Focus on Biometrics

How have biometrics changed over the last decade? Biometrics is now in our everyday lives and is now on most smart devices helping improving the security of technology.

The launch of the iPhone back in 2008 was a watershed moment in the history of biometrics. Up to that point, biometrics such as fingerprint and facial recognition had been somewhat unreliable, slow, and plagued by false acceptance and rejection rates. Furthermore, a significant proportion of the community felt there was an uncomfortably high probability that the capture and use of biometric data for identification purposes would lead to privacy and civil liberties breaches. Of course, these concerns were largely unfounded and based on misinformation. However, there were, up to that point, other issues hampering the effective use of biometrics, such as throughput rates and unfavourably high false acceptance and false rejection rates.

The last decade has seen significant improvement in the reliability, accuracy, performance and acceptance of biometric devices in our everyday lives. Today, there is barely an intelligent device in production that does not rely on some form of either facial or fingerprint recognition to protect against misuse and the theft of information. Furthermore, better, smarter and more powerful graphics processors incorporating next-generation neural engines capable of deep learning, combined with unprecedented access to global databases of faces through social media platforms, have enabled biometric technologies such as facial recognition to improve at unprecedented rates.

And yet, still, the adoption and rollout of biometrics across the western world have not occurred nearly as quickly as many had expected. Especially given that biometric solutions have been shown to significantly improve security, create a frictionless customer experience, enable more effective multifactor authentication, and reduce costs by removing the need for other, more costly access credentials which can be lost, and shared or stolen.

Introducing Expert Doug O’Gorden

The sound quality in this video received connection issues, please add captions.

To help us understand the future of biometrics, we recently spoke with Doug O’Gorden. Doug is the Director of Digital Media and Events at FindBiometrics and Mobile ID World, two of the leading authorities on using and adopting biometrics in the United States.

As part of his current role, Doug O’Gorden spends a significant amount of time attending conferences across the world and speaking with Government officials regarding the use of Biometrics. According to Doug, the recent global pandemic brought about the most significant global shift in the perception around the use of biometrics, and technology in general, since the launch of the iPhone.

“During the pandemic, my parents learned how to bank online. My mom’s now using her mobile phone to take pictures of her new dog to show us. If I were to give you an appropriate metaphor, we’ve gone from the Flintstones to the Jetsons in a very short time,” states Doug.

And yet, despite this shift towards the use of biometrics, primarily driven by a desire for touchless solutions, Doug explains that the effective rollout of biometrics is still hampered in many areas across the US due to the introduction of the Biometric Industry Privacy Act, more often referred to as the BIPA law, in the state of Illinois in 2008.

Doug explains, “The Biometric Industry Privacy Act has resulted in over 1500 lawsuits in the US – the largest of which involved Facebook, resulting in fines of around 650 million USD.”

According to Doug, a simple Google search for BIPA Law will give one a good overview of the situation. However, in short, most BIPA lawsuits have arisen due to people and organisations not following the rules around the use of biometrics in either their plant or office. “They didn’t establish consent with their employees to enable the company to use biometric technology (largely fingerprints) for purposes such as monitoring and recording time and attendance in the workplace.

7 step checklist of deploying biometrics

To help organisations, Doug and his team have developed a checklist involving seven steps to assist in deploying biometrics.

“The checklist is centred around who, what, where, when, why? The most important thing about that checklist is ensuring that you’re collecting that data for a certain reason, holding that data for a certain amount of time, and telling that employee what you’re doing with the data. The biggest issue we find is that of consent and ensuring that the employee has a good understanding of what you are doing with their biometric data, why you are doing it, where you are using and storing that data as well as how and when you are using it.”

“There is a term we use in the US called ‘Buddy Punching’, which refers to clocking your friend on or off a shift at work. Many organisations introduced biometrics to eliminate this issue but, in doing so,  failed to provide staff with the who, what, when, where and why of how that biometrics data was used. That is one of the most important lessons that a country like Australia can learn from our experiences.”

Of course, many of the concerns around the use of biometrics, not only in the US but across the globe, are still fueled by misconceptions about how different types of biometrics work.

“There is a great show titled Coded Bias, available through Netflix, which is a one hour show on facial recognition and data privacy.  The show does an excellent job of explaining some of the challenges around biometrics. In short, a study referenced in the show demonstrates that older forms of facial identification had challenges with regard to ‘racial’ bias or ‘colour’ bias. In short, the systems were not as accurate for certain nationalities, skin tones and even genders. However, that no longer appears to be the case.  However, at the time, these inaccuracies gave rise to concerns regarding potential discrimination against particular groups. There was no suggestion that it was deliberate. Yet it still resulted in possible problems.

“The real challenge now is that even though those biases and other issues around accuracy have been addressed, and we now have systems operating at 99%+ accuracy across all genders, races and skin tones, the laws have not kept pace with the technology. We are still seeing the use of facial recognition being outlawed in certain states because of laws enacted 14 years ago. In technological terms, that is many generations ago.”

According to Doug, these laws, which prevent the use of biometrics like facial recognition, are in direct contradiction to the findings of many government departments and law enforcement bodies who found that, during the two years of the pandemic, when the use of facial recognition was suspended due to the use of masks, statistics unsurprisingly showed a significant increase in crime.

This has not only led many in government across the US to push to have the BIPA law changed, but it has also resulted in a more significant push towards the digitisation of information. From a law enforcement perspective, this makes it much easier for police and government agencies to identify potential perpetrators. It also makes it much easier for organisations to enhance customer experience. By digitising information, customers can quickly and easily find information on how to use a product or service. And when a customer has a bad experience, it is much faster to authenticate and identify people to help resolve an issue and achieve a positive outcome using new biometric technologies. For example, if an alarm is going off during an event, many people might find this incredibly stressful, resulting in one forgetting a password or PIN code. However, a fingerprint or facial recognition scan can be conducted by relying on the customer to remember data.

Doug explains that, as technologies like facial and fingerprint recognition grow in capability and acceptance, we are also seeing new forms of biometrics making their way into the market, such as voice biometrics, which can also be used to identify a person based on the way he or she breaths, the way your teeth chatter when you’re talking and so on. Other emerging forms of biometric identification include iris or retinal scanning.

“These are not particularly new biometrics, but they are being used in new ways”, explains Doug. “For example, Elon Musk is using iris recognition to turn on a Tesla. By looking into the rear view mirror of your car, you can now start your car. So it’s limitless. I lay awake thinking of all the neat applications for all kinds of new biometrics … the solutions are endless.”

What is the future for biometrics?

In closing, I asked Doug where he sees all the new biometric technology heading.

“I believe that in the next decade, each country, in the western world at least, will begin to roll out and adopt digital identification. That, to my mind, will be the next big watershed moment. That mobile ID will be based on some form of biometric such as a facial scan, fingerprint, or possibly both. Everything from your driver’s license to your medical records, banking, tax, employment, and education will eventually be linked to that digital ID.  This will give rise to questions about who gets in? Who accesses it? How long is it there? That, in my mind, will be the culmination of biometric identification.

“Furthermore, I believe that within the next three to four years, the use of biometrics to access everything from opening doors to accessing your computer will be normalised. Let’s see how accurate I am when we talk at the Security Expo in 2026.”

You can find the checklist for successfully rolling out biometrics that Doug mentioned earlier at findbiometrics.com. Mobile ID World (mobileidworld.com) is all about the mobility of identification, which will be huge.

If you haven’t already register now online for the Security Exhibition and Conference to hear more about how biometrics have become part of our everyday.