When: 1962–63
Where: Laboratories and research institutes around the world
Why: The use of exact body matching offers an unrivalled level of security for businesses of all sizes
How: Driven by the needs of law enforcement agencies, researchers have worked on a range of methods to identify and authenticate individuals through unique characteristics
Who: Various
Fact: Biometrics is widely used in security and has potential for internet and mobile commerce
Identification and authentication lie at the bedrock of the modern economy. When you log on to a computer network or slide your debit card into a cash point the software begins by asking two crucial questions. Who are you? And are you really who you say you are? Biometrics – the science of identifying individuals through unique characteristics – provides an automated means to answer those questions.
The most common tools to establish and authenticate identity – notably passwords, PINs and swipe cards – are all highly fallible. Passwords are routinely shared or written down on Post-it notes for all to see, while PIN numbers and swipe cards can be stolen easily. For much of the 20th century, a passport or driving licence was required when you wished to pay for goods without cash; the former option was extremely inconvenient and left the carrier vulnerable to theft, while the latter was impossible for those who didn’t drive.
Biometric technology, in theory, provides a much more accurate way to identify and authenticate. All biometric technologies are based on the single principle that we can establish the identity of individuals by means of measuring designated physical (or even behavioural) characteristics and checking those measurements against a database. It’s certainly not a new concept. The invention of fingerprinting in the 1890s was one of the first modern examples of systematic biometric identification. In more recent times, the science of biometrics has blossomed.
Today there are systems designed to recognise people by fingerprints, patterns in the iris, blood vessels in the retina, facial characteristics, voice characteristics and DNA. The technology has become increasingly widely used since the 1960s; the catalyst has been the rapid increase in computer processing power and storage capacity that we’ve seen over the last four decades. This computational power means that technology such as facial recognition and iris scans has become a reality.
The invention of fingerprinting in the 1890s was one of the first modern examples of systematic biometric identification.
The earliest examples of biometric technology were driven by the demands of law enforcement. In the 1800s, French anthropologist Alphonse Bertillon developed a system of body measurement that was used by police forces to identify suspects. The system fell out of favour when it became apparent that these measurements were by no means unique to each individual. Enter Scotland Yard’s Richard Edward Henry, who came up with the much more effective system of fingerprinting. For the next 30 or 40 years, fingerprinting was pretty much the only game in town, but then, in 1936, ophthalmic technician Frank Burch proposed the use of iris patterns as an alternative means to establish and authenticate identity.
Fast-forward to the 1960s, and the search for biometric solutions was intensifying. In 1962, Woodrow W. Bledsoe developed a semi-automatic face-recognition system for the US government. A year later, Hughes Research Laboratories published a paper on fingerprint automation, an idea that the FBI was championing by the end of the decade.
The years that followed saw the introduction of a range of new technologies, with landmarks including the award of US patents for iris, speech and handprint recognition systems in the 1980s. By the following decade, biometric technology had emerged from the laboratory and was beginning to make an impact in the real world. In one of the most high-profile examples, a hand geometry system was introduced to control access to the Olympic Village in Munich in 1996. Another sporting-event application was at the Tampa Super Bowl 2001, police used a face-recognition system to identify criminals trying to enter the stadium.
In 2003, the US government-backed National Science and Technology Council established a sub-committee to plan and coordinate research and development and collaboration at national and international levels. The European Union also established a biometrics forum, with the aim of making the continent a world leader.
And it was soon clear that biometrics would impact on all our lives. For instance, in Britain, the compulsory identity cards planned by the Labour government were to contain a biometric chip to prevent identity theft. In 2005, the Home Office embarked on a roadshow that set out to explain why the use of biometrics was a good thing. The reasons included identity protection, fraud reduction and border security.
Meanwhile, the US government said that it would require biometric information on the passports of foreign visitors seeking to use the visa-waiver system when entering the USA. The result was that all passports subsequently issued in Britain contained a simple biometric chip. And while the national identity scheme was abandoned, millions of Britons become part of the biometric revolution every time they pick up their passports and head for the airport.
As biometric technology becomes cheaper, it seems that the market is set to go from strength to strength. In fact a report from Research and Markets forecast that the biometric industry would grow at a rate of 22% per year until 2014. Biometrics firms are particularly buoyant in Japan; a 2008 report claimed that the industry was worth around $60m, with some technologies growing by up to 200%.
The rapid development of biometric technology has affected business in a number ways. First and foremost, the growing interest of governments in the science is providing a huge amount of funding for universities and small private companies – such as Digital Signal Corporation, a 3D face-recognition company based in the USA, which completed a $15m investment round in 2011.
Much of the demand for biometrics has thus far come from governments, specifically their security and law enforcement arms – for example, it is reported that the USA’s Pentagon has set aside $3.5bn for biometric technology between 2007 and 2016.
But the potential of biometric systems goes far beyond the security and law enforcement concerns of governments. Seamless and accurate authentication and identification has many useful applications for private sector businesses.
With USB fingerprint scanners now available for as little as £50, just about anyone can protect the data on their PC through this once-expensive technology.
As in the public sector, security is a key driver. For most of us the username/password system is the key that both allows us into computer networks and defines the information that we are permitted to view. But passwords are only as secure as the people using them choose to be. Research by Microsoft suggests that the average British worker has to retain around 20 password and username configurations for personal and business use, so it’s hardly surprising that a significant number of us write the details down and often leave them in full public view. A much simpler solution is a switch to biometric systems such as fingerprint recognition. It’s easier for the individual – not so much to remember – and far more secure for the organisation.
Biometrics is particularly attractive to businesses operating in sectors where the data is critical and sensitive. Examples include banking giant HSBC, which is now rolling out a facial recognition system to identify staff and contractors in its data centres. In Japan, 60,000 ATMs have been fitted with vein biometric technology – which uses the veins in a person’s body to verify their identity.
Biometric protection is not just for large organisations. With USB fingerprint scanners now available for as little as £50, just about anyone can protect the data on their PC through this once-expensive technology. Meanwhile, in the mobile sphere, facial recognition apps are available as an alternative to passwords.
The applications for biometrics extend beyond security. Indeed, we’re already seeing examples of biometric systems underpinning e-commerce. The Parent Pay system is a case in point. Used by schools in the UK, Parent Pay allows parents to create accounts for their children which can be loaded with money by debit or credit card. Once the account is loaded, children can pay for items such as school meals by placing their fingers on fingerprint readers.
Once the identity of the pupil is established, anything that is bought during the session is debited from the live account. There are a number of advantages to the system, notably that neither the school nor the pupil has to handle money on a daily basis. If the scheme were based around keying in passwords or PINs, there would probably be a lot more resistance from pupils who could well find it easier to hand over coins. As it is, it provides a convenient way of buying food.
As the technology beds in we’re certain to see more variations on the e-commerce theme. For example, Nick Ogden, the entrepreneur who set up the Worldpay system – which allows even very small-scale retailers to take payment via credit and debit cards – has recently launched Voice Pay. Just as it says on the tin, the technology will identify individuals by means of their voice patterns, with the authentication process facilitating commerce via mobile phones.
But biometric technology isn’t perfect. Changes in hairstyle, facial hair, weight and the use of make-up can fool face recognition systems, and tests have shown that fingerprint scanners can be ‘hacked’ by fake fingers. Even the patterns on the iris can be changed by some kind of traumatic accident. As a result, mission-critical biometrics may require multi-test systems involving more than one identifier. At present that often means the combination of one biometric and one non-biometric item to reduce the risk of fraud. For instance, passports (non-biometric) now have biometric chips included.
As the technology moves towards the holy grail of 100% accuracy, we are likely to see more applications for biometrics, particularly in the area of e-commerce. For the moment, though, governments and large organisations are the most enthusiastic users.