Biometrics are a set of physical and behavioral characteristics which can be used to identify an individual, either for allowing access or for spotting someone in a crowd.
For the purpose of this article, we’ll leave (most of) the surveillance state out of this and talk purely about accessing smart, connected devices, or regulated, high security environments.
Each of us has a unique configuration of valleys and ridges in a swirl pattern at the tips of our fingers. They are distinct to us and their key components rarely change over time.
Use of fingerprints to identify criminals began in the 1880’s as law enforcement embraced the science. It’s the oldest form of biometric data and largely considered the most reliable over time predominantly because of the amount of data collected by law enforcement to solve crimes.
In the last two decades, the distinction between governments collection of data for security, and corporate use for the same has become increasingly indistinguishable, as pointed out by David Lyon, a sociologist who directs the Surveillance Studies Centre.
Newer consumer products are giving users the opportunity to secure their device with biometric security. Apple’s iPhone incorporated Touch ID and Face ID into its operating system allowing people to open their devices without using a passcode.
It works by collecting and assigning thousands of “points of interest” which create a distinct pattern. That pattern is stored as a distinct encoded signature which, when verified can grant access.
Fingerprint recognition is considered highly reliable for personal identification on consumer devices.
Unless something dramatic happens to the finger used to unlock devices, such as an injury that alters the configuration of valleys and ridges on the tip of the finger, this form of biometric identification is also sustainable over time.
Out of 10 it ranks a solid 8.
It works by collecting and assigning 100’s to 1000’s of “points of interest” to your face as you move a camera 180° up and down, side to side. These point sets form a signature specific to the user. Once assigned and stored, the device can compare a sliver of data, any angle of your face, against the points in your signature. Once there’s a match, voila, access granted.
Facial recognition is excellent for securing high-sensitivity work environments, like laboratories, advanced clearance computer terminals or networks, financial institutions, and many other settings. Advanced systems have moved beyond simply comparing still images to working from video datasets as well.
While largely considered effective for expressionless faces, “a big smile can render the system less effective.” “Hackers” have also created everything from masks to creative clothing which foil surveillance systems.
Out of 10 it ranks a 6.
This is often confused with Retina Recognition (covered next) because both the iris and the retina live in the eye. Iris recognition typically uses pattern recognition techniques from video on both irises of a person’s eyes. Those patterns are distinct and consistent measurable without contact.
The iris is far less likely to be damaged in the way a fingerprint can be since it’s an internal, protected organ. The odds of a false-match are low. “Even genetically identical individuals (and the left and right eyes of the same individual) have completely independent iris textures.”
It works by using video cameras with subtle near infrared light readers which read and map the complex pattern in the iris. This dataset creates a unique signature, which when verified can grant access to a secure device or environment.
Iris recognition is typically used in high-security places, were the device is mounted in the wall or door. In addition, they are cumbersome and very expensive which lowers their accessibility to many potential users.
Further, some commercial readers can be fooled by a high-resolution photograph or video and subjects must be willing to be scanned; if they’re moving their head rapidly or not opening their eyes, no entry will be granted.
Out of 10 this is an 8 primarily because it doesn’t require any contact.
As pointed out above this technology is entirely different from iris recognition. While it uses distinct patterns in the eye, it’s mapping the complex array of vessels which exist in the retina.
The retina is a thin tissue of neural cells that can be found behind the eye. This web of capillaries that supplies the eye with blood is unique in every person, including people with matching DNA (twins, triplets, quadruplets…, octuplets).
Retinal readers require the user to bring their eye very close to a reader, much like looking into a microscope. So, this technology is not touch-free.
While retina scanning has shown 0% false positives over time, it is possible that eye problems like cataracts and astigmatisms can foil a reader, and even more concerning is data suggesting that regular use can cause damage to the eye.
Out of 10 this technology is a 7.
Palm Print Recognition
Essentially fingerprint recognition but extended out to the entire palm. It collects points of interest which “combines ridge flow, ridge characteristics, and ridge structure of the raised portion” of the skin.
It’s either a broader data set with a greater potential of matching points, or a ‘minutae’ print is taken from the overall set and used as a matchprint or signature. For detection work it can be very helpful. For security purposes it is often used militarily, in high-security laboratories, or high value financial institutions.
Limitations in livescan technologies and computing capabilities have slowed the adoption of palm print technology in commercial uses. For personal devices a palm scanner is hardly practical.
Out of 10 this is ranked a 5.
Police detectives have been using this technology for centuries relying heavily on canine assistance as computers hadn’t evolved the skill until recently.
It works on, “the fact that virtually each human smell is unique. The smell is captured by sensors that are capable to obtain the odor from non-intrusive parts of the body such as the back of the hand or armpit.”
While diet and health can impact odor, research points to a unique signature which can be identified at close range.
“The field of odor biometrics may be useful for individual authentication but is not well suited to mass surveillance,” says Elise Thomas in Wired. An abstract
As a security technology this is fairly new and underutilized making it an anemic 5 out of 10.
Voice recognition is often referred to as a “voiceprint” or the distinct signature each voice contains, “determined by the unique biological factors that, combined, produce a voice.”
This is also a contactless modality which makes it preferable in an era of social distancing and contactless interactions.
While Speech Recognition tools like Siri, OK Google, and Cortana have become commonplace on smartphones, some applications are adding Voice Recognition for access, like USAA has combined with face recognition to provide security for their customers.
As a behavioral metric similar to gait or handwriting, reliability is low as behaviors can change over time. Additionally, some readers have been fooled by high-resolution recordings.
Standalone, voice recognition ranks a 6 out of 10. It’s an 8+ when combined with an additional mode.
Using the heartbeat as a password has been a subject of debate and research for some time. Many fingerprint readers incorporate a pulse sensor to verify life. But as some security experts have posited, this, “seems especially problematic. ‘I’m sorry, but we can’t access the patient’s health records because he’s having a heart attack.’”
Pulse readings can be used to develop a signature which allows access but when combined with other biological indicators its effectiveness increases dramatically. Lasers detecting your heartbeat and microbiome are already being developed to read a combination of signals and form a distinct signature from the entire data set.
This technology rates a 5 out of 10.
Another behavioral metric is gait recognition. While gait analysis got its start in medicine it was later folded into greater surveillance efforts for identifying suspects in a crowd.
As yet it hasn’t found an application for security and identification but since you’ve read so far in this article, we’re rewarding you with this educational video of government personnel studying gait.
As an access technology gait recognition has garnered little to no use. Due to a lack of advancement and large complications with the technology, we rate gait a 3 out of 10.
In its infancy the technology hasn’t saturated the market yet however its contactless nature and ability to do more than simply allow access make gesture recognition a contender in the marketplace.
It scores a 6 out of 10, with a bullet, because this technology is on the rise.
And The Winner is…
Alone, each of these technologies has reliability issues, predominantly because biology changes over time. Security layers that combine fingerprint and pulse, or voice and iris, are bound to be more reliable. An evolving understanding of the subject is the next phase of recognition tools, where a dataset can be projected into the future to anticipate cellular degradation of the iris, or the disappearance of fingerprint ridges for daily manual laborers.
Biometrics allow us to verify our identity based on who we are rather than what we know. It decreases the likelihood of a hack or unauthorized access. It can simplify our workday and secure our sensitive information.
As the world moves further indoors and contactless interactions take priority, the technologies which provide the least friction, literally and metaphorically, will be the winners.
Advancements in biometrics is a rapidly ongoing conversation, and this topic deserves to be assessed next year, at which time we’ll provide an update.
Also, if we missed something, point it out, contact us and we’ll address it.