Language of biometrics is unfamiliar to most, even as tech becomes ubiquitous

If you read Biometric Update, chances are you understand some of the ins and outs of biometrics and digital identity systems, and the lingo that comes with them. But even as more and more people use their faces or fingerprints to unlock their phones, clear customs, or otherwise verify their identity, many people still get a puzzled look in their eye when met with discussions about “biometrics.” Efforts are ongoing to understand how to narrow the gap between the widespread practical use and still-dubious perception of biometric systems.

People using biometrics don’t necessarily know they’re “biometrics”

A new paper from a German research team looks to determine whether most people understand the biometric tools that have become common in everyday life. “Do They Understand What They Are Using? Assessing Perception and Usage of Biometrics” gauges user knowledge of and comfort with biometric authentication methods, and aims to use their misconceptions as a road map to better education and design.

The team of academics from University of the Bundeswehr Munich and University of Duisburg-Essen conducted an online survey covering “participants’ general understanding of physiological and behavioral biometrics and their perceived usability and security.” Their key research questions addressed literacy; perception and usage; and usability and security. Do people know what biometrics are? What value do they see in using them? What makes systems feel usable and secure?

The results show that “while most participants were able to name examples and stated that they use biometrics in their daily lives, they still had difficulties explaining the concepts behind them.”  Only about a third of participants gave concrete usage examples of biometrics such as fingerprint, face recognition, ID cards, and signatures.

The problem is largely semantic, in that people are unfamiliar with the language used to describe biometric concepts and systems. “We found that most participants indicated being unable to define or explain biometrics,” the paper says. “However, our open-text answers revealed that many participants were able to name correct examples and have some basic understanding while in-depth knowledge was often lacking.” Some users knew of biometrics from video games. Others associated biometrics with healthcare.

Overall, the researchers “see potential for improvement through further research on users’ perception and understanding of biometrics and the design of biometric interfaces that foster their literacy of biometric methods and give them more control over them.”

As to timing, a “strong increase in the adoption of biometric methods” means the quagmire of biometrics terminology needs clearing up as soon as possible. “The time to improve user interaction with biometric systems is now.”

‘Vocabulary matters’: Schuckers argues for clear language, legislation

Stephane Schuckers, of the University of North Carolina in Charlotte, is likewise working to enlighten people on the specifics of biometrics. On a recent episode of the Identity Theft Resource Centre (ITRC)’s Fraudian Slip podcast, the first question host James Lee puts to her is, “what do we generally mean when we talk about biometrics?” Her answer is elegant, clear and precise: biometrics are “measurements from the human body that can be used to recognize or identify someone.”

Many people’s reservations about using biometrics come from misunderstandings about different use cases, says Schuckers (who is on the ITRC’s Alliance for Identity Resilience Advisory Board). “Facial verification or comparison” is not the same as “facial recognition.” One-to-one facial matching – for example, comparing a driver’s license against a selfie to make sure the faces match – does not involve searching a database. Shuckers calls it a “much more narrow use case” than those across forensics, surveillance, or other 1-n applications.

Concerns that tend to originate in fears about privacy or government overreach ignore the existence of driver’s licenses, passports and other ID documents that already require one to register face biometrics with government agencies. And airport use cases for biometrics, for instance, show that even people who object in principle to having their biometrics collected will usually allow it in practice, once factors like efficiency and convenience are considered.

In short, people use biometrics all the time. In an ITRC survey of 1100-plus people, 87 percent said they had to prove their ID in a transaction in the last twelve months, and 74 percent of the time they had to use a biometric.

Another common point of attack on biometrics is bias. But again, says Schuckers, the equity and bias piece “needs to be separated when we think about our use cases.” Bias and its potential consequences are serious concerns in a law enforcement context, in which innocent people could face arrest – but not so much in a 1-1 verification context. “When we confuse it with these forensic use cases,” Shuckers says, “it hurts the whole industry.”

Besides which, she says, concerns about bias in facial recognition have not gone unheeded. Issues around biometric bias “have been mitigated significantly.” Testing demonstrates that, these days, the best algorithms don’t show bias.

So why do people still have reservations? Why, after using their fingerprint to unlock their phone, will so many people still say biometrics should be banned? The ITRC survey showed 63 percent of respondents had “serious concerns” about providing biometrics to prove ID – even though 92 percent of the time they still completed the transaction.

ITRC CEO Eva Velasquez believes the narrative around the industry too often focuses on the negatives. “When something is fixed, when we make progress toward a goal, that doesn’t make headlines,”nshe says. “The progress doesn’t quite reach the zeitgeist.” The bias example is case-in-point: a big data breach or deepfake fraud case will make headlines, while NIST’s facial verification leaderboard is unlikely to set CNN ablaze anytime soon.

On the regulatory level, Schuckers believes it would help to have “comprehensive legislation around biometrics” that could provide a legal foundation for trust, privacy and consent, and put limits on use cases such as law enforcement and surveillance.

And both Schuckers and Velazsquez say that, across private and public entities, clearer, tighter and more up-front language is needed to rehabilitate biometrics’ reputation. They call for simple, plain language policies that explain exactly what companies intend to do with data, and the adoption of best practices in communications. The normalization of lengthy, unreadable Terms and Conditions agreements has made people jaded and suspicious of the tech industry’s intentions. Schuckers sums up the mission at hand: “honestly, just explain what’s going on when it’s happening.”

Article Topics

biometrics  |  consumer adoption  |  digital identity  |  Identity Theft Resource Center  |  Stephanie Schuckers