As deployment of biometric technology becomes widespread, Illena Armstrong wonders if the interest is truly genuine.
Recent developments in biometric technology are proving that the likes of fingerprint, iris and facial recognition security systems are not just reserved for Hollywood movies, such as the recent blockbuster Minority Report. The biometric industry is continuing to gain the confidence of a wider audience and re-ignite a long-standing interest in the technology. Critics, on the other hand, wonder if the industry is in the midst of a boon or boondoggle.
Indeed, more uptake of biometrics is happening, but these identity verification tools continue to face impediments to widespread deployment. While biometric technologies have certainly moved from what industry experts sometimes refer to as "science fiction to science fact," hesitancy from executives still exists.
Market research and statistical data support both camps. Analyst Prianka Chopra of Frost and Sullivan, a consulting and training company, says that the biometric market reached $66 million worldwide in 2000, and is expected to generate around $2 billion by 2006. Yet, alongside these glowing figures, a December 2002 CIO survey conducted by the Merrill Lynch Global Securities Research and Economics Group showed that only 14 percent of CIOs questioned planned to "renew or purchase" biometrics in the next 12 months. Some 70 percent of these CIOs had no plans to deploy any such tools over the course of this year.
Though these latter findings were reportedly based on a survey of 50 CIOs, they reflect other research firms' conclusions, such as those from Allied Business Intelligence, Inc. (ABI), that reservations about the feasibility of biometric deployments remain.
Laying the playing fields
"Biometric technology has been slow to be deployed due to [immaturity] and lack of knowledge of how best to [use] it to solve real world problems," says Bernard Bailey, president and CEO of Viisage, a vendor of facial recognition solutions. "However, as the technology and appropriate applications have evolved, successes are growing in the marketplace - specifically in the federal, state and local government sectors, as well as in law enforcement."
In addition to these markets, Frost and Sullivan's Chopra says that biometrics is getting more attention from the financial and health care markets. She points out that besides uptake from companies in particular sectors, specific biometric applications are helping to advance purchases as well.
"While access control will continue to lead application market share, network security is the emerging application for the future," she adds. "Strong growth will be based on the need of corporations, government agencies and the military to forestall attacks on information systems and protect confidential data."
Biometric solutions are finding places in various industries, proponents argue, due to a litany of reasons ranging from ease of use to stronger security.
NEC Security Solutions' Carl Gohringer says that the convenience of biometric systems for end users in not having to remember to carry ID cards or recall passwords for multiple systems is certainly a huge driver in adoption. The need to positively identify or verify people entering businesses or accessing systems is another driver pushing biometric deployment further, he adds.
"The world is more security conscious. Systems are much more secure than they have been in the past. However, one of the weakest links has been in positively identifying the users who access the infrastructure," he explains. "Passwords have inherent weaknesses that biometrics have overcome. Using a biometric, you can absolutely identify who is accessing your systems."
In spite of these frequently touted benefits, like any other security technology vying for top position in the market, a "defining moment" that showcases its primary advantages is often needed, says Michael Rohleder, executive vice president, Strategic Licensing, Ultra-Scan Corporation. For the biometric industry, that moment was 9/11, he notes, "when the government and corporate America realized that the current system for recognizing and validating identification was simply not reliable enough."
ABI's 2002 Biometric Systems: Worldwide Deployments, Market Drivers, and Major Players report, forecasts a less rosy picture for the overall biometric market compared to Frost and Sullivan's predictions, noting that the industry will hit $735 million by 2006. Senior analyst John Chang states in the research group's Biometric Industry Report, that even though there is an increased awareness of government biometric deployments and a fairly wide recognition that such systems work, these factors have not turned into strong revenue for vendors just yet.
ABI's research also indicates that any cost savings gained from implementing biometric tools for, say, access control to buildings or networks, may be offset by a requirement to provision a system after initial deployment. According to Chang, for corporate executives, it is far from a question of paying for just the equipment itself, but also for its ongoing support.
Cost, also often cited as vastly improving in recent months, remains another major reason why many companies decide to avoid biometrics. While such systems can provide an ROI in certain configurations, companies often still view biometric deployments as more costly than other authentication methods.
"Despite the declining prices over the past few years, which have spurred higher levels of demand, biometric technologies have remained expensive compared to alternatives, such as card-based systems," says Frost and Sullivan's Chopra. "However, superior security capabilities will give biometric technologies the edge over substitutes."
Nonetheless, Chang points out that even though widespread privacy and security concerns may be spurring on a strong argument for biometric solutions that verify identity for virtual and physical access, some people may still have concerns about privacy.
For his part, Rohleder of Ultra-Scan believes that lingering privacy concerns are no more of a hindrance than those that users might have about any other security or authorization methodology. And, anyway, biometric vendors have to concern themselves with more basic problems and perceptions associated with these systems.
Tackling identity theft
There have been sizable biometric system deployments in recent months. For instance, some seven states have opted to use Viisage Technology's facial recognition solutions during the past year to stave off identity theft. More than 30 million driver's license images are facial-recognition-enabled, so that these seven states' Departments of Motor Vehicles can more quickly and accurately uncover cases of identity theft or fraud.
Another vendor, ImageWare Systems, Inc., recently extended its agreement with the Seattle-Tacoma International Airport to add advanced biometric and smartcard capabilities to the airport's existing ID system for secure access control. Meanwhile, Iridian Technologies recently announced the deployment of iris recognition cameras in the school district of Plumstead, New Jersey, to help improve school safety by controlling admission to buildings. And, Saflink Corporation, a biometric security solutions integrator and developer, with the help of SecuGen fingerprint sensors, contracted with Blue Cross and Blue Shield of Rhode Island last year to offer up fingerprint access for employees to safeguard patient medical records and other critical corporate data.
Other leading vendors all have their news of customer wins in the U.S., Europe, Asia Pacific and other regions to share. Indeed, proponents of biometric technologies would argue that the list of recent biometric deployments could certainly go on and on. However, many of these deployments are far from tackling a pool of millions of potential users - a massive undertaking, says Charles Wilson, manager of the Imaging Lab in the Information Access Division of NIST's Information Technology Lab.
Testing times for technology
Certainly, in his mind, there is no larger test of biometric technologies' viability currently being undertaken than by the U.S. Commerce Department's National Institute of Standards and Technology (NIST). The group is testing facial and fingerprint technology to use in developing standards and interoperable databases to support "machine-readable, tamper-resistant travel documents." The program is supposed to help accurately verify and/or identify people coming into and leaving the U.S.
Tasked by Congress' U.S. Patriot Act and the Enhanced Border Security Act, NIST scientists, in conjunction with the State and Justice Departments, have been studying what biometric tools would best verify the identities of people applying for U.S. visas/passports or using these documents to move across U.S. borders. These groups are supposed to submit a report to Congress detailing what actions will be necessary to get such a biometric verification system up and running by October 2004. The ballpark figure to deploy such a far-reaching system is around $3.8 billion.
Recently, the government agency released findings that show a combination of fingerprint and facial technologies would be the best option to secure U.S. borders. NIST measured fingerprint performance using an Immigration and Naturalization Service (INS) database of 1.2 million prints of 620,000 individuals. Meanwhile the face recognition vendor tests (FRVT) 2002 measured facial recognition abilities of 10 vendors using the Department of State's database of 121,000 images of 37,000 individuals.
NIST's Wilson says that to reach the security goals put forth by Congress, the government will need to launch the combination biometric system to ensure that of the some five million people that cross the U.S. border, only those with legal permission to enter do so. Blending biometric capabilities will simply bolster security, especially given the fact that no system is 100 percent.
Fingerprint technologies have about a 98 percent accuracy rate. The two percent that misfires is usually due to the friction levels of the fingerprints and not the technology itself, he says. As for facial recognition tools, accuracy is high when the face is uniformly illuminated, when it typically experiences a mere one percent failure rate. However, in outdoor lighting accuracy rates drop to 80 percent.
In other words, while biometric technologies have drastically improved, no one form is a "panacea," Wilson says. And, even though heightened government interest in these tools might be substantiating biometrics for private organizations, the main buyers will probably still be government agencies for the next four to five years, contends Wilson. Given the economic situation, private entities will need some pretty compelling reasons for attempting to use biometrics. Yet, various government initiatives will only push the private sector to continue to take a harder look at the market.
In addition to government agencies' tests or deployments of biometrics providing more credibility to this previously viewed science fiction technology, experts contend that the establishment of the BioAPI standard helps, too.
The BioAPI Consortium created the open industry standard to enable software applications to communicate with a wide variety of biometric technologies. The goal is to overcome interoperability issues that often plagued the adoption of biometric technologies in the past. Integration capabilities will only boost the future growth of biometric, notes Frost and Sullivan's Chopra.
Won Lee, president and CEO of SecuGen Corporation, says standardization had always been difficult to achieve during the early stages of biometrics partly because so many vendors were vying for dollars.
"There was no clear-cut demand for a particular type or maker of biometric, and the experience of users was not widespread enough to define a universal standard," he says. "But recently, the landscape has changed: more trials (and errors) have occurred; fewer biometric technology providers remain; development and deployment rates have grown more slowly than expected."
Following the trends
As a result, a couple of trends have recently emerged. First off, he says, "companies who provided hardware and software have now focused only on software that is interoperable with different makes of hardware." And, secondly, remaining companies are cooperating - they want to "share the technology that has 'survived' the rigors of real-world usage."
Now what needs to happen is for executives to understand that the adoption of biometrics will act as a business enabler. Many already understand that in some instances biometric solutions can offer up a sound ROI and that such tools provide stronger security of critical information and premises, he notes. If a company has a critical application that desperately calls for biometrics, it will likely look to a vendor for help.
But, if organizations feel they are facing sustained financial trouble during a waffling economy, they will continue to "live without biometrics," says Lee. "Their top priority is to remain viable."
Illena Armstrong is U.S. editor of SC Magazine.