Overview of the Last Article

Our last article reviewed what is deemed to be the “most stable Biometric of all”-Iris Recognition. This modality actually has its originations back in the late 1970s. There was only one vendor at the time, known as Iridian Technologies. Essentially, they manufactured the hardware, namely the Iris Capture device and all of the aperture that came with it.

But, the actual mathematical algorithms used to power an Iris Recognition system were actually developed and created by a famous computer scientist known as Dr. John Daugmann, of the University of Cambridge (based in the United Kingdom).

Throughout this time period up until the last decade, Iridian Technologies held the monopoly on the Iris Recognition market. As a result, there was little accomplished in the way of research and development, and further innovations. Because of this, the devices were bulky, and quite expensive, which thus triggered a very low adoption rate.

But, once the patents on both the hardware and the mathematical algorithms, the levels of research and development took off, and a plethora of new vendors evolved. From here, the technological advances made to Iris Recognition proliferated in different areas, which include the following:

  1. The miniaturization of the technology, to the point now that it can be directly used on wireless devices, such as Smartphones to confirm the identity of the individual using it;
  2. Different types and more robust algorithms have been developed, which can now be used to focus on different parts of the eye which are associated with the iris. The best example of this using the unique blood vessel found in the white of the eye, also known as the “Sclera”;
  3. The ability to capture the iris image of an individual from a very far distance, and even amongst a group of people as well, while they are in motion. One of the best market applications for this is at the international airports, where an Iris Recognition device can capture the images of the eye from as far as 20 feet away.

Regarding its stability, the Iris is considered to be an “internal” organ of the human body, unlike the hand or the finger. Because of this, the Iris is not subject to the harshness of the external environment, unless something catastrophic happened to it.

Also, the structure of the iris hardly ever changes over the lifetime of an individual, unless he or she is afflicted with a serious ailment, such as glaucoma. Scientific studies have even shown that identical twins possess a unique iris structure.

At this point, we have reviewed all of the Biometric modalities, from both the Physical and the Behavioral technological standpoints. In this article, we now explore yet another critical aspect-its social implications.

An Introduction to the Social Implications of Biometrics

Imagine if you will, a spectrum of all of the security technologies which are out there. This includes anything and everything, ranging from both hardware and software. For instance, this would involve such hardware devices as Network Intrusion Devices, Firewalls, Routers, Smart Cards, Proximity Devices, FOBs, etc. Regarding software, this would include patches, upgrades, antivirus/antimalware/antispyware mechanisms, etc.

When these items are deployed and installed, there are no questions asked (unless of course, they are not functioning properly) about its impact to the end user. It is assumed that they will do their job, and prevent against Cyber-attacks from occurring.

But, when Biometric Technology is included in this spectrum, it often gets questioned, not from the standpoint of its ability to fortify the lines of defense of a business or a corporation, but its impacts to the end user.

Why is this being so? Why is the individual so concerned about what happens when their iris or fingerprint is scanned? The primary reason is that it is a piece of our physiological or behavioral which is being captured. We have no control over this, and in fact, to the average citizen, he or she does not understand how this information is being processed by the Biometric device.

In reality to them, it is like a black box, garbage in and garbage out, with no understanding of what happens in between. As a result, this has greatly hampered the acceptance of Biometric Technology, especially here in the United States. But in sharp contrast, there are other geographic regions in the world where Biometrics is widely accepted, especially those in the lesser developed nations.

The Acceptance Rate of Biometrics in the United States vs. the Underdeveloped World

If one were to look at the overall macro trends of Biometric technology on a global basis, there is a very noticeable and discernable finding: The adoption rate of Biometrics tends to be much lower here in the United States than other geographic segments of the world, especially those of the developing nations. Why is this the case?

As United States citizens, our fundamental rights as individuals are protected by the Constitution. Meaning, we have guarantees that we will be counted as unique individuals in the eyes of our own Federal Government. If some reason we are not, then at least in theory, there are certain types of legal recourse that we can take for us to be recognized.

Because of this, if there is something that goes against our belief system, we can easily claim that it is a Constitutional violation of our Privacy Rights and Civil Liberties.

This is the main crux where Biometrics has its issues, regarding social acceptance. In general, the claims of Privacy Rights/Civil Liberties violations fall into three general categories:

  • Anonymity:

    For the most part, the American population holds the belief that when we register ourselves into a particular Biometric system (more specifically, going through the Enrollment and Verification processes), we lose our total sense of anonymity. To a certain degree, this is true. This is because our Biometric Templates is often associated with some sort of ID number, so it can be easily referenced and queried for in the database. In other words, to a Biometric system, on a technical level, it will never recognize an individual anonymously. As American citizens, whenever we feel uncomfortable about a circumstance or a situation, we like to claim our right to remain anonymous. This option is simply not viable when this technology is being used for security purposes.

  • Tracking and Surveillance:

    Our article on Facial Recognition touched on some of the key aspects of why people are fearful of its use. Here in the United States, much of this fear stems of “Big Brother” watching. This is depicted from the book written by George Orwell, entitled “1984”. The primary catalyst of this fear comes from the Federal Government misusing the Biometric information and data which resides in the databases in their direct control (such as that of AFIS).

  • Profiling:

    This is probably of the biggest fears of the American public when it comes to using any form of Biometric technology. In a manner, similar to that of “Big Brother” watching, the angst-provoking mechanism here is known as the “Mark of the Beast.” This is the concern that the average American citizen will have to give up their individual being, or at least part of it, to a much higher level symbol of authority (such as that of a Federal Law Enforcement Agency).

However, the citizens of the developing nations of the world (such as those in Africa and Asia) barely even have a Constitution (or other similar document) in which their rights are afforded. As a result, they are not even counted as unique individuals in the eyes of their own governments.

But, by using Biometric Technology, there is now to a certain degree, irrefutable proof that the citizenry in these countries does actually exist. As a result, the respective governments now have to recognize this fact and count these people as unique beings.

Thus, the adoption rate of Biometrics is much higher, because it is giving these people new hope in having freedoms and rights that we take so much for granted here in the United States.

The Overall Perception of Biometrics

One of the biggest factors that affect the social acceptance of Biometrics is the overall perception which is held as to how a specific modality looks like and appears at first sight. This topic actually fits into a scientific realm of study known specifically as “Human Factors.” This can be loosely defined as “. . . the scientific discipline concerned with the understanding of the interactions amongst humans and the other elements of a system . . .” (SOURCE: 1).

In the Biometrics industry, especially here in the United States, there is enormous pressure on the vendors to create the fastest and the most robust mathematical algorithms possible. Usually, much more emphasis is placed on speed, rather than placing equal, if not more emphasis as to how the end user will initially perceive a Biometric system and how they will interact with it.

In other words, the Biometric vendors are much more concerned about the theoretical aspects of a particular modality which they are designing, such as the metrics and KPIs against which it will be evaluated against.

Much less emphasis is placed on determining how easy it will be for the end user to complete both the Enrollment and Verification processes with this modality. Also, very little thought is usually given as to how the external factors from the outside environment will affect the end user perception of the device.

Thus, it is very important for the Biometrics industry to keep in mind that while achieving faster Enrollment and Verification times is critical, it is just as important to take into account the Human Factor variables as well when developing and creating a new Biometric Modality.

There is now a recent movement to adopt this two-pronged approach, and it is defined as the “Total Biometric System Performance.” It is defined as the “. . . integration of Biometrics into broader processes and should be borne in mind when considering the development of such applications”. (SOURCE: 2).

Function Creep

As it has been stated before, the primary objective of Biometric technology is to provide a means in which to confirm the identity of an individual based on their unique physiological or behavioral traits. There is a lot of information and data which goes into the process of meeting this specific objective, and this type of metadata are stored in the databases in either the modality itself or a server.

But, there is also that chance that all of this could be used for other tangential security reasons, either intentionally or unintentionally.

This scenario of actually occurring has caused a great fear amongst the American public because it will never be known to them if their respective Biometric Templates will be used for other covert reasons. This phenomenon is known specifically as the “Function Creep.”

This is also known as a spillover effect, and it can be specifically defined as “. . . the expansion of a process or a system, where data is collected for one specific purpose is subsequently used for another unintended or unauthorized purpose” (SOURCE: 3).

For example, if a Fingerprint Recognition system was being used in a Physical Access Entry application at the main point of entry, the same Biometric Templates could also be used for same individuals at another point of entry.

Ethical Hacking Training – Resources (InfoSec)

Although the management team may view this as being advantageous, regarding a being a cost savings move, the repercussions that exist from this covert usage can be detrimental, if the end user population discovered this.

The Function Creep phenomenon can arise from three different sources:

  1. An Absence of Policy:

    A formal lack of a security policy that details how Biometric Templates and their corresponding metadata can be used is probably one of the biggest reasons why Function Creep exists in the first place. After all, without a system of accountability in place, the urge to misuse the Biometric Templates and use them covertly for other applications can be very strong.

  2. An Unsatisfied Demand for a Particular Business Function:

    Using the example of the Fingerprint Recognition system, there are times when this modality will simply not perform up to its expected performance standards and respective KPIs. As a result, the management team of the corporation or business will want to replace this modality with a newer one. But rather, than deleting the old Biometric Templates from the earlier modality, and having the employees re-enroll again with the new modality, there will be a strong tendency to just literally “recycle” the old Biometric Templates into the newer system. This example of covert usage is also known as “Unsatisfied Demand” because the older modality did simply do not operate to what promised by Biometrics vendor.

  3. The Slippery Slope Effect:

    This kind of trend can occur in one two ways. First, the Function Creep can transpire very slowly, over an extremely long period of time. This could happen as a result of minor changes or “tweaks” being made to the specific modality at a gradual pace. Second, the Function Creep can happen just all of a sudden. This type of specific instance is rare and only occurs when the stakeholders involved in the original procurement and deployment of the Biometric system have an ulterior motive or hidden agenda in place.

Conclusions

In summary, this article has reviewed some of the major social implications of Biometric Technology. There appears to be more of a negative perception of it in the developed countries (such as the United States) when compared to the developing nations, for reasons previously cited.

There have been efforts to close this widening gap, by developing and implementing a system of standards and protocols which can be used worldwide.

But in the end, it all comes down to how the end user perceives a Biometric Modality. If from the outset there is resistance to it, there is very little that can be done to change the mindset of the end user population. All that can be done is to provide an extensive training program in which to enhance the acceptance of it.

Even though the growth rate of Biometric Technology is expected to increase overall in the coming future because of the threat of Cyberattacks, the social implications which are associated with it will never change. The public will always keep questioning the merits of Biometrics, which to a certain extent is good.

But if carried too far, it can greatly impede its overall acceptance rate and even have a deteriorating effect on the benefits it brings.

Sources

  1. Licht, D.M., Polzella, D.J., and Boff K. Human Factors, Ergonomics, and Human Factors Engineering: An Analysis of Definitions, 1989.
  2. Maghiros, I., et al. Biometrics at the Frontiers: Assessing the Impact on Society, 2005.
  3. Stewart, T. Biometrics and the End User Experience, System Concepts, 2015.
  4. http://www.iss.it/binary/publ/cont/STAMPA%20ANN_07_02%20Mordini.1180428288.pdf
  5. http://www.statewatch.org/news/2005/apr/jrc-biometrics-julian-ashbourn.pdf
  6. http://ftp.jrc.es/EURdoc/21585-ExeSumm.pdf
  7. http://dataprivacylab.org/TIP/2011sept/Biometric.pdf
  8. https://researchweb.iiit.ac.in/~vandana/PAPERS/BASIC/biometric_challenges.pdf
  9. http://www.fidis.net/fileadmin/journal/issues/1-2007/Biometric_Implementations_and_the_Implications_for_Security_and_Privacy.pdf
  10. http://www.bromba.com/knowhow/ARW_Bromba_1110.pdf
  11. http://www.cssc.eu/public/EACME%20ANNUAL%20MEETING%20ppt.pdf
  12. https://www.privacyinternational.org/sites/default/files/Biometrics_Friend_or_foe.pdf
  13. http://www.datacivilrights.org/pubs/2015-1027/WDN-Biometrics.pdf
  14. https://pdfs.semanticscholar.org/055a/24447a6563ce1fd6ca536843183ed7d04bfc.pdf
  15. https://www.accenture.com/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_9/Accenture-Biometrics-Privacy-Positive-Match.pdf
  16. http://www.ajol.info/index.php/sabr/article/viewFile/76395/66853
  17. http://etheses.lse.ac.uk/181/1/Martin_Envisioning_Technology_through_discourse.pdf