Why Biometrics is not a Panacea

Why Biometrics is not a Panacea
Peter GutmannUniversity of Auckland
Introduction to Biometrics
A wide range of biometric traits can be employed
Fingerprints, the most common mechanismIrisRetinaVoiceprintHand geometryPalm prints (vein structure analysedvia IR light)
Extract features of the presented trait and match the resultagainst a stored template
Process is lossy, matches are approximate
Two Usage Modes for Biometrics
Mode 1: Access control:
Only this exact person is allowed inPrimary identifier uniquely identifies someone –Personal ID (public value) –PIN/password (private value)Biometric backs up the primary ID –1:1-match biometric check weeds out the majority of impersonators –Match only this one identified person and no-one else
Two Usage Modes for Biometrics
Mode 2: Identification
Inexact match used to find… uhh… things –Find one of 3 million people (DHS terrorist list) from a population of 6 billionReal-life analogy: “Was this the person who robbed you” vs.“Find the person who robbed you in these 25 shelves of booksof mugshots”The answer to all your terrorism problems
Biometrics and Politics
Biometrics will solve our political/liquidity^H^H^H^Hterroristproblems
Biometrics firms stock prices have tripled in a few years after 9/11US Government planned to spend $8B on biometrics in theshort term
Separate from that, the US-VISIT program alone is worth$10B over a 10-year period
US Government Accounting Office report in 2003 said the costwould most likely end up “in the tens of billions”US-VISIT was a “financially very risky endeavour”
Biometrics and Politics (ctd)
Biometrics had been trialledin a piecemeal manner inairports before 9/11
An INS spokesperson says unexpected cuts in the agency’stechnology budget are slowing rollouts
 —“Biometrics Takes Flight”, ID World
Then came 9/11, and all the budget problems magicallycleared away…

