[Jane Adams]One of the issues we discussed during the second day of the Digital Identity Forum was revocation in biometrics. There was some confusion about whether a biometric identifier could be revoked – after all, you are hardly going to hand over a finger if a fingerprint scan is compromised. What can be revoked though is the template and a single fingerprint can generate a high number of different templates.

However how much use that is is debatable – if the fingerprint or fingerprint image has been compromised then revoking the template and replacing it with another won’t help. And ultimately a person only has a limited number of fingers – potentially revocation could lead to someone being excluded from the system entirely, annoying if it’s a pay by touch system, somewhat more than annoying if it’s a government program.

Attendee views on biometrics were mixed. Maxine Most of Acuity in her presentation demolished a number of what she said were myths about biometrics – that it’s still a technology in development, that consumers are resistant, that they fix identity and limit choice, that public policy is adequate protection for user and that biometrics are private and personal rather than public and personal.

Andrew Whitcombe of Consult Hyperion, in the panel discussion, warned that consumer attitudes to biometrics would change radically as soon as something went wrong – no-one will take kindly to being landed with liability for fraud because their fingerprint had been stolen. For that reason, he felt that biometrics were not a great solution for commercial applications and were better kept for government schemes.

The chances are that things will go wrong too. While the public perception of the reliability of biometrics is influenced by Hollywood movies like Minority Report where the technology works fast and perfectly, many have an accuracy rating of less than 85%. Nearly one in five transactions fail. Only iris recognition makes it into the 90s% and even with that 3% or more of transactions fail.

Perhaps I’m naive (and I don’t watch Tom Cruise movies) but as someone who has watched the biometrics industry from the outside for around 10 years now (I even have a dim recollection of signature verification working with a GEC smart card back in the late 80s), I cannot see how that is adequate. Things don’t seem to have improved much over the years either. And compare 15% failure with 10 -135 failure, as quoted with regards to the document verification scanning system.

Is it even better than nothing? What do you think?

2 comments

  1. I definitely think it is better than nothing, especially iris recognition. If people REALLY want something secure, and not just a gimmick that makes them feel secure, then iris recognition is the way to go. It is not true that iris recognition is only 90% secure, ALL the commercial iris recognition systems have NEVER EVER reported a false match (i.e. identifying me as you). The only error rates are false rejects(i.e. not allowing genuine access to a person), but that too is eliminated in multiple attempts (<3).
    You can get more detailed information about iris recognition from the horse's mouth:
    http://www.cl.cam.ac.uk/~jgd1000/

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: