CSI

During my tour of Boston Logan International Airport yesterday, I talked extensively with Bill Hall, manager of access control systems at Massport about the different access control systems in place. Basically, every door that leads from a public space to a restricted area requires three pieces of personal information. All employees must scan their badges, enter a PIN code and submit their fingerprint to gain access. Plus, all doors are monitored by video surveillance. Hall and I discussed the importance of biometrics as a verification tool and he expects biometrics to be a growing security technology.

Well, apparently not everyone sees biometrics the same way. I just received a press release from the Security Industry Association challenging a recent report from the National Research Council that criticized biometrics. The NRC report, Biometric Recognition: Challenges and Opportunities, that biometric technology is “inherently fallible” and that “The scientific basis of biometrics … needs strengthening.”

Basically, SIA refuted the organization's findings and stated that NRC relied on old data. SIA acknowledged that “Every nascent technology has limitations,” but cautioned against interpreting the NRC report as a refutation of biometrics.

The SIA statement also noted the advancement of biometrics: "Open standards are available and are constantly being enhanced to further develop this technology and provide a more unified approach to verifying an individual’s identity. Biometrics provide an effective countermeasure against fraud and identity theft in applications as diverse as personal access to buildings and computers, banking security, business-to-business transactions and e-commerce.”

Like most security professionals I've spoken with, SIA stated biometric technology has a lot of potential in the industry: “Automatic biometric systems are here to stay because of their ability to tie an undisputable physical attribute to an individual.”

What do you think? Are biometrics here to stay? Take our poll here.

I can't tell you how many times I've heard folks in the security industry bemoan television shows like CSI for giving the public an unreasonable expectation of the capabilities of biometric technology. Here's a perfect example:

“CSI is our worst enemy,” said Chad Parris, senior consultant with Security Risk Management Consultants in Columbus, Ohio. “Some of the things on CSI just kill us because half of the things you see on CSI are possible and the rest of it is in the screenwriters’ imagination.”

Obviously, there are several big companies out there whose entire business focuses on biometric development (as a matter of fact L-1 Identity Solutions Inc, one of the biggest biometric makers just got bought for $1.1 billion - that's no chump change). And while biometric technology will only get better and more sophisticated with time, there remains plenty of skepticism out there that biometrics need to be cautiously deployed.

I just read this article in USA Today about a new report that "calls for caution on widespread use of biological identification."

"While there are lots of good uses for biometric recognition, there are lots of ways to create systems that waste time, cost too much and don't work very well."

The report, "Biometric Recognition: Challenges and Opportunities" released by the National Research Council, concludes all biometric recognition technologies are "inherently fallible", according to the article.

The article also points out the amount of money that federal agencies, such as the FBI and Department of Homeland Security, are spending to research and implement biometric screening technology. However, the report cautions that the government isn't doing the necessary basic research about whether the physical characteristics involved are truly reliable or how they change with aging, disease, stress or other factors.

You never see the guys on CSI worrying about silly things like that.