As some of you know one of my professional area’s of expertise involves biometrics. I’m not at liberty to discuss some of the details but I can talk about things in general. The “Intelligence Reform Legislation” recently passed and signed into law by the Feds contains provisions regarding “Drivers Licenses and Personal Identification Cards.” One of the requirements will be that states issue drivers licenses with biometric identifiers. They are required to come up with some standard for this within 18 months. Some states already have biometric requirements but my understanding is that they are all failures for even their original intention and are easily defeated by someone with half a brain. Our congress critters may not realize it but they may have just mandated something that isn’t currently possible and potentially never practical. Sort of like legislating that PI equal three point zero or repealing the law of gravity.
About a year and a half ago at a biometric conference I heard someone tasked with the problem of solving this problem explain all the difficulties they were running into. My impression was they had insurmountable problems and were begging for help from the technical community. As I follow the field from the technical side pretty close I don’t believe we have made any significant technical progress in the areas that matter to them. What I expect they will end up with is nothing much more than a signature and a photograph–which is what we currently have and are easily defeated by the sort of people the legislation is claimed to aimed at.
Let me explain the meaning of ‘defeat’ and ‘success’ in the context of biometrics. There are more than one reason for identification efforts. In general those reasons are:
- Identity validation. Is this the person who they claim they are? Your bank validates identities before withdrawals from your accounts.
- Watch lists. Is the person in front of me wanted for a crime or deserving of special attention?
- Uniqueness. Is the person in front of me “double dipping” into some sort of benefit or generating a duplicate ID to avoid a watch list?
These three different reasons for identification present drastically different technical problems. Identity validation is pretty easy. The PIN number for your ATM card does a pretty good job of accomplishing that task, but is worthless for watch lists. Signatures and photo generally work pretty good for validation too.
The watch list problem is a lot tougher and may be insolvable. Here you may have 100,000 people that you want to “watch” and who almost for certain are actively trying to defeat you. Another problem is that as you examine each unknown person, say at an airport check in line and compare each of them to “the list” you end up generating a lot of false positives. Particularly if you make the ‘threshold’ loose to catch people that might be trying to trying to not get caught. Those false positives end up being “unhappy customers” at the airport or at whatever “checkpoint” you are maintaining. There are only two technologies that have much hope of working here–fingerprints and irises (NOT retinal scans–no one does those anymore). Fingerprints are easily obscured by soaking them in bleach the night before and irises can be obscured by designer contacts or by the person faking being blind with no eyes. The rate of people having duplicate (close enough for the computer to confuse them) irises is about 1 in 200,000. The iris identification vendors have papers out there claiming duplicate error rates on the order of 1 in several billion but it’s pretty easy to demonstrate they have some bad assumptions and as the empirical data comes in it appears to be closer to one in 200,000. Therefore if you have a watch list of 100,000 and you are only looking at irises you generate a false positive with about every other person at your check point. And the other problem is how to “enroll” the people on the “watch list”.
The uniqueness problem is probably insolvable without DNA and even then you have identical twins to worry about. And contrary to what you see on TV and in the movies DNA takes a lot longer than a few seconds or even minutes to compare. And then think of the problem if you have say 300 million people in your database of valid drivers in north American and you need to compare the person in front of you to that entire list to see if they are trying to get a duplicate drivers license under another name. How many CPU cycles does it take to compare one fingerprint or iris scan to 300,000,000 others? Keep in mind you have retrieval time issues with those 300,000,000 existing identities as well. It’s a LOT of CPU time to do that and you have a LOT of people applying for new drivers licenses each day.
Those are just some of the technical issues involved. Other issues involve maintenance of the databases. If the prevention of terrorism is the objective for more secure “driver’s licenses” our congress critters are deluding themselves about the efficacy of this. Thousands of people will have “write access” to the database and are subject to “conversion”, bribery, extortion, blackmail, and simple greed. A determined adversary will not have a problem getting a valid ID.
The bottom line is that the cost will be enormous the gains almost non-existent.
Here are more thoughts on the whole national ID idea and why it won’t work and may actually make us less safe.