were criminals or those who had to undergo background checks. But with biometrics, more people are likely to be caught in the net, and the consequences could be wide-ranging. “We’ve seen that with some of the data sharing programs in the federal government right now,” Lynch says. “A biometric collected for an immigration purpose could then be used for a criminal purpose.”
The debate over the extent and uses of government databases has intensified since the public became aware of the surveillance program PRISM, run by the National Security Agency, known as the NSA. According to news reports citing leaked confidential information, the NSA created PRISM to monitor the electronic communications and digital breadcrumbs of foreigners suspected of being terrorists. It siphons data about phone calls, search histories, email messages, and more from private servers run by technology companies, including Google, Facebook, and others. The volume is so great that innocent U.S. citizens are likely caught in the broad net.
While biometrics haven’t been mentioned as being stored in the PRISM database, there’s a good chance a biometric of yours is stored in at least one of those companies’ databases—Facebook. “Facebook has the largest facial recognition database in the entire world,” Lynch says. Whenever someone uploads a photo to Facebook, the company’s algorithms scan the image for faces and sifts through their own records to suggest a name. It sounds innocuous enough, but there’s no guarantee they won’t be used for another purpose in the future.
“When you’re dealing with a private company, where your interaction with that company is governed by a term of use, the company could change it at any time,” Lynch says. Savvides shares those concerns, too. It seems increasingly unlikely that people will be able to control who or what has access to their personal information, including biometrics. “I don’t think that it’s easy to exist in today’s society without using these services,” Lynch says. “We all make phone calls, we all send emails, most of us use Facebook, a lot of us use Apple products. I think it’s a false choice to say that we have any kind of choice over sharing our data with third parties.”
That doesn’t sit well with Senator Al Franken. “I think that people have a fundamental right to privacy,” he tells me. “We have the right to tell people exactly where we are and what we’re doing or to remain anonymous in a crowd. I’m concerned with the potential uses of facial recognition technology because this technology makes it exceedingly easy to infringe that right.”
“This technology is already in wide deployment by commercial entities like Facebook and state governments, and federal law enforcement,” Franken says. “I’m worried that we’re rolling this technology out without adequately considering its consequences or putting the right protections in place.”
Franken has been the most vocal elected official pushing for regulation of biometrics, but unfortunately his efforts have stalled. “Last summer, Senator Franken was looking into facial recognition limitations, and we haven’t seen anything with that,” Lynch says. The problem, she says, is a familiar one: “Congress is inherently gridlocked.”
While current regulations lag behind technology, researchers are feverishly working to address people’s concerns—namely, what happens if a database holding your biometrics gets hacked? You can reset a password, but you can’t replace your fingertips or eyeballs. To work around this problem, computer scientists have been exploring two promising ways to link individuals with their fingerprints, iris scans, and other features without exposing the original biometric to hackers, even if the system is compromised.
One approach is to store biometric data in what’s called a hash. Hashes are widely used in computing as a way of encoding data that masks information about the original. They are commonly used to store passwords in databases. Each hashed password is unique, and changing just one character in a password produces a hash that’s completely different. Depending on the hashing function, decoding a hash can be extremely time consuming. You can cryptographically hash any digital file, including images of fingerprints and other biometrics. Hashes are relatively secure because they are computed using one-way functions, which means they are computationally easy in one direction (encrypting) but hard in the other (decrypting).
Since we already hash passwords, it seems logical that we’d also hash biometrics. Unfortunately, it’s not as straightforward. That’s because passwords can be reliably entered the same way every time, but no two biometric scans are identical, says Shantanu Rane, a research scientist at the Mitsubishi Electric Research Laboratories in Cambridge, Mass. Hashing the resulting images would produce wildly different results, making matching impossible without inverting the hash, which would take an unreasonably long time. To sidestep this problem, researchers first extract features that can be reliably reproduced most of the time but don’t reveal the underlying biometric. For fingerprints, these would include collections of points such as ridge ends or bifurcations. These features are encoded and then stored in a database. The original images are never stored in the system. If the system is hacked, these encodings are thrown out and new ones are issued.
There is still a chance that hackers could eventually reverse the stored encodings, though. At that point, they would have access to the original biometrics, which would compromise both security and privacy. A better way would be to encrypt a biometric prior to storage and never decrypt it. But if you never decrypt the original, how do you compare it to a submitted biometric? The answer, Rane says, is to perform all computations required for the comparison in the encrypted domain. That way, even if a hacker is snooping on the system, they’ll never see unencrypted data. Everything on the computer is encrypted. The downside is that while theoretically possible, such computations are incredibly complex today. “There is a lot of research happening today on computation in the encrypted domain,” Rane says. He predicts that we might see such computers in the near future.
Encoding and computing in the encrypted domain could go a long way to securing databases. But there are other uses for biometrics that wouldn’t put any personal information at risk. In fact, it’s possible that the broadest use of biometrics—completing purchases—won’t require that they be stored on centralized databases.
Known as verification, the technique simply compares a submitted biometric with a reference copy stored on a device like a credit card, which is carried by its owner, Jain says. To use it, you would insert your card into a reader and then present your biometric. The reader would compare your submitted biometric with the record on the card. If the two match, the transaction would be approved. It’s just like the signature on the back of your credit card, but less easily faked. Plus, Jain points out, “There is no centralized place where your fingerprint is stored.”
The Real World
Already, we’re seeing glimpses of what this biometric future will look like. Electronic payment company Square recently released a feature where you can pay simply by carrying your phone in your pocket or purse. When you walk in a shop, Square’s software will bring up your photo on the store’s register. If you want to buy something, a clerk can complete the transaction by verifying that the image on screen is, in fact, you. It’s a similar process to that used at border crossings in many countries, where citizens or visitors wave their electronic passports over a sensor and immigration officials verify that the information stored on the passport matches the individual in front of them.
With these systems, Savvides says, “the human is doing the biometric matching.” They aren’t fully automated, which means they fall short of what researchers like Savvides consider true biometric systems. But they’re “starting to bridge the gap,” he says. It’s easy to imagine replacing the human in these situations with a camera and a computer. “Wouldn’t it just be so much faster and increase throughput to have an automated system that does that?” he asks.
That may happen someday soon, but we’re not quite there yet. A few of weeks ago, I had my first real-life experience with biometrics. I had just gotten off a 14.5 hour flight from New York to Tokyo when I stepped up to an immigration officer, who instructed me to look into the camera and place my fingers on the scanner. Bleary-eyed, I stared into a pinhole above the monitor and then rested my fingertips on a green-glowing plate. I waited for an affirmative that didn’t come. The officer mumbled something I couldn’t hear.
“I’m sorry?” I asked him.