Facial recognition depends on the measurement of distances and angles between features. iStock
Iris scanning records the unique patterns of colors and shapes in the colored portion of each eye surrounding the pupil. iStock
FEATURED IN TECHNOLOGY AND COMMUNICATIONS
Editor's Note: This is an expanded version of the article that appeared in the September 2008 issue of Law Officer.
Consider someone you know reasonably well. When you sense they are around, how do you know? You might hear their voice, see their face, recognize their gait, or even perceive an odor unique to them. You don't need them to produce an identification document to verify they are the same person in your memory. You are absolutely certain this is the person you associate with their name, reputation, shared memories, and so on.
The characteristics by which you recognize people in this way are a form of biometrics--the recognition or identification of someone using persistent information unique to them, and embedded with them. That same system of biometrics allows non-human devices to identify or verify the identity of people, using characteristics that are difficult or impossible to alter.
Identification of people either by other people or by a machine happens via pattern recognition. The peculiar arrangement of a person's nose, mouth, eyes, ears and skin color and texture allow us to recognize someone's face, but there's more to it than that. If we did that by recognition of the facial pattern alone, it would be possible for someone to fool us just by wearing a well-constructed mask. At the same time we see the face, we're also taking in their height, their body composition, the way they move, and other things that cause you to think, "That guy looks a lot like Joe Smith, but I know it's not him." One of the skills that law enforcement officers develop is to pick out those unique characteristics and isolate them. A bad guy known to a cop might be able to change his facial appearance, lose or gain weight, and alter his voice, but the cop will recognize him through a mannerism or tic the crook didn't even know he had. Poker players call the same sort of thing a "tell," something that another player does when they're either bluffing or they have a strong hand.
Teaching a machine to use biometrics is much more difficult, because people have always been better at pattern recognition than machines. Machines are good at performing repetitive processes--like comparing an image or pattern to multiple stored records in a database--rapidly and without fatigue. But, in order to establish that database, the patterns have to be translated into a form the machine can catalog and recognize. That usually means converting the distances and angles between fixed points contained within the pattern to a geometric statement or number.
Physical and knowledge tokens
If a biometric characteristic is the only information offered to identify someone, the identification process is going to be relatively slow and frustrating for all concerned. For instance, a clear latent print taken from a crime scene can be used to identify a suspect if you have the suspect's prints on file, and in a database you can readily access. Just having prints "on file" isn't enough. My fingerprints have been recorded many times by various public employers I've worked for and applied to, but since I've never been arrested, it's unlikely that they're contained in any AFIS database. Running one of my latent prints through an automated system would most likely produce no matches. But if you sent that same latent to the FBI records center in Clarksburg, WV and asked them to compare it to one of my tenprint cards on file there, they would confirm the identity of the owner.
In that example, the tenprint card is the enrolled record of my fingerprints. In most cases, we would also use a a physical token--a second record containing information that is associated with the biometric information in the latent. More common examples of physical tokens are drivers licenses, passports (with and without RFID tags) and car keys. When a physical token is presented and then compared to biometric information associated with that token, the matching process is very fast. The system has to compare the data in the biometric to only a single record.
We also use knowledge tokens such as passwords, PINs or information only the rightful owner of the record is likely to know ("What was the name of your first pet?"). These don't work so well when used with biometric data, as the information in the knowledge token may not be unique. If a system has more than one user whose first dog was named "Rover," the biometric information has to be compared with that many records. This is why most password-protected access systems use both a name and a password--in essence, two knowledge tokens.
Physical tokens can be lost, stolen, or destroyed, and knowledge tokens can be forgotten. Only the biometric information is carried with you always, barring some catastrophe like the severing of a finger.
The most common characteristics used as standards in biometric systems include signatures, hand geometry, fingerprints, iris patterns, and faces. There are others less-widely used, such as voices and keystroke dynamics.
The appearance of a signature is by far the most common method of biometric identification, although you may have never thought of it as such. A consistent signature is difficult to duplicate without practice, and even then, a questioned documents examiner can usually determine from the order of pen strokes and pressures whether a signature was made by its owner or a pretender.
Most of us have used signature capture screens at retail outlets, where instead of signing your name to a paper charge slip, you sign it on a screen and it is reproduced (in low-res form) on your receipt. These devices record the image of the signature, and nothing more. More sophisticated devices record the order of strokes, pen pressure, speed, and other aspects of writing a signature that are almost impossible for another person to duplicate consistently.
Hand geometry is one of the more common biometrics used with automated systems, and usually in conjunction with a physical token. If you have been a guest at Disney World over the last eight years or so, you have probably been asked to insert the first three fingers of your right hand into a scanner after you have inserted your pass (the physical token) into a slot in the same machine. The structure of one's hand, affected by physical size, musculature, differences in finger length, sprains and fractures that cause minor disfigurement and other influences is peculiar to each person, though not unique among all humankind. With the Disney system, the geometry of the first three fingers is recorded the first time the pass is used. This process is called enrollment, whether it's hand geometry or any other standard being recorded. After that, the system needs only to compare the sample "presented to the scanner to the record associated with that pass. The process is nearly instantaneous. Hand geometry will change over time because of dramatic weight gain or loss, injuries, aging and so on, but those changes aren't likely to take place over the duration of a vacation at Disney.
When fingerprints are used as a biometric, it is rare that the entire fingerprint is encoded to the record. Several states require that at least one digit be scanned to obtain a drivers license, and information associated with this scan is encoded into a 2-D bar code or magstripe on the license itself. Neither the mag stripe nor the bar code can contain all of the data needed to reproduce a high-resolution image of the fingerprint. Instead, a few minutiae of the print are captured and recorded. This information is insufficient to positively identify the licensee from all others in the motor vehicle records, but it will match that license information to the record with a high degree of confidence.
As with any other security technology, there is something of an "arms race" between the people creating the security systems and the ones trying to defeat them. Many fingerprint scanners can be fooled with a so-called "gummy finger." The basic process to create a gummy finger is to make a mold of the friction ridges making up the enrolled fingerprint using room-temperature vulcanizing (RTV) silicone glue, available at any hardware store. When the mold is pressed onto the print scanner, the scanner "sees" the ridge pattern and matches the record. More sophisticated (and costly) scanners also sense characteristics present only in living flesh, such as circulation and electrical conductivity, and will reject a gummy finger sample. But the fingerprint sensors in most common use, such as those on laptop computers, can't distinguish between a real and a silicone fingerprint.
Simple facial recognition (which is still pretty complicated) is even easier to defeat. Facial recognition works when the system's camera picks a face out of an image, then locates landmarks such as the eyes, nose, mouth, chin, and the outline of the face. The distance and angles between these features are converted to a number which is compared to those in the enrolled database.
Some of the facial recognition systems can be fooled by just holding up a full-face photo of the enrolled face in front of the camera. More sophisticated systems require that the face be enrolled with several image captures taken from different angles, and/or that the enrollee alter their expression by smiling, frowning, opening their mouth, etc. When the user attempts to have the system recognize him, instructions may appear on a display, telling the user to look to the left, right, or smile.
Although some facial details can be altered or disguised with the use of wigs, facial hair, makeup, etc., some characteristics won't change. For instance, a person's eyes are always going to be the same distance apart, no matter what disguise they use. The system can be less discriminating when the recognition threshold is set lower, but that also increases the risk of false positives and mismatches. Facial recognition is sometimes used in conjunction with surveillance cameras, where each face seen by the camera is scanned and compared to a database of persons of interest. When a possible match is made, a system operator sees the scanned image alongside the enrolled photo of the person of interest. The system operator can then decide whether the match is close enough to investigate further, or a false positive to be discarded. This system was used to scan the faces of people attending the 2001 and 2002 Super Bowls, where a database of known terrorists was used as the "persons of interest" file. A public protest followed the 2001 episode, as the use of the system wasn't revealed until after the Super Bowl and people were outraged at what they perceived as an invasion of privacy. The 9/11 attacks took place before the next Super Bowl, and there was considerably less of an outcry.
Iris and retinal scans
The retina is the light-sensing organ on the back wall of the eyeball. Through it run many capillary vessels that form a pattern unique to each eye. Retinal scanning involves recording this pattern, then comparing a user's eye to the enrolled database. This is a highly secure biometric method, as the retina can't even be visualized without the aid of medical-grade instruments. The problem with this is that users find it unsettling to place their eyes a fraction of an inch from the scanner and then focus on a target while the retina is imaged.
Iris scanning is believed to be just as secure as retinal scanning, and is less intrusive. Most people will characterize their eyes as being a uniform color, such as blue or brown, but closer examination of the iris (the colored portion of the eye surrounding the dark pupil) reveals it to be made up of many colors and shapes. An iris scanner can identify and visualize the iris from as far as ten inches away, and uses infrared light. Infrared is outside the range of normal vision, so the user is less aware of the scanning process. The infrared light reveals details invisible in normal light, such as the patterns appearing in darker eye colors. Iridian Technologies holds the patent on iris scanning, and maintains that its KnoWho Authentication Server can find a scanned iris in a database of one million records within a few seconds. That kind of speed means that no other token may be necessary to uniquely identify an individual from the pattern of their iris alone.
Voice recognition and keystroke dynamics are also valid biometrics, but probably the least common. A voice speaking the same word or phrase can be compared against an enrolled record, but an exact match can be hampered by background noise, different microphones and room acoustics, or a head cold. A properly enrolled user may not be able to get access (a false negative) or an intruder who is a good enough mimic may be able to break in (a false positive).
Keystroke dynamics measures and records the rhythm, speed and spacing of a user typing a word or phrase into a standard keyboard. Many different phrases can be enrolled, with the security system picking one at random with each attempt at access. It would take someone lots of practice to duplicate the dynamics of another person, and it would be nearly impossible for them to them to duplicate the dynamics of multiple phrases. Still, typing speed and accuracy can be thrown off by posture, different keyboards, or whether we've had our coffee yet.
The REAL ID initiative, which (among other things) required that all states implement a biometric component into their drivers license data, fell on its face earlier this year. There were a number of objections from various states to the federally-mandated plan, the most common of which was that implementation was too costly. REAL ID required that drivers license files be nationally standardized, and that alone would be a major undertaking. As any cop who has run an out-of-state license knows, the information maintained by one state may bear little resemblance to that in another. Even if the states could agree on a standard data format, most would have to re-enroll their licensees at some point to get whatever information was missing, and most would have to get that biometric record by whatever characteristic they agreed on. Some states renew the licenses of low-risk drivers by mail, sending them a separate card that extends their license's expiration date, and requiring all of them to come to a motor vehicle bureau's office would be time-consuming and expensive.
But the greater obstacle to the REAL ID initiative is the fear that we are moving toward the establishment of a national identity card. Those who oppose any stiffening of the identity requirements to obtain a drivers license paint a picture of citizens being required to carry their identity documents with them at all times, and for Officer Friendly changing his opening line from "Good afternoon, sir," to "Papers! Where are your papers?" with a vaguely German accent.
There are also those who object to the establishment of a biometric identifier linked with their drivers license information on religious grounds. Most of these stem from a biblical passage at Revelations 13, verses 16-17:
Also he compels all alike, both small and great, both the rich and the poor, both free and slave, to be marked with an inscription on their right hands or on their foreheads,
So that no one will have power to buy or sell unless he bears the stamp of the name of the beast or the number of his name.
In this interpretation, the biometric characteristic is the "inscription" or "stamp," and the drivers license number "the number of his name." Because one's drivers license is the de facto standard identification document, someone who was unable to obtain one might in fact have trouble maintaining the "power to buy or sell."
From a pure crime prevention and law enforcement perspective, a biometric that could be compared quickly against an identification database such as a drivers license index would be fantastic. Identity theft would be much more difficult to pull off. "I forgot my license" would not be nearly as effective at evading a driving-while-suspended ticket as it is now. Deadbeat daddies and other miscreants looking to stay below the radar would have a harder time not being noticed. And the inroads this could make towards apprehending illegal aliens and the people that unlawfully employ them would require a separate article.
In my apparently dull life, I don't especially care if the states where I used to live know where I am living now. My fear that someone will successfully impersonate me to commit fraud is greater than the dread that someone will find me. I don't have any baby mommies trying to track me down, and no arrest warrants that I know about. A biometric associated with my most commonly used form of identification would do no more than prove unequivocally that the person described on my drivers license is me, and not someone else. And when I hear the protests that implementing biometrics will pave the way for greater government intrusions into personal privacy, the cop in me wonders what those people are afraid someone else is going to find.