4 Biometrics, identification and verification
4.1 Data and biometric data
Developing alongside the various e-government projects around the world are many biometric systems for authenticating identity. Governments have traditionally had a stake in the authentication of a citizen's identity through issuing passports, driving licences and other so-called identity documents. However, this is yet another area where IT is having a transforming effect, perhaps not to everyone's liking:
At America's insistence, passports are about to get their biggest overhaul since they were introduced. They are to be fitted with computer chips that have been loaded with digital photographs of the bearer (so that the process of comparing the face on the passport with the face on the person can be automated), digitised fingerprints and even scans of the bearer's irises, which are as unique to people as their fingerprints.
A sensible precaution in a dangerous world, perhaps. But there is cause for concern. For one thing, the data on these chips will be readable remotely, without the bearer knowing. And – again at America's insistence – those data will not be encrypted, so anybody with a suitable reader, be they official, commercial, criminal or terrorist, will be able to check a passport holder's details. To make matters worse, biometric technology – as systems capable of recognising fingerprints, irises and faces are known – is still less than reliable, and so when it is supposed to work, at airports for example, it may not.
The Economist (2005)
In this section we shall look at some of the techniques and issues related to the authentication of identity using biometric data.
Biometric data is derived from distinctive bodily features. Examples are fingerprints, photographs, iris patterns, and so on. 'Biometric data' also covers data derived from characteristic behaviours or gestures, for example signatures or vocal characteristics. Converting this data to digital form allows it to be processed automatically by computers. This is a distinct change from older methods of identification which depended on a good deal of human inspection (for instance, visual inspection of fingerprints). Biometric data is increasingly incorporated into passports, driving licences and other identity documents.
Whatever method of identification is used, comparison of one piece of data with other data is involved. For instance, in criminal investigations, fingerprints collected from the scene of a crime are checked against records of fingerprints from known criminals.
For an identification system based on data comparison to work, there must be authoritative samples of data, from known individuals, to compare with. The bank of fingerprints held by the police is a collection of such data. But two specimens of data from the same person are hardly ever identical – for instance, the signature I write on a cheque is not identical to the one on my cheque card. Whether my cheque card confirms the signature on my cheque is a matter of judgement.
In the following pages, I would like you to keep in mind these two essential components of identification systems:
Authentic data, known to be associated uniquely with a particular individual, is required for comparison.
Reliable methods are required for comparing pieces of data and for deciding whether they are from the same person.
We shall look more closely at the implications of these requirements shortly, but first I should say a little more about what I mean by 'data' in the context of identification systems.