December 6, 2012 -
Biometric technologies use physical characteristics, such as voice tone or hand shape, to identify people automatically. Behaviors, such as handwriting style, can also be used by computers in this way. The term “identify” is used here quite loosely. There is actually nothing in your voice, hand shape or any biometric measure to tell the computer your name, age or citizenship. External documents (passport, birth certificate, naturalization papers) or your good word establishing these facts must be supplied at the time you initially present yourself to the biometric system for “enrollment”. At this initial session, your biometric characteristic, such as an eye scan, is recorded and linked to this externally-supplied personal information. At future sessions, the computer links you to the previously supplied information using the same physical characteristic. Even if the biometric system works perfectly, the personal data in the computer, such as your voting eligibility, is only as reliable as the original “source” documentation supplied. Once the computer knows your claimed identity, it can usually recognize you whenever you present the required biometric characteristic. No biometric identification system, however, works perfectly.
Problems are generally caused by changes in the physical characteristic. Even fingerprints change as cuts, cracks and dryness in the skin come and go. It is far more likely that the computer will not recognize your enrollment characteristic than link you to the characteristic of someone else, but both types of errors do occur.
Identification: Positive and Negative
Biometric systems are of two types: “verification” and “identification”. Some professionals prefer the to use the descriptions “positive identification” and “negative identification” to emphasize the opposite nature of two approaches. A positive identification system requires you to identify yourself when submitting a biometric measure. Your submitted measure is then checked against the measure given when you enrolled in the system to affirm that they match. Biometric measures are always “fuzzy” to some extent, changing over time and circumstance of collection.
If the submitted and stored biometric measures are “close enough”, it is assumed that you are indeed the person enrolled under the identity you claimed. If the presented and enrolled characteristics are not “close enough”, you will generally be allowed to try again. If multiple attempts are allowed, the number of users “falsely rejected” can be under one percent, although there are always some people chronically unable to use any system who must be given alternate means of identification. The possibility that an impostor will be judged “close enough”, even given multiple attempts, is usually less than one in ten. The threat of being caught in 9 out of 10 attempts is enough to deter most impostors, particularly if penalties for fraud are involved.
Positive identification using biometrics can be made totally voluntary. People not wishing to use the system can instead supply the source documents to human examiners each time they access the system.
In “negative identification” applications, found in driver licensing and social service eligibility systems where multiple enrollments are illegal, a user claims not to be previously enrolled. In fact, a negative identification biometric system does not require any identity claim by the users. If a user offers an identity, it is only for the purpose of linking to outside records to establish proof of age or citizenship.
The biometric measures themselves cannot establish name, age, or citizenship and therefore do not prevent their misrepresentation during enrollment. These systems do, however, prevent a person from enrolling more than once under any identity. Apart from the “honor” system, where each person’s word is accepted, there are no alternatives to biometrics for negative identification.
During enrollment, the system must compare the presented characteristic to all characteristics in the database to verify that no match exists. Because of the ongoing changes in everyone’s body, errors can occur in the direction of failing to recognize an existing enrollment, perhaps at a rate of a few percent. But again, only the most determined fraudster, unconcerned about penalties, would take on a system weighted against him/her with these odds. False matches of a submitted biometric measure to one connected to another person in the database are extremely rare and can always be resolved by the people operating the system.
Negative identification applications cannot be made voluntary. Each person wishing to establish an identity in the system must present the required biometric measure. If this were not so, fraudsters could establish multiple enrollments simply by declining to use the biometric system. On the other hand, negative identification can be accomplished perfectly well without linkage to any external information, such as name or age. This information is not directly necessary to prove you are not already known to the system, although it may be helpful if identification errors occur.